You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by Davanum Srinivas <da...@gmail.com> on 2005/10/18 20:24:33 UTC
Re: svn commit: r326194 - in /geronimo/trunk: applications/console-core/ applications/console-core/src/java/org/apache/geronimo/console/core/keystore/ applications/console-ear/src/plan/ applications/console-standard/src/java/org/apache/geronimo/conso
"com.gluecode.se.certs" :)
On 10/18/05, djencks@apache.org <dj...@apache.org> wrote:
> Author: djencks
> Date: Tue Oct 18 11:22:57 2005
> New Revision: 326194
>
> URL: http://svn.apache.org/viewcvs?rev=326194&view=rev
> Log:
> GERONIMO-887 keystore portlet
>
> Added:
> geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/
> geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyEntryInfo.java
> geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyStoreGBean.java
> geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/
> geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/CertManagerPortlet.java
> geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/
> geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ChangeStorePassword.java
> geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateCSR.java
> geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateKeyPair.java
> geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportCAReply.java
> geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportTrustedCertificate.java
> geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/UploadCertificateFile.java
> geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStore.java
> geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStoreEntryDetail.java
> Modified:
> geronimo/trunk/applications/console-core/project.xml
> geronimo/trunk/applications/console-ear/src/plan/geronimo-application.xml
> geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/web.xml
> geronimo/trunk/modules/assembly/src/plan/webconsole-jetty-plan.xml
> geronimo/trunk/modules/assembly/src/plan/webconsole-tomcat-plan.xml
>
> Modified: geronimo/trunk/applications/console-core/project.xml
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-core/project.xml?rev=326194&r1=326193&r2=326194&view=diff
> ==============================================================================
> --- geronimo/trunk/applications/console-core/project.xml (original)
> +++ geronimo/trunk/applications/console-core/project.xml Tue Oct 18 11:22:57 2005
> @@ -69,6 +69,13 @@
> <artifactId>geronimo-system</artifactId>
> <version>${pom.currentVersion}</version>
> </dependency>
> + <!-- Keystore dependency -->
> + <dependency>
> + <groupId>geronimo</groupId>
> + <artifactId>geronimo-util</artifactId>
> + <version>${pom.currentVersion}</version>
> + </dependency>
> +
> <dependency>
> <groupId>commons-logging</groupId>
> <artifactId>commons-logging</artifactId>
> @@ -104,12 +111,6 @@
> <version>${mx4j_version}</version>
> </dependency>
>
> - <!-- Keystore dependency -->
> - <dependency>
> - <groupId>geronimo</groupId>
> - <artifactId>geronimo-util</artifactId>
> - <version>${pom.currentVersion}</version>
> - </dependency>
> </dependencies>
>
> <build>
>
> Added: geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyEntryInfo.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyEntryInfo.java?rev=326194&view=auto
> ==============================================================================
> --- geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyEntryInfo.java (added)
> +++ geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyEntryInfo.java Tue Oct 18 11:22:57 2005
> @@ -0,0 +1,58 @@
> +/**
> + *
> + * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.console.core.keystore;
> +
> +import java.util.Date;
> +
> +public class KeyEntryInfo {
> + public static final String TRUSTED_CERT_TYPE = "trusted certificate";
> +
> + public static final String PRIVATE_KEY_TYPE = "private key";
> +
> + private String alias;
> +
> + private String type;
> +
> + private Date created;
> +
> + public KeyEntryInfo(String alias, String type, Date created) {
> + this.alias = alias;
> + this.type = type;
> + this.created = created;
> + }
> +
> + public String getAlias() {
> + return this.alias;
> + }
> +
> + public String getType() {
> + return this.type;
> + }
> +
> + public Date getCreated() {
> + return this.created;
> + }
> +
> + public boolean isTrustedCertificate() {
> + return type.equals(TRUSTED_CERT_TYPE);
> + }
> +
> + public boolean isPrivateKey() {
> + return type.equals(PRIVATE_KEY_TYPE);
> + }
> +}
>
> Added: geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyStoreGBean.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyStoreGBean.java?rev=326194&view=auto
> ==============================================================================
> --- geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyStoreGBean.java (added)
> +++ geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyStoreGBean.java Tue Oct 18 11:22:57 2005
> @@ -0,0 +1,506 @@
> +/**
> + *
> + * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.console.core.keystore;
> +
> +import java.io.ByteArrayInputStream;
> +import java.io.ByteArrayOutputStream;
> +import java.io.FileInputStream;
> +import java.io.FileOutputStream;
> +import java.io.InputStream;
> +import java.math.BigInteger;
> +import java.security.KeyPair;
> +import java.security.KeyPairGenerator;
> +import java.security.KeyStore;
> +import java.security.KeyStoreException;
> +import java.security.PrivateKey;
> +import java.security.PublicKey;
> +import java.security.Security;
> +import java.security.cert.Certificate;
> +import java.security.cert.CertificateFactory;
> +import java.security.cert.X509Certificate;
> +import java.util.ArrayList;
> +import java.util.Collection;
> +import java.util.Date;
> +import java.util.Enumeration;
> +import java.util.Hashtable;
> +import java.util.Iterator;
> +import java.util.List;
> +import java.util.Vector;
> +
> +import org.apache.commons.logging.Log;
> +import org.apache.commons.logging.LogFactory;
> +import org.apache.geronimo.gbean.GBeanInfo;
> +import org.apache.geronimo.gbean.GBeanInfoBuilder;
> +import org.apache.geronimo.gbean.GBeanLifecycle;
> +import org.apache.geronimo.gbean.WaitingException;
> +import org.apache.geronimo.system.serverinfo.ServerInfo;
> +/*
> +import org.bouncycastle.asn1.ASN1Set;
> +import org.bouncycastle.asn1.DEROutputStream;
> +import org.bouncycastle.asn1.x509.X509Name;
> +import org.bouncycastle.jce.PKCS10CertificationRequest;
> +import org.bouncycastle.jce.X509Principal;
> +import org.bouncycastle.jce.X509V1CertificateGenerator;
> +import org.bouncycastle.jce.provider.BouncyCastleProvider;
> +import org.bouncycastle.util.encoders.Base64;
> +*/
> +import org.apache.geronimo.util.asn1.ASN1Set;
> +import org.apache.geronimo.util.asn1.DEROutputStream;
> +import org.apache.geronimo.util.asn1.x509.X509Name;
> +import org.apache.geronimo.util.jce.PKCS10CertificationRequest;
> +import org.apache.geronimo.util.jce.X509Principal;
> +import org.apache.geronimo.util.jce.X509V1CertificateGenerator;
> +import org.apache.geronimo.util.encoders.Base64;
> +
> +public class KeyStoreGBean implements GBeanLifecycle {
> + public static final String KEY_STORE_OBJ_NAME = "geronimo.security:type=KeyStore";
> +
> + private static Log log = LogFactory.getLog(KeyStoreGBean.class);
> +
> + private String keyStoreType;
> +
> + private String keyStoreProvider;
> +
> + private String keyStoreLocation;
> +
> + private String keyStorePassword;
> +
> + private String keyPassword;
> +
> + private KeyStore keystore;
> +
> + // Used to resolve keystore path.
> + private ServerInfo serverInfo;
> +
> + public KeyStoreGBean() {
> + keyPassword = new String("");
> + }
> +
> + public void doStart() throws WaitingException, Exception {
> +
> + //Security.addProvider(new BouncyCastleProvider());
> +
> + this.keystore = KeyStore.getInstance(keyStoreType);
> +
> + boolean keystoreExistsFlag = true;
> + InputStream is = null;
> +
> + try {
> + log.info("loading keystore from "
> + + serverInfo.resolvePath(this.keyStoreLocation));
> + is = new java.io.FileInputStream(serverInfo
> + .resolvePath(this.keyStoreLocation));
> + this.keystore.load(is, this.keyStorePassword.toCharArray());
> + } catch (java.io.FileNotFoundException e) {
> + keystoreExistsFlag = false;
> + } finally {
> + try {
> + if (is != null) {
> + is.close();
> + }
> + } catch (Exception e) {
> + }
> + }
> +
> + if (keystoreExistsFlag == false) {
> + keystore.load(null, keyStorePassword.toCharArray());
> + }
> + }
> +
> + public void doStop() throws WaitingException, Exception {
> + }
> +
> + public void doFail() {
> + }
> +
> + public static final GBeanInfo GBEAN_INFO;
> +
> + static {
> + GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(KeyStoreGBean.class);
> +
> + infoFactory.addAttribute("keyStoreType", String.class, true);
> + infoFactory.addAttribute("keyStoreProvider", String.class, true);
> + infoFactory.addAttribute("keyStoreLocation", String.class, true);
> + infoFactory.addAttribute("keyStorePassword", String.class, true);
> +
> + infoFactory.addReference("serverInfo", ServerInfo.class);
> +
> + infoFactory.addOperation("getKeyEntryInfo",
> + new Class[] { String.class });
> + infoFactory.addOperation("getKeyStoreSize");
> + infoFactory.addOperation("getKeyStoreEntries");
> + infoFactory.addOperation("getCertificateChain",
> + new Class[] { String.class });
> + infoFactory.addOperation("generateCSR", new Class[] { String.class });
> +
> + infoFactory.addOperation("generateKeyPair", new Class[] { String.class,
> + String.class, Integer.class, String.class, Integer.class,
> + String.class, String.class, String.class, String.class,
> + String.class, String.class });
> +
> + infoFactory.addOperation("importTrustedX509Certificate", new Class[] {
> + String.class, String.class });
> + infoFactory.addOperation("importPKCS7Certificate", new Class[] {
> + String.class, String.class });
> +
> + GBEAN_INFO = infoFactory.getBeanInfo();
> + }
> +
> + public static GBeanInfo getGBeanInfo() {
> + return GBEAN_INFO;
> + }
> +
> + public void setKeyStoreType(String keyStoreType) {
> + this.keyStoreType = keyStoreType;
> + }
> +
> + public String getKeyStoreType() {
> + return this.keyStoreType;
> + }
> +
> + public void setKeyStoreProvider(String keyStoreProvider) {
> + this.keyStoreProvider = keyStoreProvider;
> + }
> +
> + public String getKeyStoreProvider() {
> + return this.keyStoreProvider;
> + }
> +
> + public void setKeyStoreLocation(String keyStoreLocation) {
> + this.keyStoreLocation = keyStoreLocation;
> + }
> +
> + public ServerInfo getServerInfo() {
> + return serverInfo;
> + }
> +
> + public void setServerInfo(ServerInfo serverInfo) {
> + this.serverInfo = serverInfo;
> + }
> +
> + public String getKeyStoreLocation() {
> + return this.keyStoreLocation;
> + }
> +
> + public void setKeyStorePassword(String keyStorePassword) {
> + this.keyStorePassword = keyStorePassword;
> + }
> +
> + public String getKeyStorePassword() {
> + return this.keyStorePassword;
> + }
> +
> + public int getKeyStoreSize() throws KeyStoreException {
> + return this.keystore.size();
> + }
> +
> + public KeyEntryInfo getKeyEntryInfo(String alias) throws KeyStoreException {
> + KeyEntryInfo info = null;
> +
> + if (this.keystore.isCertificateEntry(alias)) {
> + // certificate entry
> + info = new KeyEntryInfo(alias, "trusted certificate", keystore
> + .getCreationDate(alias));
> + } else if (this.keystore.isKeyEntry(alias)) {
> + // private key entry
> + info = new KeyEntryInfo(alias, "private key", keystore
> + .getCreationDate(alias));
> + } else {
> + throw new KeyStoreException("invalid key entry type");
> + }
> + return info;
> + }
> +
> + public List getKeyStoreEntries() throws KeyStoreException {
> + List list = new ArrayList();
> +
> + Enumeration aliases = this.keystore.aliases();
> +
> + while (aliases.hasMoreElements()) {
> + String alias = (String) aliases.nextElement();
> + list.add(getKeyEntryInfo(alias));
> + }
> + return list;
> + }
> +
> + public Certificate[] getCertificateChain(String alias)
> + throws KeyStoreException {
> + Certificate[] certs = null;
> +
> + if (keystore.isCertificateEntry(alias)) {
> + Certificate cert = keystore.getCertificate(alias);
> + certs = new Certificate[1];
> + certs[0] = cert;
> + } else if (keystore.isKeyEntry(alias)) {
> + certs = keystore.getCertificateChain(alias);
> + } else if (keystore.containsAlias(alias)) {
> + throw new KeyStoreException("Unsupported key-store-entry, alias = "
> + + alias);
> + } else {
> + throw new KeyStoreException(
> + "Key-store-entry alias not found, alias = " + alias);
> + }
> +
> + return certs;
> + }
> +
> + public String generateCSR(String alias) throws Exception {
> +
> + // find certificate by alias
> + X509Certificate cert = (X509Certificate) keystore.getCertificate(alias);
> +
> + // find private key by alias
> + PrivateKey key = (PrivateKey) keystore.getKey(alias, new String("")
> + .toCharArray());
> +
> + // generate csr
> + String csr = generateCSR(cert, key);
> + return csr;
> + }
> +
> + public String generateCSR(X509Certificate cert, PrivateKey signingKey)
> + throws Exception {
> +
> + String sigalg = cert.getSigAlgName();
> + X509Name subject = new X509Name(cert.getSubjectDN().toString());
> + PublicKey publicKey = cert.getPublicKey();
> + ASN1Set attributes = null;
> +
> + PKCS10CertificationRequest csr = new PKCS10CertificationRequest(sigalg,
> + subject, publicKey, attributes, signingKey);
> +
> + if (!csr.verify()) {
> + throw new KeyStoreException("CSR verification failed");
> + }
> +
> + ByteArrayOutputStream os = new ByteArrayOutputStream();
> + DEROutputStream deros = new DEROutputStream(os);
> + deros.writeObject(csr.getDERObject());
> + String b64 = new String(Base64.encode(os.toByteArray()));
> +
> + final String BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----";
> + final String END_CERT_REQ = "-----END CERTIFICATE REQUEST-----";
> + final int CERT_REQ_LINE_LENGTH = 70;
> +
> + StringBuffer sbuf = new StringBuffer(BEGIN_CERT_REQ).append('\n');
> +
> + int idx = 0;
> + while (idx < b64.length()) {
> +
> + int len = (idx + CERT_REQ_LINE_LENGTH > b64.length()) ? b64
> + .length()
> + - idx : CERT_REQ_LINE_LENGTH;
> +
> + String chunk = b64.substring(idx, idx + len);
> +
> + sbuf.append(chunk).append('\n');
> + idx += len;
> + }
> +
> + sbuf.append(END_CERT_REQ);
> + return sbuf.toString();
> + }
> +
> + public void generateKeyPair(String alias, String keyalg, Integer keysize,
> + String sigalg, Integer validity, String cn, String ou, String o,
> + String l, String st, String c)
> + throws java.security.NoSuchAlgorithmException,
> + java.security.KeyStoreException, java.security.SignatureException,
> + java.security.InvalidKeyException,
> + java.security.cert.CertificateException, java.io.IOException {
> +
> + KeyPairGenerator kpgen = KeyPairGenerator.getInstance(keyalg);
> +
> + kpgen.initialize(keysize.intValue());
> +
> + KeyPair keyPair = kpgen.generateKeyPair();
> +
> + X509Certificate cert = generateCert(keyPair.getPublic(), keyPair
> + .getPrivate(), sigalg, validity.intValue(), cn, ou, o, l, st, c);
> +
> + keystore.setKeyEntry(alias, keyPair.getPrivate(), new String()
> + .toCharArray(), new Certificate[] { cert });
> +
> + saveKeyStore();
> + }
> +
> + public void saveKeyStore() throws java.io.IOException,
> + java.security.KeyStoreException,
> + java.security.cert.CertificateException,
> + java.security.NoSuchAlgorithmException {
> +
> + FileOutputStream os = null;
> +
> + try {
> + os = new FileOutputStream(serverInfo
> + .resolvePath(this.keyStoreLocation));
> +
> + keystore.store(os, keyStorePassword.toCharArray());
> + } finally {
> + if (os != null) {
> + try {
> + os.close();
> + } catch (Exception ex) {
> + }
> + }
> + }
> + }
> +
> + public X509Certificate generateCert(PublicKey publicKey,
> + PrivateKey privateKey, String sigalg, int validity, String cn,
> + String ou, String o, String l, String st, String c)
> + throws java.security.SignatureException,
> + java.security.InvalidKeyException {
> + X509V1CertificateGenerator certgen = new X509V1CertificateGenerator();
> +
> + // issuer dn
> + Vector order = new Vector();
> + Hashtable attrmap = new Hashtable();
> +
> + if (cn != null) {
> + attrmap.put(X509Principal.CN, cn);
> + order.add(X509Principal.CN);
> + }
> +
> + if (ou != null) {
> + attrmap.put(X509Principal.OU, ou);
> + order.add(X509Principal.OU);
> + }
> +
> + if (o != null) {
> + attrmap.put(X509Principal.O, o);
> + order.add(X509Principal.O);
> + }
> +
> + if (l != null) {
> + attrmap.put(X509Principal.L, l);
> + order.add(X509Principal.L);
> + }
> +
> + if (st != null) {
> + attrmap.put(X509Principal.ST, st);
> + order.add(X509Principal.ST);
> + }
> +
> + if (c != null) {
> + attrmap.put(X509Principal.C, c);
> + order.add(X509Principal.C);
> + }
> +
> + X509Principal issuerDN = new X509Principal(order, attrmap);
> + certgen.setIssuerDN(issuerDN);
> +
> + // validity
> + long curr = System.currentTimeMillis();
> + long untill = curr + (long) validity * 24 * 60 * 60 * 1000;
> +
> + certgen.setNotBefore(new Date(curr));
> + certgen.setNotAfter(new Date(untill));
> +
> + // subject dn
> + certgen.setSubjectDN(issuerDN);
> +
> + // public key
> + certgen.setPublicKey(publicKey);
> +
> + // signature alg
> + certgen.setSignatureAlgorithm(sigalg);
> +
> + // serial number
> + certgen.setSerialNumber(new BigInteger(String.valueOf(curr)));
> +
> + // make certificate
> + X509Certificate cert = certgen.generateX509Certificate(privateKey);
> + return cert;
> + }
> +
> + public void importTrustedX509Certificate(String alias, String certfile)
> + throws java.io.FileNotFoundException,
> + java.security.cert.CertificateException,
> + java.security.KeyStoreException, java.io.IOException,
> + java.security.NoSuchAlgorithmException,
> + java.security.NoSuchProviderException {
> + InputStream is = null;
> +
> + try {
> + CertificateFactory cf = CertificateFactory.getInstance("X.509",
> + keyStoreProvider);
> +
> + is = new FileInputStream(certfile);
> + Certificate cert = cf.generateCertificate(is);
> +
> + keystore.setCertificateEntry(alias, cert);
> +
> + saveKeyStore();
> + } finally {
> + if (is != null) {
> + try {
> + is.close();
> + } catch (Exception e) {
> + }
> + }
> + }
> + }
> +
> + public void importPKCS7Certificate(String alias, String certbuf)
> + throws java.security.cert.CertificateException,
> + java.security.NoSuchProviderException,
> + java.security.KeyStoreException,
> + java.security.NoSuchAlgorithmException,
> + java.security.UnrecoverableKeyException, java.io.IOException {
> +
> + InputStream is = null;
> +
> + try {
> + is = new ByteArrayInputStream(certbuf.getBytes());
> + importPKCS7Certificate(alias, is);
> + } finally {
> + if (is != null) {
> + try {
> + is.close();
> + } catch (Exception e) {
> + }
> + }
> + }
> + }
> +
> + public void importPKCS7Certificate(String alias, InputStream is)
> + throws java.security.cert.CertificateException,
> + java.security.NoSuchProviderException,
> + java.security.KeyStoreException,
> + java.security.NoSuchAlgorithmException,
> + java.security.UnrecoverableKeyException, java.io.IOException {
> +
> + CertificateFactory cf = CertificateFactory.getInstance("X.509",
> + keyStoreProvider);
> + Collection certcoll = cf.generateCertificates(is);
> +
> + Certificate[] chain = new Certificate[certcoll.size()];
> +
> + Iterator iter = certcoll.iterator();
> + for (int i = 0; iter.hasNext(); i++) {
> + chain[i] = (Certificate) iter.next();
> + }
> +
> + char[] password = keyPassword.toCharArray();
> + keystore.setKeyEntry(alias, keystore.getKey(alias, password), password,
> + chain);
> +
> + saveKeyStore();
> + }
> +}
>
> Modified: geronimo/trunk/applications/console-ear/src/plan/geronimo-application.xml
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-ear/src/plan/geronimo-application.xml?rev=326194&r1=326193&r2=326194&view=diff
> ==============================================================================
> --- geronimo/trunk/applications/console-ear/src/plan/geronimo-application.xml (original)
> +++ geronimo/trunk/applications/console-ear/src/plan/geronimo-application.xml Tue Oct 18 11:22:57 2005
> @@ -78,19 +78,18 @@
> </gbean>
>
> <!-- Keystore configuration -->
> - <!-- I think this requires a modified GERONIMO-887 to be applied first -->
> -<!-- <gbean gbeanName="geronimo.security:type=KeyStore" class="org.apache.geronimo.console.core.keystore.KeyStoreGBean">-->
> -<!-- <attribute name="keyStoreLocation">var/security/ssl-keystore-1</attribute>-->
> -<!-- <attribute name="keyStoreType">jks</attribute>-->
> -<!-- <attribute name="keyStoreProvider">SUN</attribute>-->
> -<!-- <attribute name="keyStorePassword">password</attribute>-->
> -<!-- <reference name="serverInfo">-->
> -<!-- <application>null</application>-->
> -<!-- <moduleType>J2EEModule</moduleType>-->
> -<!-- <module>org/apache/geronimo/System</module>-->
> -<!-- <type>GBean</type>-->
> -<!-- <name>ServerInfo</name>-->
> -<!-- </reference>-->
> -<!-- </gbean>-->
> + <gbean gbeanName="geronimo.security:type=KeyStore" class="org.apache.geronimo.console.core.keystore.KeyStoreGBean">
> + <attribute name="keyStoreLocation">var/security/ssl-keystore-1</attribute>
> + <attribute name="keyStoreType">jks</attribute>
> + <attribute name="keyStoreProvider">SUN</attribute>
> + <attribute name="keyStorePassword">password</attribute>
> + <reference name="serverInfo">
> + <application>null</application>
> + <moduleType>J2EEModule</moduleType>
> + <module>org/apache/geronimo/System</module>
> + <type>GBean</type>
> + <name>ServerInfo</name>
> + </reference>
> + </gbean>
>
> </application>
>
> Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/CertManagerPortlet.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/CertManagerPortlet.java?rev=326194&view=auto
> ==============================================================================
> --- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/CertManagerPortlet.java (added)
> +++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/CertManagerPortlet.java Tue Oct 18 11:22:57 2005
> @@ -0,0 +1,152 @@
> +/**
> + *
> + * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.console.certmanager;
> +
> +import java.io.IOException;
> +import java.util.Enumeration;
> +
> +import javax.management.ObjectName;
> +import javax.portlet.ActionRequest;
> +import javax.portlet.ActionResponse;
> +import javax.portlet.GenericPortlet;
> +import javax.portlet.PortletConfig;
> +import javax.portlet.PortletContext;
> +import javax.portlet.PortletException;
> +import javax.portlet.PortletRequestDispatcher;
> +import javax.portlet.RenderRequest;
> +import javax.portlet.RenderResponse;
> +
> +import org.apache.geronimo.console.certmanager.actions.ChangeStorePassword;
> +import org.apache.geronimo.console.certmanager.actions.GenerateCSR;
> +import org.apache.geronimo.console.certmanager.actions.GenerateKeyPair;
> +import org.apache.geronimo.console.certmanager.actions.ImportCAReply;
> +import org.apache.geronimo.console.certmanager.actions.ImportTrustedCertificate;
> +import org.apache.geronimo.console.certmanager.actions.UploadCertificateFile;
> +import org.apache.geronimo.console.certmanager.actions.ViewKeyStore;
> +import org.apache.geronimo.console.certmanager.actions.ViewKeyStoreEntryDetail;
> +import org.apache.geronimo.console.util.ObjectNameConstants;
> +
> +public class CertManagerPortlet extends GenericPortlet {
> +
> + private PortletContext ctx;
> +
> + private ObjectName ksobjname;
> +
> + public CertManagerPortlet() {
> + this.ctx = null;
> + }
> +
> + public void init(PortletConfig portletConfig) throws PortletException {
> + super.init(portletConfig);
> +
> + // iniitialize portlet environment
> + this.ctx = portletConfig.getPortletContext();
> +
> + try {
> + this.ksobjname = new ObjectName(
> + ObjectNameConstants.KEYSTORE_OBJ_NAME);
> + } catch (Exception e) {
> + throw new PortletException(e);
> + }
> +
> + this.ctx.log("Certificate manager portlet initialized");
> + }
> +
> + public ObjectName getKeyStoreObjectName() {
> + return ksobjname;
> + }
> +
> + public void processAction(ActionRequest request, ActionResponse response)
> + throws PortletException, IOException {
> +
> + String action = request.getParameter("action");
> + ctx.log("process-action: action = " + action);
> +
> + if (action == null) {
> + return;
> + }
> +
> + // pass 'action' parameter value to render method
> + response.setRenderParameter("action", action);
> +
> + if (action.equals("upload-certificate-file")) {
> + UploadCertificateFile.action(this, request, response);
> + } else if (action.equals("import-trusted-certificate")) {
> + ImportTrustedCertificate.action(this, request, response);
> + } else if (action.equals("tools-generate-key-pair")) {
> + GenerateKeyPair.action(this, request, response);
> + } else if (action.equals("tools-change-keystore-password")) {
> + ChangeStorePassword.action(this, request, response);
> + } else if (action.equals("generate-csr")) {
> + GenerateCSR.action(this, request, response);
> + } else if (action.equals("import-ca-reply")) {
> + ImportCAReply.action(this, request, response);
> + } else if (action.equals("save-pkcs7-cert")) {
> + ImportCAReply.action(this, request, response);
> + } else if (action.equals("generate-key-pair")) {
> + GenerateKeyPair.action(this, request, response);
> + }
> + }
> +
> + public void doView(RenderRequest request, RenderResponse response)
> + throws PortletException, IOException {
> +
> + PortletRequestDispatcher prd = null;
> +
> + String action = request.getParameter("action");
> + ctx.log("do-view: action = " + action);
> +
> + Enumeration e = request.getParameterNames();
> + while (e.hasMoreElements()) {
> + String pname = (String) e.nextElement();
> + String value = request.getParameter(pname);
> + ctx.log("param-name = " + pname + ", param-value = " + value);
> + }
> +
> + if (action == null) {
> + ViewKeyStore.render(this, request, response);
> + } else if (action.equals("tools-import-trusted-certificate")) {
> + ImportTrustedCertificate.render(this, request, response);
> + } else if (action.equals("tools-generate-key-pair")) {
> + GenerateKeyPair.render(this, request, response);
> + } else if (action.equals("tools-change-keystore-password")) {
> + ChangeStorePassword.render(this, request, response);
> + } else if (action.equals("upload-certificate-file")) {
> + UploadCertificateFile.render(this, request, response);
> + } else if (action.equals("import-trusted-certificate")) {
> + ImportTrustedCertificate.render(this, request, response);
> + } else if (action.equals("view-keystore-entry-details")) {
> + ViewKeyStoreEntryDetail.render(this, request, response);
> + } else if (action.equals("generate-csr")) {
> + GenerateCSR.render(this, request, response);
> + } else if (action.equals("import-ca-reply")) {
> + ImportCAReply.render(this, request, response);
> + } else if (action.equals("save-pkcs7-cert")) {
> + ImportCAReply.render(this, request, response);
> + } else if (action.equals("generate-key-pair")) {
> + GenerateKeyPair.render(this, request, response);
> + }
> + }
> +
> + public void doHelp(RenderRequest renderRequest,
> + RenderResponse renderResponse) throws PortletException, IOException {
> + PortletRequestDispatcher prd = ctx
> + .getRequestDispatcher("/WEB-INF/view/certmanager/viewKeyStoreHelp.jsp");
> + prd.include(renderRequest, renderResponse);
> + }
> +}
>
> Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ChangeStorePassword.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ChangeStorePassword.java?rev=326194&view=auto
> ==============================================================================
> --- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ChangeStorePassword.java (added)
> +++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ChangeStorePassword.java Tue Oct 18 11:22:57 2005
> @@ -0,0 +1,49 @@
> +/**
> + *
> + * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.console.certmanager.actions;
> +
> +import java.io.IOException;
> +
> +import javax.portlet.ActionRequest;
> +import javax.portlet.ActionResponse;
> +import javax.portlet.PortletException;
> +import javax.portlet.PortletRequestDispatcher;
> +import javax.portlet.RenderRequest;
> +import javax.portlet.RenderResponse;
> +
> +import org.apache.geronimo.console.certmanager.CertManagerPortlet;
> +
> +public class ChangeStorePassword {
> + public static void action(CertManagerPortlet portlet,
> + ActionRequest request, ActionResponse response)
> + throws PortletException, IOException {
> + response.setRenderParameter("action", request.getParameter("action"));
> + }
> +
> + public static void render(CertManagerPortlet portlet,
> + RenderRequest request, RenderResponse response)
> + throws PortletException, IOException {
> +
> + PortletRequestDispatcher rd = portlet
> + .getPortletContext()
> + .getRequestDispatcher(
> + "/WEB-INF/view/certmanager/changeStorePasswordNormal.jsp");
> +
> + rd.include(request, response);
> + }
> +}
>
> Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateCSR.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateCSR.java?rev=326194&view=auto
> ==============================================================================
> --- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateCSR.java (added)
> +++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateCSR.java Tue Oct 18 11:22:57 2005
> @@ -0,0 +1,63 @@
> +/**
> + *
> + * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.console.certmanager.actions;
> +
> +import java.io.IOException;
> +
> +import javax.portlet.ActionRequest;
> +import javax.portlet.ActionResponse;
> +import javax.portlet.PortletException;
> +import javax.portlet.PortletRequestDispatcher;
> +import javax.portlet.RenderRequest;
> +import javax.portlet.RenderResponse;
> +
> +import org.apache.geronimo.console.certmanager.CertManagerPortlet;
> +import org.apache.geronimo.kernel.KernelRegistry;
> +
> +public class GenerateCSR {
> + public static void action(CertManagerPortlet portlet,
> + ActionRequest request, ActionResponse response)
> + throws PortletException, IOException {
> + response.setRenderParameter("action", request.getParameter("action"));
> + }
> +
> + public static void render(CertManagerPortlet portlet,
> + RenderRequest request, RenderResponse response)
> + throws PortletException, IOException {
> +
> + String alias = request.getParameter("alias");
> +
> + try {
> + String csr = (String) KernelRegistry.getSingleKernel()
> + .invoke(portlet.getKeyStoreObjectName(), "generateCSR",
> + new Object[] { alias },
> + new String[] { "java.lang.String" });
> +
> + request.setAttribute("com.gluecode.se.cert.csr", csr);
> + request.setAttribute("alias", alias);
> + } catch (Exception e) {
> + throw new PortletException(e);
> + }
> +
> + PortletRequestDispatcher rd = portlet.getPortletContext()
> + .getRequestDispatcher(
> + "/WEB-INF/view/certmanager/generateCSRNormal.jsp");
> +
> + rd.include(request, response);
> + }
> +}
>
> Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateKeyPair.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateKeyPair.java?rev=326194&view=auto
> ==============================================================================
> --- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateKeyPair.java (added)
> +++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateKeyPair.java Tue Oct 18 11:22:57 2005
> @@ -0,0 +1,143 @@
> +/**
> + *
> + * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.console.certmanager.actions;
> +
> +import java.io.IOException;
> +import java.util.Iterator;
> +import java.util.List;
> +
> +import javax.management.ObjectName;
> +import javax.portlet.ActionRequest;
> +import javax.portlet.ActionResponse;
> +import javax.portlet.PortletException;
> +import javax.portlet.PortletRequestDispatcher;
> +import javax.portlet.RenderRequest;
> +import javax.portlet.RenderResponse;
> +
> +import org.apache.geronimo.console.certmanager.CertManagerPortlet;
> +import org.apache.geronimo.kernel.KernelRegistry;
> +
> +public class GenerateKeyPair {
> + public static void action(CertManagerPortlet portlet,
> + ActionRequest request, ActionResponse response)
> + throws PortletException, IOException {
> + response.setRenderParameter("action", request.getParameter("action"));
> +
> + String action = request.getParameter("action");
> +
> + if (action == null) {
> + return;
> + }
> +
> + if (action.equals("generate-key-pair")) {
> +
> + String submit = request.getParameter("submit");
> + String alias = request.getParameter("alias");
> + String keyalg = request.getParameter("keyalg");
> + String keysize = request.getParameter("keysize");
> + String sigalg = request.getParameter("sigalg");
> + String validity = request.getParameter("validity");
> +
> + String cn = request.getParameter("cn");
> + String ou = request.getParameter("ou");
> + String o = request.getParameter("o");
> + String l = request.getParameter("l");
> + String st = request.getParameter("st");
> + String c = request.getParameter("c");
> +
> + if (submit.equals("cancel")) {
> + return;
> + }
> +
> + try {
> + Integer ikeysize = new Integer(Integer.parseInt(keysize));
> + Integer ivalidity = new Integer(Integer.parseInt(validity));
> +
> + KernelRegistry.getSingleKernel().invoke(
> + portlet.getKeyStoreObjectName(),
> + "generateKeyPair",
> + new Object[] { alias, keyalg, ikeysize, sigalg,
> + ivalidity, cn, ou, o, l, st, c },
> + new String[] { "java.lang.String", "java.lang.String",
> + "java.lang.Integer", "java.lang.String",
> + "java.lang.Integer", "java.lang.String",
> + "java.lang.String", "java.lang.String",
> + "java.lang.String", "java.lang.String",
> + "java.lang.String" });
> + } catch (Exception ex) {
> + throw new PortletException(ex);
> + }
> + }
> + }
> +
> + public static void render(CertManagerPortlet portlet,
> + RenderRequest request, RenderResponse response)
> + throws PortletException, IOException {
> +
> + String action = request.getParameter("action");
> +
> + PortletRequestDispatcher rd = null;
> +
> + if (action.equals("tools-generate-key-pair")) {
> + rd = portlet.getPortletContext().getRequestDispatcher(
> + "/WEB-INF/view/certmanager/generateKeyPairNormal.jsp");
> + } else {
> + try {
> + ObjectName objname = portlet.getKeyStoreObjectName();
> +
> + String keyStoreType = (String) KernelRegistry.getSingleKernel()
> + .getAttribute(objname, "keyStoreType");
> + String keyStoreProvider = (String) KernelRegistry
> + .getSingleKernel().getAttribute(objname,
> + "keyStoreProvider");
> + String keyStoreLocation = (String) KernelRegistry
> + .getSingleKernel().getAttribute(objname,
> + "keyStoreLocation");
> +
> + request.setAttribute("com.gluecode.se.keystore.type",
> + keyStoreType);
> + request.setAttribute("com.gluecode.se.keystore.provider",
> + keyStoreProvider);
> + request.setAttribute("com.gluecode.se.keystore.location",
> + keyStoreLocation);
> +
> + List storelist = (List) KernelRegistry.getSingleKernel()
> + .invoke(objname, "getKeyStoreEntries");
> +
> + Iterator iter = storelist.iterator();
> + while (iter.hasNext()) {
> + portlet.getPortletContext().log(
> + "store-item = " + iter.next());
> + }
> +
> + request
> + .setAttribute("com.gluecode.se.keystore.list",
> + storelist);
> + request.setAttribute("com.gluecode.se.keystore.size", String
> + .valueOf(storelist.size()));
> + } catch (Exception e) {
> + throw new PortletException(e);
> + }
> +
> + rd = portlet.getPortletContext().getRequestDispatcher(
> + "/WEB-INF/view/certmanager/viewKeyStoreNormal.jsp");
> + }
> +
> + rd.include(request, response);
> + }
> +}
>
> Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportCAReply.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportCAReply.java?rev=326194&view=auto
> ==============================================================================
> --- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportCAReply.java (added)
> +++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportCAReply.java Tue Oct 18 11:22:57 2005
> @@ -0,0 +1,101 @@
> +/**
> + *
> + * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.console.certmanager.actions;
> +
> +import java.io.IOException;
> +
> +import javax.portlet.ActionRequest;
> +import javax.portlet.ActionResponse;
> +import javax.portlet.PortletException;
> +import javax.portlet.PortletRequestDispatcher;
> +import javax.portlet.RenderRequest;
> +import javax.portlet.RenderResponse;
> +
> +import org.apache.geronimo.console.certmanager.CertManagerPortlet;
> +import org.apache.geronimo.kernel.KernelRegistry;
> +
> +public class ImportCAReply {
> + public static void action(CertManagerPortlet portlet,
> + ActionRequest request, ActionResponse response)
> + throws PortletException, IOException {
> +
> + // pass 'alias' parameter along
> + String alias = request.getParameter("alias");
> + response.setRenderParameter("alias", alias);
> +
> + String action = request.getParameter("action");
> +
> + // this should never happen
> + if (action == null) {
> + return;
> + }
> +
> + if (action.equals("import-ca-reply")) {
> + return;
> + } else if (action.equals("save-pkcs7-cert")) {
> + String submit = request.getParameter("submit");
> +
> + if (submit.equalsIgnoreCase("cancel")) {
> + return;
> + }
> +
> + // save pkcs7-encoded certificate
> + String pkcs7cert = request.getParameter("pkcs7cert");
> +
> + try {
> + KernelRegistry.getSingleKernel()
> + .invoke(
> + portlet.getKeyStoreObjectName(),
> + "importPKCS7Certificate",
> + new Object[] { alias, pkcs7cert },
> + new String[] { "java.lang.String",
> + "java.lang.String" });
> + } catch (Exception e) {
> + throw new PortletException(e);
> + }
> + }
> + }
> +
> + public static void render(CertManagerPortlet portlet,
> + RenderRequest request, RenderResponse response)
> + throws PortletException, IOException {
> +
> + String action = request.getParameter("action");
> + String alias = request.getParameter("alias");
> +
> + // set alias name
> + request.setAttribute("alias", alias);
> +
> + // this should never happen
> + if (action == null) {
> + ViewKeyStoreEntryDetail.render(portlet, request, response);
> + return;
> + }
> +
> + if (action.equals("import-ca-reply")) {
> + PortletRequestDispatcher rd = portlet
> + .getPortletContext()
> + .getRequestDispatcher(
> + "/WEB-INF/view/certmanager/importCAReplyNormal.jsp");
> +
> + rd.include(request, response);
> + } else if (action.equals("save-pkcs7-cert")) {
> + ViewKeyStoreEntryDetail.render(portlet, request, response);
> + }
> + }
> +}
>
> Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportTrustedCertificate.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportTrustedCertificate.java?rev=326194&view=auto
> ==============================================================================
> --- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportTrustedCertificate.java (added)
> +++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportTrustedCertificate.java Tue Oct 18 11:22:57 2005
> @@ -0,0 +1,90 @@
> +/**
> + *
> + * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.console.certmanager.actions;
> +
> +import java.io.IOException;
> +import java.net.URLDecoder;
> +
> +import javax.portlet.ActionRequest;
> +import javax.portlet.ActionResponse;
> +import javax.portlet.PortletException;
> +import javax.portlet.PortletRequestDispatcher;
> +import javax.portlet.RenderRequest;
> +import javax.portlet.RenderResponse;
> +
> +import org.apache.geronimo.console.certmanager.CertManagerPortlet;
> +import org.apache.geronimo.kernel.KernelRegistry;
> +
> +public class ImportTrustedCertificate {
> + public static void action(CertManagerPortlet portlet,
> + ActionRequest request, ActionResponse response)
> + throws PortletException, IOException {
> +
> + String action = request.getParameter("action");
> +
> + if (action == null) {
> + return;
> + }
> +
> + // nothing to do
> + if (action.equals("tools-generate-trusted-certificate")) {
> + return;
> + }
> +
> + String submit = request.getParameter("submit");
> +
> + if (submit.equalsIgnoreCase("cancel")) {
> + return;
> + }
> +
> + String certfileEnc = request
> + .getParameter("com.gluecode.se.cert.file.enc");
> + String alias = request.getParameter("alias");
> +
> + // decode certificate file name
> + String certfile = URLDecoder.decode(certfileEnc, "UTF-8");
> +
> + // import certificate into the key store
> + try {
> + KernelRegistry.getSingleKernel().invoke(
> + portlet.getKeyStoreObjectName(),
> + "importTrustedX509Certificate",
> + new Object[] { alias, certfile },
> + new String[] { "java.lang.String", "java.lang.String" });
> + } catch (Exception ex) {
> + throw new PortletException(ex);
> + }
> + }
> +
> + public static void render(CertManagerPortlet portlet,
> + RenderRequest request, RenderResponse response)
> + throws PortletException, IOException {
> + PortletRequestDispatcher rd = null;
> +
> + String action = request.getParameter("action");
> +
> + if (action.equals("tools-import-trusted-certificate")) {
> + rd = portlet.getPortletContext().getRequestDispatcher(
> + "/WEB-INF/view/certmanager/importTrustedCertNormal.jsp");
> +
> + rd.include(request, response);
> + } else {
> + ViewKeyStore.render(portlet, request, response);
> + }
> + }
> +}
>
> Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/UploadCertificateFile.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/UploadCertificateFile.java?rev=326194&view=auto
> ==============================================================================
> --- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/UploadCertificateFile.java (added)
> +++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/UploadCertificateFile.java Tue Oct 18 11:22:57 2005
> @@ -0,0 +1,142 @@
> +/**
> + *
> + * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.console.certmanager.actions;
> +
> +import java.io.File;
> +import java.io.FileInputStream;
> +import java.io.IOException;
> +import java.io.InputStream;
> +import java.net.URLDecoder;
> +import java.net.URLEncoder;
> +import java.security.cert.CertificateFactory;
> +import java.util.Collection;
> +import java.util.Iterator;
> +import java.util.List;
> +
> +import javax.portlet.ActionRequest;
> +import javax.portlet.ActionResponse;
> +import javax.portlet.PortletException;
> +import javax.portlet.PortletRequestDispatcher;
> +import javax.portlet.RenderRequest;
> +import javax.portlet.RenderResponse;
> +
> +import org.apache.commons.fileupload.FileItem;
> +import org.apache.commons.fileupload.FileUploadException;
> +import org.apache.commons.fileupload.disk.DiskFileItemFactory;
> +import org.apache.commons.fileupload.portlet.PortletFileUpload;
> +import org.apache.geronimo.console.certmanager.CertManagerPortlet;
> +
> +public class UploadCertificateFile {
> +
> + public static void action(CertManagerPortlet portlet,
> + ActionRequest request, ActionResponse response)
> + throws PortletException, IOException {
> + if (!PortletFileUpload.isMultipartContent(request)) {
> + throw new PortletException("Expected file upload");
> + }
> +
> + File rootDir = new File(System.getProperty("java.io.tmpdir"));
> + PortletFileUpload uploader = new PortletFileUpload(
> + new DiskFileItemFactory(10240, rootDir));
> + File certFile = null;
> +
> + try {
> + List items = uploader.parseRequest(request);
> + for (Iterator i = items.iterator(); i.hasNext();) {
> + FileItem item = (FileItem) i.next();
> + if (!item.isFormField()) {
> + String name = item.getName().trim();
> +
> + if (name.length() == 0) {
> + certFile = null;
> + } else {
> + // Firefox sends basename, IE sends full path
> + int index = name.lastIndexOf('\\');
> + if (index != -1) {
> + name = name.substring(index + 1);
> + }
> + certFile = new File(rootDir, name);
> + }
> +
> + if (certFile != null) {
> + try {
> + item.write(certFile);
> + } catch (Exception e) {
> + throw new PortletException(e);
> + }
> + }
> + }
> + }
> + } catch (FileUploadException e) {
> + throw new PortletException(e);
> + }
> +
> + // pass certificate file name along
> + String certFileName = certFile.getCanonicalPath();
> + String enc = URLEncoder.encode(certFileName, "UTF-8");
> +
> + portlet.getPortletContext().log("cert-file-name: " + certFileName);
> + portlet.getPortletContext().log("enc: " + enc);
> +
> + response.setRenderParameter("com.gluecode.se.cert.file.enc", enc);
> + response.setRenderParameter("action", request.getParameter("action"));
> + }
> +
> + public static void render(CertManagerPortlet portlet,
> + RenderRequest request, RenderResponse response)
> + throws PortletException, IOException {
> +
> + String encodedCertFileName = request
> + .getParameter("com.gluecode.se.cert.file.enc");
> + String certFileName = URLDecoder.decode(encodedCertFileName, "UTF-8");
> + portlet.getPortletContext().log("cert file: " + certFileName);
> +
> + Collection certs = null;
> + InputStream is = null;
> +
> + if (certFileName != null) {
> + File certFile = new File(certFileName);
> + try {
> + is = new FileInputStream(certFile);
> +
> + CertificateFactory cf = CertificateFactory.getInstance("X.509");
> + certs = cf.generateCertificates(is);
> + } catch (Exception e) {
> + throw new PortletException(e);
> + } finally {
> + try {
> + if (is != null) {
> + is.close();
> + }
> + } catch (Exception e) {
> + }
> + }
> +
> + request.setAttribute("com.gluecode.se.certs", certs);
> + request.setAttribute("com.gluecode.se.cert.file.enc",
> + encodedCertFileName);
> + }
> +
> + PortletRequestDispatcher prd = null;
> +
> + prd = portlet.getPortletContext().getRequestDispatcher(
> + "/WEB-INF/view/certmanager/importTrustedCertNormal.jsp");
> +
> + prd.include(request, response);
> + }
> +}
>
> Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStore.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStore.java?rev=326194&view=auto
> ==============================================================================
> --- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStore.java (added)
> +++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStore.java Tue Oct 18 11:22:57 2005
> @@ -0,0 +1,83 @@
> +/**
> + *
> + * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.console.certmanager.actions;
> +
> +import java.io.IOException;
> +import java.util.Iterator;
> +import java.util.List;
> +
> +import javax.management.ObjectName;
> +import javax.portlet.ActionRequest;
> +import javax.portlet.ActionResponse;
> +import javax.portlet.PortletException;
> +import javax.portlet.PortletRequestDispatcher;
> +import javax.portlet.RenderRequest;
> +import javax.portlet.RenderResponse;
> +
> +import org.apache.geronimo.console.certmanager.CertManagerPortlet;
> +import org.apache.geronimo.kernel.KernelRegistry;
> +
> +public class ViewKeyStore {
> + public static void action(CertManagerPortlet portlet,
> + ActionRequest request, ActionResponse response)
> + throws PortletException, Exception {
> + response.setRenderParameter("action", request.getParameter("action"));
> + }
> +
> + public static void render(CertManagerPortlet portlet,
> + RenderRequest request, RenderResponse response)
> + throws PortletException, IOException {
> +
> + PortletRequestDispatcher rd = null;
> +
> + try {
> + ObjectName objname = portlet.getKeyStoreObjectName();
> +
> + String keyStoreType = (String) KernelRegistry.getSingleKernel()
> + .getAttribute(objname, "keyStoreType");
> + String keyStoreProvider = (String) KernelRegistry.getSingleKernel()
> + .getAttribute(objname, "keyStoreProvider");
> + String keyStoreLocation = (String) KernelRegistry.getSingleKernel()
> + .getAttribute(objname, "keyStoreLocation");
> +
> + request.setAttribute("com.gluecode.se.keystore.type", keyStoreType);
> + request.setAttribute("com.gluecode.se.keystore.provider",
> + keyStoreProvider);
> + request.setAttribute("com.gluecode.se.keystore.location",
> + keyStoreLocation);
> +
> + List storelist = (List) KernelRegistry.getSingleKernel().invoke(
> + objname, "getKeyStoreEntries");
> +
> + Iterator iter = storelist.iterator();
> + while (iter.hasNext()) {
> + portlet.getPortletContext().log("store-item = " + iter.next());
> + }
> +
> + request.setAttribute("com.gluecode.se.keystore.list", storelist);
> + request.setAttribute("com.gluecode.se.keystore.size", String
> + .valueOf(storelist.size()));
> + } catch (Exception e) {
> + throw new PortletException(e);
> + }
> +
> + rd = portlet.getPortletContext().getRequestDispatcher(
> + "/WEB-INF/view/certmanager/viewKeyStoreNormal.jsp");
> + rd.include(request, response);
> + }
> +}
>
> Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStoreEntryDetail.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStoreEntryDetail.java?rev=326194&view=auto
> ==============================================================================
> --- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStoreEntryDetail.java (added)
> +++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStoreEntryDetail.java Tue Oct 18 11:22:57 2005
> @@ -0,0 +1,79 @@
> +/**
> + *
> + * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.console.certmanager.actions;
> +
> +import java.io.IOException;
> +import java.security.cert.Certificate;
> +
> +import javax.management.ObjectName;
> +import javax.portlet.PortletException;
> +import javax.portlet.PortletRequestDispatcher;
> +import javax.portlet.RenderRequest;
> +import javax.portlet.RenderResponse;
> +
> +import org.apache.commons.logging.Log;
> +import org.apache.commons.logging.LogFactory;
> +import org.apache.geronimo.console.certmanager.CertManagerPortlet;
> +import org.apache.geronimo.console.core.keystore.KeyEntryInfo;
> +import org.apache.geronimo.console.core.keystore.KeyStoreGBean;
> +import org.apache.geronimo.kernel.KernelRegistry;
> +
> +public class ViewKeyStoreEntryDetail {
> +
> + private static Log log = LogFactory.getLog(ViewKeyStoreEntryDetail.class);
> +
> + public static void render(CertManagerPortlet portlet,
> + RenderRequest request, RenderResponse response)
> + throws PortletException, IOException {
> +
> + String alias = request.getParameter("alias");
> +
> + portlet.getPortletContext().log(
> + "view-key-store-entry-detail: key-store-alias = " + alias);
> +
> + try {
> + // entry info
> + ObjectName objname = new ObjectName(
> + KeyStoreGBean.KEY_STORE_OBJ_NAME);
> + KeyEntryInfo kinfo = (KeyEntryInfo) KernelRegistry
> + .getSingleKernel().invoke(objname, "getKeyEntryInfo",
> + new Object[] { alias },
> + new String[] { "java.lang.String" });
> +
> + request.setAttribute("com.gluecode.se.keystore.entry.info", kinfo);
> +
> + // get keystore certificate chain by the alias
> + Certificate[] chain = (Certificate[]) KernelRegistry
> + .getSingleKernel().invoke(objname, "getCertificateChain",
> + new Object[] { alias },
> + new String[] { "java.lang.String" });
> +
> + // set attributes
> + request.setAttribute("com.gluecode.se.certs", chain);
> + } catch (Exception e) {
> + throw new PortletException(e);
> + }
> +
> + // display entry detail
> + PortletRequestDispatcher rd = portlet.getPortletContext()
> + .getRequestDispatcher(
> + "/WEB-INF/view/certmanager/viewCertificateNormal.jsp");
> +
> + rd.include(request, response);
> + }
> +}
>
> Modified: geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/web.xml
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/web.xml?rev=326194&r1=326193&r2=326194&view=diff
> ==============================================================================
> --- geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/web.xml (original)
> +++ geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/web.xml Tue Oct 18 11:22:57 2005
> @@ -80,7 +80,7 @@
> <servlet-class>org.apache.pluto.core.PortletServlet</servlet-class>
> <init-param>
> <param-name>portlet-class</param-name>
> - <param-value>org.apache.geronimo.console.EmptyPortlet</param-value>
> + <param-value>org.apache.geronimo.console.certmanager.CertManagerPortlet</param-value>
> </init-param>
> <init-param>
> <param-name>portlet-guid</param-name>
>
> Modified: geronimo/trunk/modules/assembly/src/plan/webconsole-jetty-plan.xml
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/webconsole-jetty-plan.xml?rev=326194&r1=326193&r2=326194&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/assembly/src/plan/webconsole-jetty-plan.xml (original)
> +++ geronimo/trunk/modules/assembly/src/plan/webconsole-jetty-plan.xml Tue Oct 18 11:22:57 2005
> @@ -62,25 +62,24 @@
> <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/System,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbean-name>
> </reference>
> <reference name="LoginModule">
> -<!-- <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Server,J2EEServer=geronimo,j2eeType=LoginModule,name=properties-login</gbean-name>-->
> + <!-- <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Server,J2EEServer=geronimo,j2eeType=LoginModule,name=properties-login</gbean-name>-->
> <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Security,J2EEServer=geronimo,j2eeType=LoginModule,name=properties-login</gbean-name>
> </reference>
> </gbean>
>
> <!-- Keystore configuration -->
> - <!-- I think this requires a modified GERONIMO-887 to be applied first -->
> -<!-- <gbean gbeanName="geronimo.security:type=KeyStore" class="org.apache.geronimo.console.core.keystore.KeyStoreGBean">-->
> -<!-- <attribute name="keyStoreLocation">var/security/ssl-keystore-1</attribute>-->
> -<!-- <attribute name="keyStoreType">jks</attribute>-->
> -<!-- <attribute name="keyStoreProvider">SUN</attribute>-->
> -<!-- <attribute name="keyStorePassword">password</attribute>-->
> -<!-- <reference name="serverInfo">-->
> -<!-- <application>null</application>-->
> -<!-- <moduleType>J2EEModule</moduleType>-->
> -<!-- <module>org/apache/geronimo/System</module>-->
> -<!-- <type>GBean</type>-->
> -<!-- <name>ServerInfo</name>-->
> -<!-- </reference>-->
> -<!-- </gbean>-->
> + <gbean gbeanName="geronimo.security:type=KeyStore" class="org.apache.geronimo.console.core.keystore.KeyStoreGBean">
> + <attribute name="keyStoreLocation">var/security/ssl-keystore-1</attribute>
> + <attribute name="keyStoreType">jks</attribute>
> + <attribute name="keyStoreProvider">SUN</attribute>
> + <attribute name="keyStorePassword">password</attribute>
> + <reference name="serverInfo">
> + <application>null</application>
> + <moduleType>J2EEModule</moduleType>
> + <module>org/apache/geronimo/System</module>
> + <type>GBean</type>
> + <name>ServerInfo</name>
> + </reference>
> + </gbean>
>
> </application>
>
> Modified: geronimo/trunk/modules/assembly/src/plan/webconsole-tomcat-plan.xml
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/webconsole-tomcat-plan.xml?rev=326194&r1=326193&r2=326194&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/assembly/src/plan/webconsole-tomcat-plan.xml (original)
> +++ geronimo/trunk/modules/assembly/src/plan/webconsole-tomcat-plan.xml Tue Oct 18 11:22:57 2005
> @@ -70,19 +70,18 @@
> </gbean>
>
> <!-- Keystore configuration -->
> - <!-- I think this requires a modified GERONIMO-887 to be applied first -->
> - <!-- <gbean gbeanName="geronimo.security:type=KeyStore" class="org.apache.geronimo.console.core.keystore.KeyStoreGBean">-->
> - <!-- <attribute name="keyStoreLocation">var/security/ssl-keystore-1</attribute>-->
> - <!-- <attribute name="keyStoreType">jks</attribute>-->
> - <!-- <attribute name="keyStoreProvider">SUN</attribute>-->
> - <!-- <attribute name="keyStorePassword">password</attribute>-->
> - <!-- <reference name="serverInfo">-->
> - <!-- <application>null</application>-->
> - <!-- <moduleType>J2EEModule</moduleType>-->
> - <!-- <module>org/apache/geronimo/System</module>-->
> - <!-- <type>GBean</type>-->
> - <!-- <name>ServerInfo</name>-->
> - <!-- </reference>-->
> - <!-- </gbean>-->
> + <gbean gbeanName="geronimo.security:type=KeyStore" class="org.apache.geronimo.console.core.keystore.KeyStoreGBean">
> + <attribute name="keyStoreLocation">var/security/ssl-keystore-1</attribute>
> + <attribute name="keyStoreType">jks</attribute>
> + <attribute name="keyStoreProvider">SUN</attribute>
> + <attribute name="keyStorePassword">password</attribute>
> + <reference name="serverInfo">
> + <application>null</application>
> + <moduleType>J2EEModule</moduleType>
> + <module>org/apache/geronimo/System</module>
> + <type>GBean</type>
> + <name>ServerInfo</name>
> + </reference>
> + </gbean>
>
> </application>
>
>
>
--
Davanum Srinivas : http://wso2.com/blogs/
Re: svn commit: r326194 - in /geronimo/trunk: applications/console-core/ applications/console-core/src/java/org/apache/geronimo/console/core/keystore/ applications/console-ear/src/plan/ applications/console-standard/src/java/org/apache/geronimo/conso
Posted by David Jencks <da...@yahoo.com>.
thanks, should be fixed now
david jencks
On Oct 18, 2005, at 11:24 AM, Davanum Srinivas wrote:
> "com.gluecode.se.certs" :)
>
> On 10/18/05, djencks@apache.org <dj...@apache.org> wrote:
>> Author: djencks
>> Date: Tue Oct 18 11:22:57 2005
>> New Revision: 326194
>>
Re: svn commit: r326194 - in /geronimo/trunk: applications/console-core/ applications/console-core/src/java/org/apache/geronimo/console/core/keystore/ applications/console-ear/src/plan/ applications/console-standard/src/java/org/apache/geronimo/conso
Posted by David Jencks <da...@yahoo.com>.
On Oct 18, 2005, at 11:37 AM, David Blevins wrote:
>>> +/**
>>> + *
>>> + * Copyright 2004, 2005 The Apache Software Foundation or its
>>> licensors, as applicable.
>>> + *
>>> + * Licensed under the Apache License, Version 2.0 (the "License");
>>> + * you may not use this file except in compliance with the License.
>>> + * You may obtain a copy of the License at
>>
>
> Is this the new copyright statement we should be using?
dunno, but it seems to be consistent with the copyright statement on
the rest of the console code donated from IBM
thanks
david jencks
Re: svn commit: r326194 - in /geronimo/trunk: applications/console-core/ applications/console-core/src/java/org/apache/geronimo/console/core/keystore/ applications/console-ear/src/plan/ applications/console-standard/src/java/org/apache/geronimo/conso
Posted by David Blevins <da...@visi.com>.
>> +/**
>> + *
>> + * Copyright 2004, 2005 The Apache Software Foundation or its
>> licensors, as applicable.
>> + *
>> + * Licensed under the Apache License, Version 2.0 (the "License");
>> + * you may not use this file except in compliance with the License.
>> + * You may obtain a copy of the License at
>
Is this the new copyright statement we should be using?
-David