You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2005/10/18 20:23:07 UTC
svn commit: r326194 - in /geronimo/trunk: applications/console-core/
applications/console-core/src/java/org/apache/geronimo/console/core/keystore/
applications/console-ear/src/plan/
applications/console-standard/src/java/org/apache/geronimo/console/cer...
Author: djencks
Date: Tue Oct 18 11:22:57 2005
New Revision: 326194
URL: http://svn.apache.org/viewcvs?rev=326194&view=rev
Log:
GERONIMO-887 keystore portlet
Added:
geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/
geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyEntryInfo.java
geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyStoreGBean.java
geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/
geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/CertManagerPortlet.java
geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/
geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ChangeStorePassword.java
geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateCSR.java
geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateKeyPair.java
geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportCAReply.java
geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportTrustedCertificate.java
geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/UploadCertificateFile.java
geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStore.java
geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStoreEntryDetail.java
Modified:
geronimo/trunk/applications/console-core/project.xml
geronimo/trunk/applications/console-ear/src/plan/geronimo-application.xml
geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/web.xml
geronimo/trunk/modules/assembly/src/plan/webconsole-jetty-plan.xml
geronimo/trunk/modules/assembly/src/plan/webconsole-tomcat-plan.xml
Modified: geronimo/trunk/applications/console-core/project.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-core/project.xml?rev=326194&r1=326193&r2=326194&view=diff
==============================================================================
--- geronimo/trunk/applications/console-core/project.xml (original)
+++ geronimo/trunk/applications/console-core/project.xml Tue Oct 18 11:22:57 2005
@@ -69,6 +69,13 @@
<artifactId>geronimo-system</artifactId>
<version>${pom.currentVersion}</version>
</dependency>
+ <!-- Keystore dependency -->
+ <dependency>
+ <groupId>geronimo</groupId>
+ <artifactId>geronimo-util</artifactId>
+ <version>${pom.currentVersion}</version>
+ </dependency>
+
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
@@ -104,12 +111,6 @@
<version>${mx4j_version}</version>
</dependency>
- <!-- Keystore dependency -->
- <dependency>
- <groupId>geronimo</groupId>
- <artifactId>geronimo-util</artifactId>
- <version>${pom.currentVersion}</version>
- </dependency>
</dependencies>
<build>
Added: geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyEntryInfo.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyEntryInfo.java?rev=326194&view=auto
==============================================================================
--- geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyEntryInfo.java (added)
+++ geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyEntryInfo.java Tue Oct 18 11:22:57 2005
@@ -0,0 +1,58 @@
+/**
+ *
+ * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.geronimo.console.core.keystore;
+
+import java.util.Date;
+
+public class KeyEntryInfo {
+ public static final String TRUSTED_CERT_TYPE = "trusted certificate";
+
+ public static final String PRIVATE_KEY_TYPE = "private key";
+
+ private String alias;
+
+ private String type;
+
+ private Date created;
+
+ public KeyEntryInfo(String alias, String type, Date created) {
+ this.alias = alias;
+ this.type = type;
+ this.created = created;
+ }
+
+ public String getAlias() {
+ return this.alias;
+ }
+
+ public String getType() {
+ return this.type;
+ }
+
+ public Date getCreated() {
+ return this.created;
+ }
+
+ public boolean isTrustedCertificate() {
+ return type.equals(TRUSTED_CERT_TYPE);
+ }
+
+ public boolean isPrivateKey() {
+ return type.equals(PRIVATE_KEY_TYPE);
+ }
+}
Added: geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyStoreGBean.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyStoreGBean.java?rev=326194&view=auto
==============================================================================
--- geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyStoreGBean.java (added)
+++ geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyStoreGBean.java Tue Oct 18 11:22:57 2005
@@ -0,0 +1,506 @@
+/**
+ *
+ * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.geronimo.console.core.keystore;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Vector;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.geronimo.gbean.GBeanInfo;
+import org.apache.geronimo.gbean.GBeanInfoBuilder;
+import org.apache.geronimo.gbean.GBeanLifecycle;
+import org.apache.geronimo.gbean.WaitingException;
+import org.apache.geronimo.system.serverinfo.ServerInfo;
+/*
+import org.bouncycastle.asn1.ASN1Set;
+import org.bouncycastle.asn1.DEROutputStream;
+import org.bouncycastle.asn1.x509.X509Name;
+import org.bouncycastle.jce.PKCS10CertificationRequest;
+import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.jce.X509V1CertificateGenerator;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.util.encoders.Base64;
+*/
+import org.apache.geronimo.util.asn1.ASN1Set;
+import org.apache.geronimo.util.asn1.DEROutputStream;
+import org.apache.geronimo.util.asn1.x509.X509Name;
+import org.apache.geronimo.util.jce.PKCS10CertificationRequest;
+import org.apache.geronimo.util.jce.X509Principal;
+import org.apache.geronimo.util.jce.X509V1CertificateGenerator;
+import org.apache.geronimo.util.encoders.Base64;
+
+public class KeyStoreGBean implements GBeanLifecycle {
+ public static final String KEY_STORE_OBJ_NAME = "geronimo.security:type=KeyStore";
+
+ private static Log log = LogFactory.getLog(KeyStoreGBean.class);
+
+ private String keyStoreType;
+
+ private String keyStoreProvider;
+
+ private String keyStoreLocation;
+
+ private String keyStorePassword;
+
+ private String keyPassword;
+
+ private KeyStore keystore;
+
+ // Used to resolve keystore path.
+ private ServerInfo serverInfo;
+
+ public KeyStoreGBean() {
+ keyPassword = new String("");
+ }
+
+ public void doStart() throws WaitingException, Exception {
+
+ //Security.addProvider(new BouncyCastleProvider());
+
+ this.keystore = KeyStore.getInstance(keyStoreType);
+
+ boolean keystoreExistsFlag = true;
+ InputStream is = null;
+
+ try {
+ log.info("loading keystore from "
+ + serverInfo.resolvePath(this.keyStoreLocation));
+ is = new java.io.FileInputStream(serverInfo
+ .resolvePath(this.keyStoreLocation));
+ this.keystore.load(is, this.keyStorePassword.toCharArray());
+ } catch (java.io.FileNotFoundException e) {
+ keystoreExistsFlag = false;
+ } finally {
+ try {
+ if (is != null) {
+ is.close();
+ }
+ } catch (Exception e) {
+ }
+ }
+
+ if (keystoreExistsFlag == false) {
+ keystore.load(null, keyStorePassword.toCharArray());
+ }
+ }
+
+ public void doStop() throws WaitingException, Exception {
+ }
+
+ public void doFail() {
+ }
+
+ public static final GBeanInfo GBEAN_INFO;
+
+ static {
+ GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(KeyStoreGBean.class);
+
+ infoFactory.addAttribute("keyStoreType", String.class, true);
+ infoFactory.addAttribute("keyStoreProvider", String.class, true);
+ infoFactory.addAttribute("keyStoreLocation", String.class, true);
+ infoFactory.addAttribute("keyStorePassword", String.class, true);
+
+ infoFactory.addReference("serverInfo", ServerInfo.class);
+
+ infoFactory.addOperation("getKeyEntryInfo",
+ new Class[] { String.class });
+ infoFactory.addOperation("getKeyStoreSize");
+ infoFactory.addOperation("getKeyStoreEntries");
+ infoFactory.addOperation("getCertificateChain",
+ new Class[] { String.class });
+ infoFactory.addOperation("generateCSR", new Class[] { String.class });
+
+ infoFactory.addOperation("generateKeyPair", new Class[] { String.class,
+ String.class, Integer.class, String.class, Integer.class,
+ String.class, String.class, String.class, String.class,
+ String.class, String.class });
+
+ infoFactory.addOperation("importTrustedX509Certificate", new Class[] {
+ String.class, String.class });
+ infoFactory.addOperation("importPKCS7Certificate", new Class[] {
+ String.class, String.class });
+
+ GBEAN_INFO = infoFactory.getBeanInfo();
+ }
+
+ public static GBeanInfo getGBeanInfo() {
+ return GBEAN_INFO;
+ }
+
+ public void setKeyStoreType(String keyStoreType) {
+ this.keyStoreType = keyStoreType;
+ }
+
+ public String getKeyStoreType() {
+ return this.keyStoreType;
+ }
+
+ public void setKeyStoreProvider(String keyStoreProvider) {
+ this.keyStoreProvider = keyStoreProvider;
+ }
+
+ public String getKeyStoreProvider() {
+ return this.keyStoreProvider;
+ }
+
+ public void setKeyStoreLocation(String keyStoreLocation) {
+ this.keyStoreLocation = keyStoreLocation;
+ }
+
+ public ServerInfo getServerInfo() {
+ return serverInfo;
+ }
+
+ public void setServerInfo(ServerInfo serverInfo) {
+ this.serverInfo = serverInfo;
+ }
+
+ public String getKeyStoreLocation() {
+ return this.keyStoreLocation;
+ }
+
+ public void setKeyStorePassword(String keyStorePassword) {
+ this.keyStorePassword = keyStorePassword;
+ }
+
+ public String getKeyStorePassword() {
+ return this.keyStorePassword;
+ }
+
+ public int getKeyStoreSize() throws KeyStoreException {
+ return this.keystore.size();
+ }
+
+ public KeyEntryInfo getKeyEntryInfo(String alias) throws KeyStoreException {
+ KeyEntryInfo info = null;
+
+ if (this.keystore.isCertificateEntry(alias)) {
+ // certificate entry
+ info = new KeyEntryInfo(alias, "trusted certificate", keystore
+ .getCreationDate(alias));
+ } else if (this.keystore.isKeyEntry(alias)) {
+ // private key entry
+ info = new KeyEntryInfo(alias, "private key", keystore
+ .getCreationDate(alias));
+ } else {
+ throw new KeyStoreException("invalid key entry type");
+ }
+ return info;
+ }
+
+ public List getKeyStoreEntries() throws KeyStoreException {
+ List list = new ArrayList();
+
+ Enumeration aliases = this.keystore.aliases();
+
+ while (aliases.hasMoreElements()) {
+ String alias = (String) aliases.nextElement();
+ list.add(getKeyEntryInfo(alias));
+ }
+ return list;
+ }
+
+ public Certificate[] getCertificateChain(String alias)
+ throws KeyStoreException {
+ Certificate[] certs = null;
+
+ if (keystore.isCertificateEntry(alias)) {
+ Certificate cert = keystore.getCertificate(alias);
+ certs = new Certificate[1];
+ certs[0] = cert;
+ } else if (keystore.isKeyEntry(alias)) {
+ certs = keystore.getCertificateChain(alias);
+ } else if (keystore.containsAlias(alias)) {
+ throw new KeyStoreException("Unsupported key-store-entry, alias = "
+ + alias);
+ } else {
+ throw new KeyStoreException(
+ "Key-store-entry alias not found, alias = " + alias);
+ }
+
+ return certs;
+ }
+
+ public String generateCSR(String alias) throws Exception {
+
+ // find certificate by alias
+ X509Certificate cert = (X509Certificate) keystore.getCertificate(alias);
+
+ // find private key by alias
+ PrivateKey key = (PrivateKey) keystore.getKey(alias, new String("")
+ .toCharArray());
+
+ // generate csr
+ String csr = generateCSR(cert, key);
+ return csr;
+ }
+
+ public String generateCSR(X509Certificate cert, PrivateKey signingKey)
+ throws Exception {
+
+ String sigalg = cert.getSigAlgName();
+ X509Name subject = new X509Name(cert.getSubjectDN().toString());
+ PublicKey publicKey = cert.getPublicKey();
+ ASN1Set attributes = null;
+
+ PKCS10CertificationRequest csr = new PKCS10CertificationRequest(sigalg,
+ subject, publicKey, attributes, signingKey);
+
+ if (!csr.verify()) {
+ throw new KeyStoreException("CSR verification failed");
+ }
+
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ DEROutputStream deros = new DEROutputStream(os);
+ deros.writeObject(csr.getDERObject());
+ String b64 = new String(Base64.encode(os.toByteArray()));
+
+ final String BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----";
+ final String END_CERT_REQ = "-----END CERTIFICATE REQUEST-----";
+ final int CERT_REQ_LINE_LENGTH = 70;
+
+ StringBuffer sbuf = new StringBuffer(BEGIN_CERT_REQ).append('\n');
+
+ int idx = 0;
+ while (idx < b64.length()) {
+
+ int len = (idx + CERT_REQ_LINE_LENGTH > b64.length()) ? b64
+ .length()
+ - idx : CERT_REQ_LINE_LENGTH;
+
+ String chunk = b64.substring(idx, idx + len);
+
+ sbuf.append(chunk).append('\n');
+ idx += len;
+ }
+
+ sbuf.append(END_CERT_REQ);
+ return sbuf.toString();
+ }
+
+ public void generateKeyPair(String alias, String keyalg, Integer keysize,
+ String sigalg, Integer validity, String cn, String ou, String o,
+ String l, String st, String c)
+ throws java.security.NoSuchAlgorithmException,
+ java.security.KeyStoreException, java.security.SignatureException,
+ java.security.InvalidKeyException,
+ java.security.cert.CertificateException, java.io.IOException {
+
+ KeyPairGenerator kpgen = KeyPairGenerator.getInstance(keyalg);
+
+ kpgen.initialize(keysize.intValue());
+
+ KeyPair keyPair = kpgen.generateKeyPair();
+
+ X509Certificate cert = generateCert(keyPair.getPublic(), keyPair
+ .getPrivate(), sigalg, validity.intValue(), cn, ou, o, l, st, c);
+
+ keystore.setKeyEntry(alias, keyPair.getPrivate(), new String()
+ .toCharArray(), new Certificate[] { cert });
+
+ saveKeyStore();
+ }
+
+ public void saveKeyStore() throws java.io.IOException,
+ java.security.KeyStoreException,
+ java.security.cert.CertificateException,
+ java.security.NoSuchAlgorithmException {
+
+ FileOutputStream os = null;
+
+ try {
+ os = new FileOutputStream(serverInfo
+ .resolvePath(this.keyStoreLocation));
+
+ keystore.store(os, keyStorePassword.toCharArray());
+ } finally {
+ if (os != null) {
+ try {
+ os.close();
+ } catch (Exception ex) {
+ }
+ }
+ }
+ }
+
+ public X509Certificate generateCert(PublicKey publicKey,
+ PrivateKey privateKey, String sigalg, int validity, String cn,
+ String ou, String o, String l, String st, String c)
+ throws java.security.SignatureException,
+ java.security.InvalidKeyException {
+ X509V1CertificateGenerator certgen = new X509V1CertificateGenerator();
+
+ // issuer dn
+ Vector order = new Vector();
+ Hashtable attrmap = new Hashtable();
+
+ if (cn != null) {
+ attrmap.put(X509Principal.CN, cn);
+ order.add(X509Principal.CN);
+ }
+
+ if (ou != null) {
+ attrmap.put(X509Principal.OU, ou);
+ order.add(X509Principal.OU);
+ }
+
+ if (o != null) {
+ attrmap.put(X509Principal.O, o);
+ order.add(X509Principal.O);
+ }
+
+ if (l != null) {
+ attrmap.put(X509Principal.L, l);
+ order.add(X509Principal.L);
+ }
+
+ if (st != null) {
+ attrmap.put(X509Principal.ST, st);
+ order.add(X509Principal.ST);
+ }
+
+ if (c != null) {
+ attrmap.put(X509Principal.C, c);
+ order.add(X509Principal.C);
+ }
+
+ X509Principal issuerDN = new X509Principal(order, attrmap);
+ certgen.setIssuerDN(issuerDN);
+
+ // validity
+ long curr = System.currentTimeMillis();
+ long untill = curr + (long) validity * 24 * 60 * 60 * 1000;
+
+ certgen.setNotBefore(new Date(curr));
+ certgen.setNotAfter(new Date(untill));
+
+ // subject dn
+ certgen.setSubjectDN(issuerDN);
+
+ // public key
+ certgen.setPublicKey(publicKey);
+
+ // signature alg
+ certgen.setSignatureAlgorithm(sigalg);
+
+ // serial number
+ certgen.setSerialNumber(new BigInteger(String.valueOf(curr)));
+
+ // make certificate
+ X509Certificate cert = certgen.generateX509Certificate(privateKey);
+ return cert;
+ }
+
+ public void importTrustedX509Certificate(String alias, String certfile)
+ throws java.io.FileNotFoundException,
+ java.security.cert.CertificateException,
+ java.security.KeyStoreException, java.io.IOException,
+ java.security.NoSuchAlgorithmException,
+ java.security.NoSuchProviderException {
+ InputStream is = null;
+
+ try {
+ CertificateFactory cf = CertificateFactory.getInstance("X.509",
+ keyStoreProvider);
+
+ is = new FileInputStream(certfile);
+ Certificate cert = cf.generateCertificate(is);
+
+ keystore.setCertificateEntry(alias, cert);
+
+ saveKeyStore();
+ } finally {
+ if (is != null) {
+ try {
+ is.close();
+ } catch (Exception e) {
+ }
+ }
+ }
+ }
+
+ public void importPKCS7Certificate(String alias, String certbuf)
+ throws java.security.cert.CertificateException,
+ java.security.NoSuchProviderException,
+ java.security.KeyStoreException,
+ java.security.NoSuchAlgorithmException,
+ java.security.UnrecoverableKeyException, java.io.IOException {
+
+ InputStream is = null;
+
+ try {
+ is = new ByteArrayInputStream(certbuf.getBytes());
+ importPKCS7Certificate(alias, is);
+ } finally {
+ if (is != null) {
+ try {
+ is.close();
+ } catch (Exception e) {
+ }
+ }
+ }
+ }
+
+ public void importPKCS7Certificate(String alias, InputStream is)
+ throws java.security.cert.CertificateException,
+ java.security.NoSuchProviderException,
+ java.security.KeyStoreException,
+ java.security.NoSuchAlgorithmException,
+ java.security.UnrecoverableKeyException, java.io.IOException {
+
+ CertificateFactory cf = CertificateFactory.getInstance("X.509",
+ keyStoreProvider);
+ Collection certcoll = cf.generateCertificates(is);
+
+ Certificate[] chain = new Certificate[certcoll.size()];
+
+ Iterator iter = certcoll.iterator();
+ for (int i = 0; iter.hasNext(); i++) {
+ chain[i] = (Certificate) iter.next();
+ }
+
+ char[] password = keyPassword.toCharArray();
+ keystore.setKeyEntry(alias, keystore.getKey(alias, password), password,
+ chain);
+
+ saveKeyStore();
+ }
+}
Modified: geronimo/trunk/applications/console-ear/src/plan/geronimo-application.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-ear/src/plan/geronimo-application.xml?rev=326194&r1=326193&r2=326194&view=diff
==============================================================================
--- geronimo/trunk/applications/console-ear/src/plan/geronimo-application.xml (original)
+++ geronimo/trunk/applications/console-ear/src/plan/geronimo-application.xml Tue Oct 18 11:22:57 2005
@@ -78,19 +78,18 @@
</gbean>
<!-- Keystore configuration -->
- <!-- I think this requires a modified GERONIMO-887 to be applied first -->
-<!-- <gbean gbeanName="geronimo.security:type=KeyStore" class="org.apache.geronimo.console.core.keystore.KeyStoreGBean">-->
-<!-- <attribute name="keyStoreLocation">var/security/ssl-keystore-1</attribute>-->
-<!-- <attribute name="keyStoreType">jks</attribute>-->
-<!-- <attribute name="keyStoreProvider">SUN</attribute>-->
-<!-- <attribute name="keyStorePassword">password</attribute>-->
-<!-- <reference name="serverInfo">-->
-<!-- <application>null</application>-->
-<!-- <moduleType>J2EEModule</moduleType>-->
-<!-- <module>org/apache/geronimo/System</module>-->
-<!-- <type>GBean</type>-->
-<!-- <name>ServerInfo</name>-->
-<!-- </reference>-->
-<!-- </gbean>-->
+ <gbean gbeanName="geronimo.security:type=KeyStore" class="org.apache.geronimo.console.core.keystore.KeyStoreGBean">
+ <attribute name="keyStoreLocation">var/security/ssl-keystore-1</attribute>
+ <attribute name="keyStoreType">jks</attribute>
+ <attribute name="keyStoreProvider">SUN</attribute>
+ <attribute name="keyStorePassword">password</attribute>
+ <reference name="serverInfo">
+ <application>null</application>
+ <moduleType>J2EEModule</moduleType>
+ <module>org/apache/geronimo/System</module>
+ <type>GBean</type>
+ <name>ServerInfo</name>
+ </reference>
+ </gbean>
</application>
Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/CertManagerPortlet.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/CertManagerPortlet.java?rev=326194&view=auto
==============================================================================
--- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/CertManagerPortlet.java (added)
+++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/CertManagerPortlet.java Tue Oct 18 11:22:57 2005
@@ -0,0 +1,152 @@
+/**
+ *
+ * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.geronimo.console.certmanager;
+
+import java.io.IOException;
+import java.util.Enumeration;
+
+import javax.management.ObjectName;
+import javax.portlet.ActionRequest;
+import javax.portlet.ActionResponse;
+import javax.portlet.GenericPortlet;
+import javax.portlet.PortletConfig;
+import javax.portlet.PortletContext;
+import javax.portlet.PortletException;
+import javax.portlet.PortletRequestDispatcher;
+import javax.portlet.RenderRequest;
+import javax.portlet.RenderResponse;
+
+import org.apache.geronimo.console.certmanager.actions.ChangeStorePassword;
+import org.apache.geronimo.console.certmanager.actions.GenerateCSR;
+import org.apache.geronimo.console.certmanager.actions.GenerateKeyPair;
+import org.apache.geronimo.console.certmanager.actions.ImportCAReply;
+import org.apache.geronimo.console.certmanager.actions.ImportTrustedCertificate;
+import org.apache.geronimo.console.certmanager.actions.UploadCertificateFile;
+import org.apache.geronimo.console.certmanager.actions.ViewKeyStore;
+import org.apache.geronimo.console.certmanager.actions.ViewKeyStoreEntryDetail;
+import org.apache.geronimo.console.util.ObjectNameConstants;
+
+public class CertManagerPortlet extends GenericPortlet {
+
+ private PortletContext ctx;
+
+ private ObjectName ksobjname;
+
+ public CertManagerPortlet() {
+ this.ctx = null;
+ }
+
+ public void init(PortletConfig portletConfig) throws PortletException {
+ super.init(portletConfig);
+
+ // iniitialize portlet environment
+ this.ctx = portletConfig.getPortletContext();
+
+ try {
+ this.ksobjname = new ObjectName(
+ ObjectNameConstants.KEYSTORE_OBJ_NAME);
+ } catch (Exception e) {
+ throw new PortletException(e);
+ }
+
+ this.ctx.log("Certificate manager portlet initialized");
+ }
+
+ public ObjectName getKeyStoreObjectName() {
+ return ksobjname;
+ }
+
+ public void processAction(ActionRequest request, ActionResponse response)
+ throws PortletException, IOException {
+
+ String action = request.getParameter("action");
+ ctx.log("process-action: action = " + action);
+
+ if (action == null) {
+ return;
+ }
+
+ // pass 'action' parameter value to render method
+ response.setRenderParameter("action", action);
+
+ if (action.equals("upload-certificate-file")) {
+ UploadCertificateFile.action(this, request, response);
+ } else if (action.equals("import-trusted-certificate")) {
+ ImportTrustedCertificate.action(this, request, response);
+ } else if (action.equals("tools-generate-key-pair")) {
+ GenerateKeyPair.action(this, request, response);
+ } else if (action.equals("tools-change-keystore-password")) {
+ ChangeStorePassword.action(this, request, response);
+ } else if (action.equals("generate-csr")) {
+ GenerateCSR.action(this, request, response);
+ } else if (action.equals("import-ca-reply")) {
+ ImportCAReply.action(this, request, response);
+ } else if (action.equals("save-pkcs7-cert")) {
+ ImportCAReply.action(this, request, response);
+ } else if (action.equals("generate-key-pair")) {
+ GenerateKeyPair.action(this, request, response);
+ }
+ }
+
+ public void doView(RenderRequest request, RenderResponse response)
+ throws PortletException, IOException {
+
+ PortletRequestDispatcher prd = null;
+
+ String action = request.getParameter("action");
+ ctx.log("do-view: action = " + action);
+
+ Enumeration e = request.getParameterNames();
+ while (e.hasMoreElements()) {
+ String pname = (String) e.nextElement();
+ String value = request.getParameter(pname);
+ ctx.log("param-name = " + pname + ", param-value = " + value);
+ }
+
+ if (action == null) {
+ ViewKeyStore.render(this, request, response);
+ } else if (action.equals("tools-import-trusted-certificate")) {
+ ImportTrustedCertificate.render(this, request, response);
+ } else if (action.equals("tools-generate-key-pair")) {
+ GenerateKeyPair.render(this, request, response);
+ } else if (action.equals("tools-change-keystore-password")) {
+ ChangeStorePassword.render(this, request, response);
+ } else if (action.equals("upload-certificate-file")) {
+ UploadCertificateFile.render(this, request, response);
+ } else if (action.equals("import-trusted-certificate")) {
+ ImportTrustedCertificate.render(this, request, response);
+ } else if (action.equals("view-keystore-entry-details")) {
+ ViewKeyStoreEntryDetail.render(this, request, response);
+ } else if (action.equals("generate-csr")) {
+ GenerateCSR.render(this, request, response);
+ } else if (action.equals("import-ca-reply")) {
+ ImportCAReply.render(this, request, response);
+ } else if (action.equals("save-pkcs7-cert")) {
+ ImportCAReply.render(this, request, response);
+ } else if (action.equals("generate-key-pair")) {
+ GenerateKeyPair.render(this, request, response);
+ }
+ }
+
+ public void doHelp(RenderRequest renderRequest,
+ RenderResponse renderResponse) throws PortletException, IOException {
+ PortletRequestDispatcher prd = ctx
+ .getRequestDispatcher("/WEB-INF/view/certmanager/viewKeyStoreHelp.jsp");
+ prd.include(renderRequest, renderResponse);
+ }
+}
Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ChangeStorePassword.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ChangeStorePassword.java?rev=326194&view=auto
==============================================================================
--- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ChangeStorePassword.java (added)
+++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ChangeStorePassword.java Tue Oct 18 11:22:57 2005
@@ -0,0 +1,49 @@
+/**
+ *
+ * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.geronimo.console.certmanager.actions;
+
+import java.io.IOException;
+
+import javax.portlet.ActionRequest;
+import javax.portlet.ActionResponse;
+import javax.portlet.PortletException;
+import javax.portlet.PortletRequestDispatcher;
+import javax.portlet.RenderRequest;
+import javax.portlet.RenderResponse;
+
+import org.apache.geronimo.console.certmanager.CertManagerPortlet;
+
+public class ChangeStorePassword {
+ public static void action(CertManagerPortlet portlet,
+ ActionRequest request, ActionResponse response)
+ throws PortletException, IOException {
+ response.setRenderParameter("action", request.getParameter("action"));
+ }
+
+ public static void render(CertManagerPortlet portlet,
+ RenderRequest request, RenderResponse response)
+ throws PortletException, IOException {
+
+ PortletRequestDispatcher rd = portlet
+ .getPortletContext()
+ .getRequestDispatcher(
+ "/WEB-INF/view/certmanager/changeStorePasswordNormal.jsp");
+
+ rd.include(request, response);
+ }
+}
Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateCSR.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateCSR.java?rev=326194&view=auto
==============================================================================
--- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateCSR.java (added)
+++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateCSR.java Tue Oct 18 11:22:57 2005
@@ -0,0 +1,63 @@
+/**
+ *
+ * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.geronimo.console.certmanager.actions;
+
+import java.io.IOException;
+
+import javax.portlet.ActionRequest;
+import javax.portlet.ActionResponse;
+import javax.portlet.PortletException;
+import javax.portlet.PortletRequestDispatcher;
+import javax.portlet.RenderRequest;
+import javax.portlet.RenderResponse;
+
+import org.apache.geronimo.console.certmanager.CertManagerPortlet;
+import org.apache.geronimo.kernel.KernelRegistry;
+
+public class GenerateCSR {
+ public static void action(CertManagerPortlet portlet,
+ ActionRequest request, ActionResponse response)
+ throws PortletException, IOException {
+ response.setRenderParameter("action", request.getParameter("action"));
+ }
+
+ public static void render(CertManagerPortlet portlet,
+ RenderRequest request, RenderResponse response)
+ throws PortletException, IOException {
+
+ String alias = request.getParameter("alias");
+
+ try {
+ String csr = (String) KernelRegistry.getSingleKernel()
+ .invoke(portlet.getKeyStoreObjectName(), "generateCSR",
+ new Object[] { alias },
+ new String[] { "java.lang.String" });
+
+ request.setAttribute("com.gluecode.se.cert.csr", csr);
+ request.setAttribute("alias", alias);
+ } catch (Exception e) {
+ throw new PortletException(e);
+ }
+
+ PortletRequestDispatcher rd = portlet.getPortletContext()
+ .getRequestDispatcher(
+ "/WEB-INF/view/certmanager/generateCSRNormal.jsp");
+
+ rd.include(request, response);
+ }
+}
Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateKeyPair.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateKeyPair.java?rev=326194&view=auto
==============================================================================
--- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateKeyPair.java (added)
+++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateKeyPair.java Tue Oct 18 11:22:57 2005
@@ -0,0 +1,143 @@
+/**
+ *
+ * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.geronimo.console.certmanager.actions;
+
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.management.ObjectName;
+import javax.portlet.ActionRequest;
+import javax.portlet.ActionResponse;
+import javax.portlet.PortletException;
+import javax.portlet.PortletRequestDispatcher;
+import javax.portlet.RenderRequest;
+import javax.portlet.RenderResponse;
+
+import org.apache.geronimo.console.certmanager.CertManagerPortlet;
+import org.apache.geronimo.kernel.KernelRegistry;
+
+public class GenerateKeyPair {
+ public static void action(CertManagerPortlet portlet,
+ ActionRequest request, ActionResponse response)
+ throws PortletException, IOException {
+ response.setRenderParameter("action", request.getParameter("action"));
+
+ String action = request.getParameter("action");
+
+ if (action == null) {
+ return;
+ }
+
+ if (action.equals("generate-key-pair")) {
+
+ String submit = request.getParameter("submit");
+ String alias = request.getParameter("alias");
+ String keyalg = request.getParameter("keyalg");
+ String keysize = request.getParameter("keysize");
+ String sigalg = request.getParameter("sigalg");
+ String validity = request.getParameter("validity");
+
+ String cn = request.getParameter("cn");
+ String ou = request.getParameter("ou");
+ String o = request.getParameter("o");
+ String l = request.getParameter("l");
+ String st = request.getParameter("st");
+ String c = request.getParameter("c");
+
+ if (submit.equals("cancel")) {
+ return;
+ }
+
+ try {
+ Integer ikeysize = new Integer(Integer.parseInt(keysize));
+ Integer ivalidity = new Integer(Integer.parseInt(validity));
+
+ KernelRegistry.getSingleKernel().invoke(
+ portlet.getKeyStoreObjectName(),
+ "generateKeyPair",
+ new Object[] { alias, keyalg, ikeysize, sigalg,
+ ivalidity, cn, ou, o, l, st, c },
+ new String[] { "java.lang.String", "java.lang.String",
+ "java.lang.Integer", "java.lang.String",
+ "java.lang.Integer", "java.lang.String",
+ "java.lang.String", "java.lang.String",
+ "java.lang.String", "java.lang.String",
+ "java.lang.String" });
+ } catch (Exception ex) {
+ throw new PortletException(ex);
+ }
+ }
+ }
+
+ public static void render(CertManagerPortlet portlet,
+ RenderRequest request, RenderResponse response)
+ throws PortletException, IOException {
+
+ String action = request.getParameter("action");
+
+ PortletRequestDispatcher rd = null;
+
+ if (action.equals("tools-generate-key-pair")) {
+ rd = portlet.getPortletContext().getRequestDispatcher(
+ "/WEB-INF/view/certmanager/generateKeyPairNormal.jsp");
+ } else {
+ try {
+ ObjectName objname = portlet.getKeyStoreObjectName();
+
+ String keyStoreType = (String) KernelRegistry.getSingleKernel()
+ .getAttribute(objname, "keyStoreType");
+ String keyStoreProvider = (String) KernelRegistry
+ .getSingleKernel().getAttribute(objname,
+ "keyStoreProvider");
+ String keyStoreLocation = (String) KernelRegistry
+ .getSingleKernel().getAttribute(objname,
+ "keyStoreLocation");
+
+ request.setAttribute("com.gluecode.se.keystore.type",
+ keyStoreType);
+ request.setAttribute("com.gluecode.se.keystore.provider",
+ keyStoreProvider);
+ request.setAttribute("com.gluecode.se.keystore.location",
+ keyStoreLocation);
+
+ List storelist = (List) KernelRegistry.getSingleKernel()
+ .invoke(objname, "getKeyStoreEntries");
+
+ Iterator iter = storelist.iterator();
+ while (iter.hasNext()) {
+ portlet.getPortletContext().log(
+ "store-item = " + iter.next());
+ }
+
+ request
+ .setAttribute("com.gluecode.se.keystore.list",
+ storelist);
+ request.setAttribute("com.gluecode.se.keystore.size", String
+ .valueOf(storelist.size()));
+ } catch (Exception e) {
+ throw new PortletException(e);
+ }
+
+ rd = portlet.getPortletContext().getRequestDispatcher(
+ "/WEB-INF/view/certmanager/viewKeyStoreNormal.jsp");
+ }
+
+ rd.include(request, response);
+ }
+}
Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportCAReply.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportCAReply.java?rev=326194&view=auto
==============================================================================
--- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportCAReply.java (added)
+++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportCAReply.java Tue Oct 18 11:22:57 2005
@@ -0,0 +1,101 @@
+/**
+ *
+ * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.geronimo.console.certmanager.actions;
+
+import java.io.IOException;
+
+import javax.portlet.ActionRequest;
+import javax.portlet.ActionResponse;
+import javax.portlet.PortletException;
+import javax.portlet.PortletRequestDispatcher;
+import javax.portlet.RenderRequest;
+import javax.portlet.RenderResponse;
+
+import org.apache.geronimo.console.certmanager.CertManagerPortlet;
+import org.apache.geronimo.kernel.KernelRegistry;
+
+public class ImportCAReply {
+ public static void action(CertManagerPortlet portlet,
+ ActionRequest request, ActionResponse response)
+ throws PortletException, IOException {
+
+ // pass 'alias' parameter along
+ String alias = request.getParameter("alias");
+ response.setRenderParameter("alias", alias);
+
+ String action = request.getParameter("action");
+
+ // this should never happen
+ if (action == null) {
+ return;
+ }
+
+ if (action.equals("import-ca-reply")) {
+ return;
+ } else if (action.equals("save-pkcs7-cert")) {
+ String submit = request.getParameter("submit");
+
+ if (submit.equalsIgnoreCase("cancel")) {
+ return;
+ }
+
+ // save pkcs7-encoded certificate
+ String pkcs7cert = request.getParameter("pkcs7cert");
+
+ try {
+ KernelRegistry.getSingleKernel()
+ .invoke(
+ portlet.getKeyStoreObjectName(),
+ "importPKCS7Certificate",
+ new Object[] { alias, pkcs7cert },
+ new String[] { "java.lang.String",
+ "java.lang.String" });
+ } catch (Exception e) {
+ throw new PortletException(e);
+ }
+ }
+ }
+
+ public static void render(CertManagerPortlet portlet,
+ RenderRequest request, RenderResponse response)
+ throws PortletException, IOException {
+
+ String action = request.getParameter("action");
+ String alias = request.getParameter("alias");
+
+ // set alias name
+ request.setAttribute("alias", alias);
+
+ // this should never happen
+ if (action == null) {
+ ViewKeyStoreEntryDetail.render(portlet, request, response);
+ return;
+ }
+
+ if (action.equals("import-ca-reply")) {
+ PortletRequestDispatcher rd = portlet
+ .getPortletContext()
+ .getRequestDispatcher(
+ "/WEB-INF/view/certmanager/importCAReplyNormal.jsp");
+
+ rd.include(request, response);
+ } else if (action.equals("save-pkcs7-cert")) {
+ ViewKeyStoreEntryDetail.render(portlet, request, response);
+ }
+ }
+}
Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportTrustedCertificate.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportTrustedCertificate.java?rev=326194&view=auto
==============================================================================
--- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportTrustedCertificate.java (added)
+++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportTrustedCertificate.java Tue Oct 18 11:22:57 2005
@@ -0,0 +1,90 @@
+/**
+ *
+ * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.geronimo.console.certmanager.actions;
+
+import java.io.IOException;
+import java.net.URLDecoder;
+
+import javax.portlet.ActionRequest;
+import javax.portlet.ActionResponse;
+import javax.portlet.PortletException;
+import javax.portlet.PortletRequestDispatcher;
+import javax.portlet.RenderRequest;
+import javax.portlet.RenderResponse;
+
+import org.apache.geronimo.console.certmanager.CertManagerPortlet;
+import org.apache.geronimo.kernel.KernelRegistry;
+
+public class ImportTrustedCertificate {
+ public static void action(CertManagerPortlet portlet,
+ ActionRequest request, ActionResponse response)
+ throws PortletException, IOException {
+
+ String action = request.getParameter("action");
+
+ if (action == null) {
+ return;
+ }
+
+ // nothing to do
+ if (action.equals("tools-generate-trusted-certificate")) {
+ return;
+ }
+
+ String submit = request.getParameter("submit");
+
+ if (submit.equalsIgnoreCase("cancel")) {
+ return;
+ }
+
+ String certfileEnc = request
+ .getParameter("com.gluecode.se.cert.file.enc");
+ String alias = request.getParameter("alias");
+
+ // decode certificate file name
+ String certfile = URLDecoder.decode(certfileEnc, "UTF-8");
+
+ // import certificate into the key store
+ try {
+ KernelRegistry.getSingleKernel().invoke(
+ portlet.getKeyStoreObjectName(),
+ "importTrustedX509Certificate",
+ new Object[] { alias, certfile },
+ new String[] { "java.lang.String", "java.lang.String" });
+ } catch (Exception ex) {
+ throw new PortletException(ex);
+ }
+ }
+
+ public static void render(CertManagerPortlet portlet,
+ RenderRequest request, RenderResponse response)
+ throws PortletException, IOException {
+ PortletRequestDispatcher rd = null;
+
+ String action = request.getParameter("action");
+
+ if (action.equals("tools-import-trusted-certificate")) {
+ rd = portlet.getPortletContext().getRequestDispatcher(
+ "/WEB-INF/view/certmanager/importTrustedCertNormal.jsp");
+
+ rd.include(request, response);
+ } else {
+ ViewKeyStore.render(portlet, request, response);
+ }
+ }
+}
Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/UploadCertificateFile.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/UploadCertificateFile.java?rev=326194&view=auto
==============================================================================
--- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/UploadCertificateFile.java (added)
+++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/UploadCertificateFile.java Tue Oct 18 11:22:57 2005
@@ -0,0 +1,142 @@
+/**
+ *
+ * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.geronimo.console.certmanager.actions;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URLDecoder;
+import java.net.URLEncoder;
+import java.security.cert.CertificateFactory;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.portlet.ActionRequest;
+import javax.portlet.ActionResponse;
+import javax.portlet.PortletException;
+import javax.portlet.PortletRequestDispatcher;
+import javax.portlet.RenderRequest;
+import javax.portlet.RenderResponse;
+
+import org.apache.commons.fileupload.FileItem;
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.fileupload.disk.DiskFileItemFactory;
+import org.apache.commons.fileupload.portlet.PortletFileUpload;
+import org.apache.geronimo.console.certmanager.CertManagerPortlet;
+
+public class UploadCertificateFile {
+
+ public static void action(CertManagerPortlet portlet,
+ ActionRequest request, ActionResponse response)
+ throws PortletException, IOException {
+ if (!PortletFileUpload.isMultipartContent(request)) {
+ throw new PortletException("Expected file upload");
+ }
+
+ File rootDir = new File(System.getProperty("java.io.tmpdir"));
+ PortletFileUpload uploader = new PortletFileUpload(
+ new DiskFileItemFactory(10240, rootDir));
+ File certFile = null;
+
+ try {
+ List items = uploader.parseRequest(request);
+ for (Iterator i = items.iterator(); i.hasNext();) {
+ FileItem item = (FileItem) i.next();
+ if (!item.isFormField()) {
+ String name = item.getName().trim();
+
+ if (name.length() == 0) {
+ certFile = null;
+ } else {
+ // Firefox sends basename, IE sends full path
+ int index = name.lastIndexOf('\\');
+ if (index != -1) {
+ name = name.substring(index + 1);
+ }
+ certFile = new File(rootDir, name);
+ }
+
+ if (certFile != null) {
+ try {
+ item.write(certFile);
+ } catch (Exception e) {
+ throw new PortletException(e);
+ }
+ }
+ }
+ }
+ } catch (FileUploadException e) {
+ throw new PortletException(e);
+ }
+
+ // pass certificate file name along
+ String certFileName = certFile.getCanonicalPath();
+ String enc = URLEncoder.encode(certFileName, "UTF-8");
+
+ portlet.getPortletContext().log("cert-file-name: " + certFileName);
+ portlet.getPortletContext().log("enc: " + enc);
+
+ response.setRenderParameter("com.gluecode.se.cert.file.enc", enc);
+ response.setRenderParameter("action", request.getParameter("action"));
+ }
+
+ public static void render(CertManagerPortlet portlet,
+ RenderRequest request, RenderResponse response)
+ throws PortletException, IOException {
+
+ String encodedCertFileName = request
+ .getParameter("com.gluecode.se.cert.file.enc");
+ String certFileName = URLDecoder.decode(encodedCertFileName, "UTF-8");
+ portlet.getPortletContext().log("cert file: " + certFileName);
+
+ Collection certs = null;
+ InputStream is = null;
+
+ if (certFileName != null) {
+ File certFile = new File(certFileName);
+ try {
+ is = new FileInputStream(certFile);
+
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ certs = cf.generateCertificates(is);
+ } catch (Exception e) {
+ throw new PortletException(e);
+ } finally {
+ try {
+ if (is != null) {
+ is.close();
+ }
+ } catch (Exception e) {
+ }
+ }
+
+ request.setAttribute("com.gluecode.se.certs", certs);
+ request.setAttribute("com.gluecode.se.cert.file.enc",
+ encodedCertFileName);
+ }
+
+ PortletRequestDispatcher prd = null;
+
+ prd = portlet.getPortletContext().getRequestDispatcher(
+ "/WEB-INF/view/certmanager/importTrustedCertNormal.jsp");
+
+ prd.include(request, response);
+ }
+}
Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStore.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStore.java?rev=326194&view=auto
==============================================================================
--- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStore.java (added)
+++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStore.java Tue Oct 18 11:22:57 2005
@@ -0,0 +1,83 @@
+/**
+ *
+ * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.geronimo.console.certmanager.actions;
+
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.management.ObjectName;
+import javax.portlet.ActionRequest;
+import javax.portlet.ActionResponse;
+import javax.portlet.PortletException;
+import javax.portlet.PortletRequestDispatcher;
+import javax.portlet.RenderRequest;
+import javax.portlet.RenderResponse;
+
+import org.apache.geronimo.console.certmanager.CertManagerPortlet;
+import org.apache.geronimo.kernel.KernelRegistry;
+
+public class ViewKeyStore {
+ public static void action(CertManagerPortlet portlet,
+ ActionRequest request, ActionResponse response)
+ throws PortletException, Exception {
+ response.setRenderParameter("action", request.getParameter("action"));
+ }
+
+ public static void render(CertManagerPortlet portlet,
+ RenderRequest request, RenderResponse response)
+ throws PortletException, IOException {
+
+ PortletRequestDispatcher rd = null;
+
+ try {
+ ObjectName objname = portlet.getKeyStoreObjectName();
+
+ String keyStoreType = (String) KernelRegistry.getSingleKernel()
+ .getAttribute(objname, "keyStoreType");
+ String keyStoreProvider = (String) KernelRegistry.getSingleKernel()
+ .getAttribute(objname, "keyStoreProvider");
+ String keyStoreLocation = (String) KernelRegistry.getSingleKernel()
+ .getAttribute(objname, "keyStoreLocation");
+
+ request.setAttribute("com.gluecode.se.keystore.type", keyStoreType);
+ request.setAttribute("com.gluecode.se.keystore.provider",
+ keyStoreProvider);
+ request.setAttribute("com.gluecode.se.keystore.location",
+ keyStoreLocation);
+
+ List storelist = (List) KernelRegistry.getSingleKernel().invoke(
+ objname, "getKeyStoreEntries");
+
+ Iterator iter = storelist.iterator();
+ while (iter.hasNext()) {
+ portlet.getPortletContext().log("store-item = " + iter.next());
+ }
+
+ request.setAttribute("com.gluecode.se.keystore.list", storelist);
+ request.setAttribute("com.gluecode.se.keystore.size", String
+ .valueOf(storelist.size()));
+ } catch (Exception e) {
+ throw new PortletException(e);
+ }
+
+ rd = portlet.getPortletContext().getRequestDispatcher(
+ "/WEB-INF/view/certmanager/viewKeyStoreNormal.jsp");
+ rd.include(request, response);
+ }
+}
Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStoreEntryDetail.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStoreEntryDetail.java?rev=326194&view=auto
==============================================================================
--- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStoreEntryDetail.java (added)
+++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStoreEntryDetail.java Tue Oct 18 11:22:57 2005
@@ -0,0 +1,79 @@
+/**
+ *
+ * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.geronimo.console.certmanager.actions;
+
+import java.io.IOException;
+import java.security.cert.Certificate;
+
+import javax.management.ObjectName;
+import javax.portlet.PortletException;
+import javax.portlet.PortletRequestDispatcher;
+import javax.portlet.RenderRequest;
+import javax.portlet.RenderResponse;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.geronimo.console.certmanager.CertManagerPortlet;
+import org.apache.geronimo.console.core.keystore.KeyEntryInfo;
+import org.apache.geronimo.console.core.keystore.KeyStoreGBean;
+import org.apache.geronimo.kernel.KernelRegistry;
+
+public class ViewKeyStoreEntryDetail {
+
+ private static Log log = LogFactory.getLog(ViewKeyStoreEntryDetail.class);
+
+ public static void render(CertManagerPortlet portlet,
+ RenderRequest request, RenderResponse response)
+ throws PortletException, IOException {
+
+ String alias = request.getParameter("alias");
+
+ portlet.getPortletContext().log(
+ "view-key-store-entry-detail: key-store-alias = " + alias);
+
+ try {
+ // entry info
+ ObjectName objname = new ObjectName(
+ KeyStoreGBean.KEY_STORE_OBJ_NAME);
+ KeyEntryInfo kinfo = (KeyEntryInfo) KernelRegistry
+ .getSingleKernel().invoke(objname, "getKeyEntryInfo",
+ new Object[] { alias },
+ new String[] { "java.lang.String" });
+
+ request.setAttribute("com.gluecode.se.keystore.entry.info", kinfo);
+
+ // get keystore certificate chain by the alias
+ Certificate[] chain = (Certificate[]) KernelRegistry
+ .getSingleKernel().invoke(objname, "getCertificateChain",
+ new Object[] { alias },
+ new String[] { "java.lang.String" });
+
+ // set attributes
+ request.setAttribute("com.gluecode.se.certs", chain);
+ } catch (Exception e) {
+ throw new PortletException(e);
+ }
+
+ // display entry detail
+ PortletRequestDispatcher rd = portlet.getPortletContext()
+ .getRequestDispatcher(
+ "/WEB-INF/view/certmanager/viewCertificateNormal.jsp");
+
+ rd.include(request, response);
+ }
+}
Modified: geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/web.xml?rev=326194&r1=326193&r2=326194&view=diff
==============================================================================
--- geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/web.xml (original)
+++ geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/web.xml Tue Oct 18 11:22:57 2005
@@ -80,7 +80,7 @@
<servlet-class>org.apache.pluto.core.PortletServlet</servlet-class>
<init-param>
<param-name>portlet-class</param-name>
- <param-value>org.apache.geronimo.console.EmptyPortlet</param-value>
+ <param-value>org.apache.geronimo.console.certmanager.CertManagerPortlet</param-value>
</init-param>
<init-param>
<param-name>portlet-guid</param-name>
Modified: geronimo/trunk/modules/assembly/src/plan/webconsole-jetty-plan.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/webconsole-jetty-plan.xml?rev=326194&r1=326193&r2=326194&view=diff
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/webconsole-jetty-plan.xml (original)
+++ geronimo/trunk/modules/assembly/src/plan/webconsole-jetty-plan.xml Tue Oct 18 11:22:57 2005
@@ -62,25 +62,24 @@
<gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/System,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbean-name>
</reference>
<reference name="LoginModule">
-<!-- <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Server,J2EEServer=geronimo,j2eeType=LoginModule,name=properties-login</gbean-name>-->
+ <!-- <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Server,J2EEServer=geronimo,j2eeType=LoginModule,name=properties-login</gbean-name>-->
<gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Security,J2EEServer=geronimo,j2eeType=LoginModule,name=properties-login</gbean-name>
</reference>
</gbean>
<!-- Keystore configuration -->
- <!-- I think this requires a modified GERONIMO-887 to be applied first -->
-<!-- <gbean gbeanName="geronimo.security:type=KeyStore" class="org.apache.geronimo.console.core.keystore.KeyStoreGBean">-->
-<!-- <attribute name="keyStoreLocation">var/security/ssl-keystore-1</attribute>-->
-<!-- <attribute name="keyStoreType">jks</attribute>-->
-<!-- <attribute name="keyStoreProvider">SUN</attribute>-->
-<!-- <attribute name="keyStorePassword">password</attribute>-->
-<!-- <reference name="serverInfo">-->
-<!-- <application>null</application>-->
-<!-- <moduleType>J2EEModule</moduleType>-->
-<!-- <module>org/apache/geronimo/System</module>-->
-<!-- <type>GBean</type>-->
-<!-- <name>ServerInfo</name>-->
-<!-- </reference>-->
-<!-- </gbean>-->
+ <gbean gbeanName="geronimo.security:type=KeyStore" class="org.apache.geronimo.console.core.keystore.KeyStoreGBean">
+ <attribute name="keyStoreLocation">var/security/ssl-keystore-1</attribute>
+ <attribute name="keyStoreType">jks</attribute>
+ <attribute name="keyStoreProvider">SUN</attribute>
+ <attribute name="keyStorePassword">password</attribute>
+ <reference name="serverInfo">
+ <application>null</application>
+ <moduleType>J2EEModule</moduleType>
+ <module>org/apache/geronimo/System</module>
+ <type>GBean</type>
+ <name>ServerInfo</name>
+ </reference>
+ </gbean>
</application>
Modified: geronimo/trunk/modules/assembly/src/plan/webconsole-tomcat-plan.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/webconsole-tomcat-plan.xml?rev=326194&r1=326193&r2=326194&view=diff
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/webconsole-tomcat-plan.xml (original)
+++ geronimo/trunk/modules/assembly/src/plan/webconsole-tomcat-plan.xml Tue Oct 18 11:22:57 2005
@@ -70,19 +70,18 @@
</gbean>
<!-- Keystore configuration -->
- <!-- I think this requires a modified GERONIMO-887 to be applied first -->
- <!-- <gbean gbeanName="geronimo.security:type=KeyStore" class="org.apache.geronimo.console.core.keystore.KeyStoreGBean">-->
- <!-- <attribute name="keyStoreLocation">var/security/ssl-keystore-1</attribute>-->
- <!-- <attribute name="keyStoreType">jks</attribute>-->
- <!-- <attribute name="keyStoreProvider">SUN</attribute>-->
- <!-- <attribute name="keyStorePassword">password</attribute>-->
- <!-- <reference name="serverInfo">-->
- <!-- <application>null</application>-->
- <!-- <moduleType>J2EEModule</moduleType>-->
- <!-- <module>org/apache/geronimo/System</module>-->
- <!-- <type>GBean</type>-->
- <!-- <name>ServerInfo</name>-->
- <!-- </reference>-->
- <!-- </gbean>-->
+ <gbean gbeanName="geronimo.security:type=KeyStore" class="org.apache.geronimo.console.core.keystore.KeyStoreGBean">
+ <attribute name="keyStoreLocation">var/security/ssl-keystore-1</attribute>
+ <attribute name="keyStoreType">jks</attribute>
+ <attribute name="keyStoreProvider">SUN</attribute>
+ <attribute name="keyStorePassword">password</attribute>
+ <reference name="serverInfo">
+ <application>null</application>
+ <moduleType>J2EEModule</moduleType>
+ <module>org/apache/geronimo/System</module>
+ <type>GBean</type>
+ <name>ServerInfo</name>
+ </reference>
+ </gbean>
</application>