001 /** 002 * 003 * Licensed to the Apache Software Foundation (ASF) under one or more 004 * contributor license agreements. See the NOTICE file distributed with 005 * this work for additional information regarding copyright ownership. 006 * The ASF licenses this file to You under the Apache License, Version 2.0 007 * (the "License"); you may not use this file except in compliance with 008 * the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018 package org.apache.geronimo.console.ca; 019 020 import java.io.IOException; 021 import java.math.BigInteger; 022 import java.net.URI; 023 import java.text.DateFormat; 024 import java.text.SimpleDateFormat; 025 import java.util.Date; 026 027 import javax.portlet.ActionRequest; 028 import javax.portlet.ActionResponse; 029 import javax.portlet.PortletException; 030 import javax.portlet.PortletRequest; 031 import javax.portlet.RenderRequest; 032 import javax.portlet.RenderResponse; 033 034 import org.apache.commons.logging.Log; 035 import org.apache.commons.logging.LogFactory; 036 import org.apache.geronimo.console.MultiPageModel; 037 import org.apache.geronimo.console.util.PortletManager; 038 import org.apache.geronimo.gbean.AbstractName; 039 import org.apache.geronimo.gbean.GBeanData; 040 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory; 041 import org.apache.geronimo.kernel.Naming; 042 import org.apache.geronimo.kernel.proxy.GeronimoManagedBean; 043 import org.apache.geronimo.kernel.repository.Artifact; 044 import org.apache.geronimo.management.geronimo.CertificationAuthority; 045 import org.apache.geronimo.management.geronimo.KeystoreInstance; 046 import org.apache.geronimo.security.ca.FileCertificateRequestStore; 047 import org.apache.geronimo.security.ca.FileCertificateStore; 048 import org.apache.geronimo.security.ca.GeronimoCertificationAuthority; 049 import org.apache.geronimo.system.serverinfo.ServerInfo; 050 import org.apache.geronimo.crypto.KeystoreUtil; 051 052 /** 053 * Handler for the CA confirmation screen. 054 * 055 * @version $Rev: 706640 $ $Date: 2008-10-21 14:44:05 +0000 (Tue, 21 Oct 2008) $ 056 */ 057 public class ConfirmCAHandler extends BaseCAHandler { 058 private final static Log log = LogFactory.getLog(ConfirmCAHandler.class); 059 public ConfirmCAHandler() { 060 super(CONFIRM_CA_MODE, "/WEB-INF/view/ca/confirmCA.jsp"); 061 } 062 063 public String actionBeforeView(ActionRequest request, ActionResponse response, MultiPageModel model) throws PortletException, IOException { 064 String[] params = {ERROR_MSG, INFO_MSG, "caCN", "caOU", "caO", "caL", "caST", "caC", "alias", "keyAlgorithm", "keySize", "algorithm", "validFrom", "validTo", "sNo", "password"}; 065 for(int i = 0; i < params.length; ++i) { 066 String value = request.getParameter(params[i]); 067 if(value != null) response.setRenderParameter(params[i], value); 068 } 069 return getMode(); 070 } 071 072 public void renderView(RenderRequest request, RenderResponse response, MultiPageModel model) throws PortletException, IOException { 073 String[] params = {ERROR_MSG, INFO_MSG, "caCN", "caOU", "caO", "caL", "caST", "caC", "alias", "keyAlgorithm", "keySize", "algorithm", "validFrom", "validTo", "sNo", "password"}; 074 for(int i = 0; i < params.length; ++i) { 075 String value = request.getParameter(params[i]); 076 if(value != null) request.setAttribute(params[i], value); 077 } 078 } 079 080 public String actionAfterView(ActionRequest request, ActionResponse response, MultiPageModel model) throws PortletException, IOException { 081 String caCN = request.getParameter("caCN"); 082 String caOU = request.getParameter("caOU"); 083 String caO = request.getParameter("caO"); 084 String caL = request.getParameter("caL"); 085 String caST = request.getParameter("caST"); 086 String caC = request.getParameter("caC"); 087 String alias = request.getParameter("alias"); 088 String password = request.getParameter("password"); 089 String keyAlgorithm = request.getParameter("keyAlgorithm"); 090 String keySize = request.getParameter("keySize"); 091 String algorithm = request.getParameter("algorithm"); 092 String validFrom = request.getParameter("validFrom"); 093 String validTo = request.getParameter("validTo"); 094 String sNo = request.getParameter("sNo"); 095 String errorMsg = null; 096 097 try { 098 // Generate keypair 099 // Check if the key algorithm is same as defaultKeyAlgorithm (which is "RSA") 100 if(!defaultKeyAlgorithm.equalsIgnoreCase(keyAlgorithm)) { 101 throw new Exception("Key Algorithm '"+keyAlgorithm+"' is not supported."); 102 } 103 // Create a KeystoreInstance and generate keypair 104 KeystoreInstance caKeystore = createCAKeystoreInstance(request, password, KeystoreUtil.defaultType); 105 caKeystore.unlockKeystore(password.toCharArray()); 106 caKeystore.generateKeyPair(alias, password.toCharArray(), password.toCharArray(), keyAlgorithm, Integer.parseInt(keySize), 107 algorithm, 365, caCN, caOU, caO, caL, caST, caC); 108 caKeystore.unlockPrivateKey(alias, password.toCharArray(), password.toCharArray()); 109 110 // Create CertificationAuthority, CertificateStore and CertificateRequestStore GBeans 111 createCARelatedGBeans(request, (GeronimoManagedBean)caKeystore, defaultCAStoreDir, defaultCSRStoreDir); 112 113 CertificationAuthority ca = getCertificationAuthority(request); 114 ca.unlock(password.toCharArray()); 115 116 // Certificate validity and serial number. 117 // Validity of these have been checked before loading the confirmation page. 118 Date validFromDate = null, validToDate = null; 119 DateFormat df = new SimpleDateFormat("MM/dd/yyyy"); 120 validFromDate = df.parse(validFrom); 121 validToDate = df.parse(validTo); 122 BigInteger serialNum = new BigInteger(sNo); 123 124 // Instruct the CA to issue a self-signed certificate. 125 ca.issueOwnCertificate(serialNum, validFromDate, validToDate, algorithm); 126 // Publish the CA's certificate to CertificateStore. 127 getCertificateStore(request).storeCACertificate(ca.getCertificate()); 128 129 // CA Setup is succeessful. 130 // Load a page to show CA details. 131 response.setRenderParameter(INFO_MSG, "CA Setup is successful!"); 132 log.info("CA Setup is successful."); 133 134 return CADETAILS_MODE+BEFORE_ACTION; 135 } catch(Exception e) { 136 errorMsg = e.toString(); 137 log.error("Errors in CA Setup process.", e); 138 } 139 140 // An error occurred. Go back to CA details entry page so that user can correct the errors. 141 if(errorMsg != null) response.setRenderParameter(ERROR_MSG, errorMsg); 142 return SETUPCA_MODE+BEFORE_ACTION; 143 } 144 145 /** 146 * This method creates CerificationAuthority, CertificateStore and CertificateRequestStore GBeans. The GBeans are 147 * created and added to the same configuration containing the caKeystore GBean. 148 * @param request PortletRequest to execute any kernel api's 149 * @param caKeystore Keystore to be used by the CA 150 * @param certStorePath Path for CertificateStore directory. Note: This CA uses FileCertificateStore 151 * @param certReqStorePath Path for CertificateRequestStore directory: Note: This CA uses FileCertificateRequestStore 152 */ 153 private void createCARelatedGBeans(PortletRequest request, GeronimoManagedBean caKeystore, String certStorePath, String certReqStorePath) { 154 // Get hold of configuration containing caKeystore GBean 155 AbstractName caKeystoreName = PortletManager.getNameFor(request, caKeystore); 156 Artifact configurationId = PortletManager.getConfigurationFor(request, caKeystoreName); 157 ServerInfo serverInfo = PortletManager.getCurrentServer(request).getServerInfo(); 158 AbstractName serverInfoName = PortletManager.getNameFor(request, serverInfo); 159 Naming naming = PortletManager.getManagementHelper(request).getNaming(); 160 161 // Add a CertificateStore GBean 162 AbstractName certStoreName = naming.createSiblingName(caKeystoreName, "geronimo-ca-cert-store", NameFactory.CERTIFICATE_STORE); 163 GBeanData certStore = new GBeanData(certStoreName, FileCertificateStore.GBEAN_INFO); 164 certStore.setAttribute("directoryPath", URI.create(certStorePath)); 165 certStore.setReferencePattern("ServerInfo", serverInfoName); 166 PortletManager.addGBeanToConfiguration(request, configurationId, certStore, true); 167 168 // Add a CertificateRequestStore GBean 169 AbstractName certReqStoreName = naming.createSiblingName(caKeystoreName, "geronimo-ca-cert-req-store", NameFactory.CERTIFICATE_REQUEST_STORE); 170 GBeanData certReqStore = new GBeanData(certReqStoreName, FileCertificateRequestStore.GBEAN_INFO); 171 certReqStore.setAttribute("directoryPath", URI.create(certReqStorePath)); 172 certReqStore.setReferencePattern("ServerInfo", serverInfoName); 173 PortletManager.addGBeanToConfiguration(request, configurationId, certReqStore, true); 174 175 // Add a CertificationAuthority GBean 176 AbstractName caName = naming.createSiblingName(caKeystoreName, "geronimo-ca", NameFactory.CERTIFICATION_AUTHORITY); 177 GBeanData ca = new GBeanData(caName, GeronimoCertificationAuthority.GBEAN_INFO); 178 ca.setReferencePattern("ServerInfo", serverInfoName); 179 ca.setReferencePattern("KeystoreInstance", caKeystoreName); 180 ca.setReferencePattern("CertificateStore", certStoreName); 181 ca.setReferencePattern("CertificateRequestStore", certReqStoreName); 182 PortletManager.addGBeanToConfiguration(request, configurationId, ca, true); 183 } 184 }