"com.gluecode.se.certs" :)
On 10/18/05, djencks@apache.org <djencks@apache.org> wrote:
> Author: djencks
> Date: Tue Oct 18 11:22:57 2005
> New Revision: 326194
>
> URL: http://svn.apache.org/viewcvs?rev=326194&view=rev
> Log:
> GERONIMO-887 keystore portlet
>
> Added:
> geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/
> geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyEntryInfo.java
> geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyStoreGBean.java
> geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/
> geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/CertManagerPortlet.java
> geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/
> geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ChangeStorePassword.java
> geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateCSR.java
> geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateKeyPair.java
> geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportCAReply.java
> geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportTrustedCertificate.java
> geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/UploadCertificateFile.java
> geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStore.java
> geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStoreEntryDetail.java
> Modified:
> geronimo/trunk/applications/console-core/project.xml
> geronimo/trunk/applications/console-ear/src/plan/geronimo-application.xml
> geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/web.xml
> geronimo/trunk/modules/assembly/src/plan/webconsole-jetty-plan.xml
> geronimo/trunk/modules/assembly/src/plan/webconsole-tomcat-plan.xml
>
> Modified: geronimo/trunk/applications/console-core/project.xml
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-core/project.xml?rev=326194&r1=326193&r2=326194&view=diff
> ==============================================================================
> --- geronimo/trunk/applications/console-core/project.xml (original)
> +++ geronimo/trunk/applications/console-core/project.xml Tue Oct 18 11:22:57 2005
> @@ -69,6 +69,13 @@
> <artifactId>geronimo-system</artifactId>
> <version>${pom.currentVersion}</version>
> </dependency>
> + <!-- Keystore dependency -->
> + <dependency>
> + <groupId>geronimo</groupId>
> + <artifactId>geronimo-util</artifactId>
> + <version>${pom.currentVersion}</version>
> + </dependency>
> +
> <dependency>
> <groupId>commons-logging</groupId>
> <artifactId>commons-logging</artifactId>
> @@ -104,12 +111,6 @@
> <version>${mx4j_version}</version>
> </dependency>
>
> - <!-- Keystore dependency -->
> - <dependency>
> - <groupId>geronimo</groupId>
> - <artifactId>geronimo-util</artifactId>
> - <version>${pom.currentVersion}</version>
> - </dependency>
> </dependencies>
>
> <build>
>
> Added: geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyEntryInfo.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyEntryInfo.java?rev=326194&view=auto
> ==============================================================================
> --- geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyEntryInfo.java (added)
> +++ geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyEntryInfo.java Tue Oct 18 11:22:57 2005
> @@ -0,0 +1,58 @@
> +/**
> + *
> + * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.console.core.keystore;
> +
> +import java.util.Date;
> +
> +public class KeyEntryInfo {
> + public static final String TRUSTED_CERT_TYPE = "trusted certificate";
> +
> + public static final String PRIVATE_KEY_TYPE = "private key";
> +
> + private String alias;
> +
> + private String type;
> +
> + private Date created;
> +
> + public KeyEntryInfo(String alias, String type, Date created) {
> + this.alias = alias;
> + this.type = type;
> + this.created = created;
> + }
> +
> + public String getAlias() {
> + return this.alias;
> + }
> +
> + public String getType() {
> + return this.type;
> + }
> +
> + public Date getCreated() {
> + return this.created;
> + }
> +
> + public boolean isTrustedCertificate() {
> + return type.equals(TRUSTED_CERT_TYPE);
> + }
> +
> + public boolean isPrivateKey() {
> + return type.equals(PRIVATE_KEY_TYPE);
> + }
> +}
>
> Added: geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyStoreGBean.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyStoreGBean.java?rev=326194&view=auto
> ==============================================================================
> --- geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyStoreGBean.java (added)
> +++ geronimo/trunk/applications/console-core/src/java/org/apache/geronimo/console/core/keystore/KeyStoreGBean.java Tue Oct 18 11:22:57 2005
> @@ -0,0 +1,506 @@
> +/**
> + *
> + * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.console.core.keystore;
> +
> +import java.io.ByteArrayInputStream;
> +import java.io.ByteArrayOutputStream;
> +import java.io.FileInputStream;
> +import java.io.FileOutputStream;
> +import java.io.InputStream;
> +import java.math.BigInteger;
> +import java.security.KeyPair;
> +import java.security.KeyPairGenerator;
> +import java.security.KeyStore;
> +import java.security.KeyStoreException;
> +import java.security.PrivateKey;
> +import java.security.PublicKey;
> +import java.security.Security;
> +import java.security.cert.Certificate;
> +import java.security.cert.CertificateFactory;
> +import java.security.cert.X509Certificate;
> +import java.util.ArrayList;
> +import java.util.Collection;
> +import java.util.Date;
> +import java.util.Enumeration;
> +import java.util.Hashtable;
> +import java.util.Iterator;
> +import java.util.List;
> +import java.util.Vector;
> +
> +import org.apache.commons.logging.Log;
> +import org.apache.commons.logging.LogFactory;
> +import org.apache.geronimo.gbean.GBeanInfo;
> +import org.apache.geronimo.gbean.GBeanInfoBuilder;
> +import org.apache.geronimo.gbean.GBeanLifecycle;
> +import org.apache.geronimo.gbean.WaitingException;
> +import org.apache.geronimo.system.serverinfo.ServerInfo;
> +/*
> +import org.bouncycastle.asn1.ASN1Set;
> +import org.bouncycastle.asn1.DEROutputStream;
> +import org.bouncycastle.asn1.x509.X509Name;
> +import org.bouncycastle.jce.PKCS10CertificationRequest;
> +import org.bouncycastle.jce.X509Principal;
> +import org.bouncycastle.jce.X509V1CertificateGenerator;
> +import org.bouncycastle.jce.provider.BouncyCastleProvider;
> +import org.bouncycastle.util.encoders.Base64;
> +*/
> +import org.apache.geronimo.util.asn1.ASN1Set;
> +import org.apache.geronimo.util.asn1.DEROutputStream;
> +import org.apache.geronimo.util.asn1.x509.X509Name;
> +import org.apache.geronimo.util.jce.PKCS10CertificationRequest;
> +import org.apache.geronimo.util.jce.X509Principal;
> +import org.apache.geronimo.util.jce.X509V1CertificateGenerator;
> +import org.apache.geronimo.util.encoders.Base64;
> +
> +public class KeyStoreGBean implements GBeanLifecycle {
> + public static final String KEY_STORE_OBJ_NAME = "geronimo.security:type=KeyStore";
> +
> + private static Log log = LogFactory.getLog(KeyStoreGBean.class);
> +
> + private String keyStoreType;
> +
> + private String keyStoreProvider;
> +
> + private String keyStoreLocation;
> +
> + private String keyStorePassword;
> +
> + private String keyPassword;
> +
> + private KeyStore keystore;
> +
> + // Used to resolve keystore path.
> + private ServerInfo serverInfo;
> +
> + public KeyStoreGBean() {
> + keyPassword = new String("");
> + }
> +
> + public void doStart() throws WaitingException, Exception {
> +
> + //Security.addProvider(new BouncyCastleProvider());
> +
> + this.keystore = KeyStore.getInstance(keyStoreType);
> +
> + boolean keystoreExistsFlag = true;
> + InputStream is = null;
> +
> + try {
> + log.info("loading keystore from "
> + + serverInfo.resolvePath(this.keyStoreLocation));
> + is = new java.io.FileInputStream(serverInfo
> + .resolvePath(this.keyStoreLocation));
> + this.keystore.load(is, this.keyStorePassword.toCharArray());
> + } catch (java.io.FileNotFoundException e) {
> + keystoreExistsFlag = false;
> + } finally {
> + try {
> + if (is != null) {
> + is.close();
> + }
> + } catch (Exception e) {
> + }
> + }
> +
> + if (keystoreExistsFlag == false) {
> + keystore.load(null, keyStorePassword.toCharArray());
> + }
> + }
> +
> + public void doStop() throws WaitingException, Exception {
> + }
> +
> + public void doFail() {
> + }
> +
> + public static final GBeanInfo GBEAN_INFO;
> +
> + static {
> + GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(KeyStoreGBean.class);
> +
> + infoFactory.addAttribute("keyStoreType", String.class, true);
> + infoFactory.addAttribute("keyStoreProvider", String.class, true);
> + infoFactory.addAttribute("keyStoreLocation", String.class, true);
> + infoFactory.addAttribute("keyStorePassword", String.class, true);
> +
> + infoFactory.addReference("serverInfo", ServerInfo.class);
> +
> + infoFactory.addOperation("getKeyEntryInfo",
> + new Class[] { String.class });
> + infoFactory.addOperation("getKeyStoreSize");
> + infoFactory.addOperation("getKeyStoreEntries");
> + infoFactory.addOperation("getCertificateChain",
> + new Class[] { String.class });
> + infoFactory.addOperation("generateCSR", new Class[] { String.class });
> +
> + infoFactory.addOperation("generateKeyPair", new Class[] { String.class,
> + String.class, Integer.class, String.class, Integer.class,
> + String.class, String.class, String.class, String.class,
> + String.class, String.class });
> +
> + infoFactory.addOperation("importTrustedX509Certificate", new Class[] {
> + String.class, String.class });
> + infoFactory.addOperation("importPKCS7Certificate", new Class[] {
> + String.class, String.class });
> +
> + GBEAN_INFO = infoFactory.getBeanInfo();
> + }
> +
> + public static GBeanInfo getGBeanInfo() {
> + return GBEAN_INFO;
> + }
> +
> + public void setKeyStoreType(String keyStoreType) {
> + this.keyStoreType = keyStoreType;
> + }
> +
> + public String getKeyStoreType() {
> + return this.keyStoreType;
> + }
> +
> + public void setKeyStoreProvider(String keyStoreProvider) {
> + this.keyStoreProvider = keyStoreProvider;
> + }
> +
> + public String getKeyStoreProvider() {
> + return this.keyStoreProvider;
> + }
> +
> + public void setKeyStoreLocation(String keyStoreLocation) {
> + this.keyStoreLocation = keyStoreLocation;
> + }
> +
> + public ServerInfo getServerInfo() {
> + return serverInfo;
> + }
> +
> + public void setServerInfo(ServerInfo serverInfo) {
> + this.serverInfo = serverInfo;
> + }
> +
> + public String getKeyStoreLocation() {
> + return this.keyStoreLocation;
> + }
> +
> + public void setKeyStorePassword(String keyStorePassword) {
> + this.keyStorePassword = keyStorePassword;
> + }
> +
> + public String getKeyStorePassword() {
> + return this.keyStorePassword;
> + }
> +
> + public int getKeyStoreSize() throws KeyStoreException {
> + return this.keystore.size();
> + }
> +
> + public KeyEntryInfo getKeyEntryInfo(String alias) throws KeyStoreException {
> + KeyEntryInfo info = null;
> +
> + if (this.keystore.isCertificateEntry(alias)) {
> + // certificate entry
> + info = new KeyEntryInfo(alias, "trusted certificate", keystore
> + .getCreationDate(alias));
> + } else if (this.keystore.isKeyEntry(alias)) {
> + // private key entry
> + info = new KeyEntryInfo(alias, "private key", keystore
> + .getCreationDate(alias));
> + } else {
> + throw new KeyStoreException("invalid key entry type");
> + }
> + return info;
> + }
> +
> + public List getKeyStoreEntries() throws KeyStoreException {
> + List list = new ArrayList();
> +
> + Enumeration aliases = this.keystore.aliases();
> +
> + while (aliases.hasMoreElements()) {
> + String alias = (String) aliases.nextElement();
> + list.add(getKeyEntryInfo(alias));
> + }
> + return list;
> + }
> +
> + public Certificate[] getCertificateChain(String alias)
> + throws KeyStoreException {
> + Certificate[] certs = null;
> +
> + if (keystore.isCertificateEntry(alias)) {
> + Certificate cert = keystore.getCertificate(alias);
> + certs = new Certificate[1];
> + certs[0] = cert;
> + } else if (keystore.isKeyEntry(alias)) {
> + certs = keystore.getCertificateChain(alias);
> + } else if (keystore.containsAlias(alias)) {
> + throw new KeyStoreException("Unsupported key-store-entry, alias = "
> + + alias);
> + } else {
> + throw new KeyStoreException(
> + "Key-store-entry alias not found, alias = " + alias);
> + }
> +
> + return certs;
> + }
> +
> + public String generateCSR(String alias) throws Exception {
> +
> + // find certificate by alias
> + X509Certificate cert = (X509Certificate) keystore.getCertificate(alias);
> +
> + // find private key by alias
> + PrivateKey key = (PrivateKey) keystore.getKey(alias, new String("")
> + .toCharArray());
> +
> + // generate csr
> + String csr = generateCSR(cert, key);
> + return csr;
> + }
> +
> + public String generateCSR(X509Certificate cert, PrivateKey signingKey)
> + throws Exception {
> +
> + String sigalg = cert.getSigAlgName();
> + X509Name subject = new X509Name(cert.getSubjectDN().toString());
> + PublicKey publicKey = cert.getPublicKey();
> + ASN1Set attributes = null;
> +
> + PKCS10CertificationRequest csr = new PKCS10CertificationRequest(sigalg,
> + subject, publicKey, attributes, signingKey);
> +
> + if (!csr.verify()) {
> + throw new KeyStoreException("CSR verification failed");
> + }
> +
> + ByteArrayOutputStream os = new ByteArrayOutputStream();
> + DEROutputStream deros = new DEROutputStream(os);
> + deros.writeObject(csr.getDERObject());
> + String b64 = new String(Base64.encode(os.toByteArray()));
> +
> + final String BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----";
> + final String END_CERT_REQ = "-----END CERTIFICATE REQUEST-----";
> + final int CERT_REQ_LINE_LENGTH = 70;
> +
> + StringBuffer sbuf = new StringBuffer(BEGIN_CERT_REQ).append('\n');
> +
> + int idx = 0;
> + while (idx < b64.length()) {
> +
> + int len = (idx + CERT_REQ_LINE_LENGTH > b64.length()) ? b64
> + .length()
> + - idx : CERT_REQ_LINE_LENGTH;
> +
> + String chunk = b64.substring(idx, idx + len);
> +
> + sbuf.append(chunk).append('\n');
> + idx += len;
> + }
> +
> + sbuf.append(END_CERT_REQ);
> + return sbuf.toString();
> + }
> +
> + public void generateKeyPair(String alias, String keyalg, Integer keysize,
> + String sigalg, Integer validity, String cn, String ou, String o,
> + String l, String st, String c)
> + throws java.security.NoSuchAlgorithmException,
> + java.security.KeyStoreException, java.security.SignatureException,
> + java.security.InvalidKeyException,
> + java.security.cert.CertificateException, java.io.IOException {
> +
> + KeyPairGenerator kpgen = KeyPairGenerator.getInstance(keyalg);
> +
> + kpgen.initialize(keysize.intValue());
> +
> + KeyPair keyPair = kpgen.generateKeyPair();
> +
> + X509Certificate cert = generateCert(keyPair.getPublic(), keyPair
> + .getPrivate(), sigalg, validity.intValue(), cn, ou, o, l, st, c);
> +
> + keystore.setKeyEntry(alias, keyPair.getPrivate(), new String()
> + .toCharArray(), new Certificate[] { cert });
> +
> + saveKeyStore();
> + }
> +
> + public void saveKeyStore() throws java.io.IOException,
> + java.security.KeyStoreException,
> + java.security.cert.CertificateException,
> + java.security.NoSuchAlgorithmException {
> +
> + FileOutputStream os = null;
> +
> + try {
> + os = new FileOutputStream(serverInfo
> + .resolvePath(this.keyStoreLocation));
> +
> + keystore.store(os, keyStorePassword.toCharArray());
> + } finally {
> + if (os != null) {
> + try {
> + os.close();
> + } catch (Exception ex) {
> + }
> + }
> + }
> + }
> +
> + public X509Certificate generateCert(PublicKey publicKey,
> + PrivateKey privateKey, String sigalg, int validity, String cn,
> + String ou, String o, String l, String st, String c)
> + throws java.security.SignatureException,
> + java.security.InvalidKeyException {
> + X509V1CertificateGenerator certgen = new X509V1CertificateGenerator();
> +
> + // issuer dn
> + Vector order = new Vector();
> + Hashtable attrmap = new Hashtable();
> +
> + if (cn != null) {
> + attrmap.put(X509Principal.CN, cn);
> + order.add(X509Principal.CN);
> + }
> +
> + if (ou != null) {
> + attrmap.put(X509Principal.OU, ou);
> + order.add(X509Principal.OU);
> + }
> +
> + if (o != null) {
> + attrmap.put(X509Principal.O, o);
> + order.add(X509Principal.O);
> + }
> +
> + if (l != null) {
> + attrmap.put(X509Principal.L, l);
> + order.add(X509Principal.L);
> + }
> +
> + if (st != null) {
> + attrmap.put(X509Principal.ST, st);
> + order.add(X509Principal.ST);
> + }
> +
> + if (c != null) {
> + attrmap.put(X509Principal.C, c);
> + order.add(X509Principal.C);
> + }
> +
> + X509Principal issuerDN = new X509Principal(order, attrmap);
> + certgen.setIssuerDN(issuerDN);
> +
> + // validity
> + long curr = System.currentTimeMillis();
> + long untill = curr + (long) validity * 24 * 60 * 60 * 1000;
> +
> + certgen.setNotBefore(new Date(curr));
> + certgen.setNotAfter(new Date(untill));
> +
> + // subject dn
> + certgen.setSubjectDN(issuerDN);
> +
> + // public key
> + certgen.setPublicKey(publicKey);
> +
> + // signature alg
> + certgen.setSignatureAlgorithm(sigalg);
> +
> + // serial number
> + certgen.setSerialNumber(new BigInteger(String.valueOf(curr)));
> +
> + // make certificate
> + X509Certificate cert = certgen.generateX509Certificate(privateKey);
> + return cert;
> + }
> +
> + public void importTrustedX509Certificate(String alias, String certfile)
> + throws java.io.FileNotFoundException,
> + java.security.cert.CertificateException,
> + java.security.KeyStoreException, java.io.IOException,
> + java.security.NoSuchAlgorithmException,
> + java.security.NoSuchProviderException {
> + InputStream is = null;
> +
> + try {
> + CertificateFactory cf = CertificateFactory.getInstance("X.509",
> + keyStoreProvider);
> +
> + is = new FileInputStream(certfile);
> + Certificate cert = cf.generateCertificate(is);
> +
> + keystore.setCertificateEntry(alias, cert);
> +
> + saveKeyStore();
> + } finally {
> + if (is != null) {
> + try {
> + is.close();
> + } catch (Exception e) {
> + }
> + }
> + }
> + }
> +
> + public void importPKCS7Certificate(String alias, String certbuf)
> + throws java.security.cert.CertificateException,
> + java.security.NoSuchProviderException,
> + java.security.KeyStoreException,
> + java.security.NoSuchAlgorithmException,
> + java.security.UnrecoverableKeyException, java.io.IOException {
> +
> + InputStream is = null;
> +
> + try {
> + is = new ByteArrayInputStream(certbuf.getBytes());
> + importPKCS7Certificate(alias, is);
> + } finally {
> + if (is != null) {
> + try {
> + is.close();
> + } catch (Exception e) {
> + }
> + }
> + }
> + }
> +
> + public void importPKCS7Certificate(String alias, InputStream is)
> + throws java.security.cert.CertificateException,
> + java.security.NoSuchProviderException,
> + java.security.KeyStoreException,
> + java.security.NoSuchAlgorithmException,
> + java.security.UnrecoverableKeyException, java.io.IOException {
> +
> + CertificateFactory cf = CertificateFactory.getInstance("X.509",
> + keyStoreProvider);
> + Collection certcoll = cf.generateCertificates(is);
> +
> + Certificate[] chain = new Certificate[certcoll.size()];
> +
> + Iterator iter = certcoll.iterator();
> + for (int i = 0; iter.hasNext(); i++) {
> + chain[i] = (Certificate) iter.next();
> + }
> +
> + char[] password = keyPassword.toCharArray();
> + keystore.setKeyEntry(alias, keystore.getKey(alias, password), password,
> + chain);
> +
> + saveKeyStore();
> + }
> +}
>
> Modified: geronimo/trunk/applications/console-ear/src/plan/geronimo-application.xml
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-ear/src/plan/geronimo-application.xml?rev=326194&r1=326193&r2=326194&view=diff
> ==============================================================================
> --- geronimo/trunk/applications/console-ear/src/plan/geronimo-application.xml (original)
> +++ geronimo/trunk/applications/console-ear/src/plan/geronimo-application.xml Tue Oct 18 11:22:57 2005
> @@ -78,19 +78,18 @@
> </gbean>
>
> <!-- Keystore configuration -->
> - <!-- I think this requires a modified GERONIMO-887 to be applied first -->
> -<!-- <gbean gbeanName="geronimo.security:type=KeyStore" class="org.apache.geronimo.console.core.keystore.KeyStoreGBean">-->
> -<!-- <attribute name="keyStoreLocation">var/security/ssl-keystore-1</attribute>-->
> -<!-- <attribute name="keyStoreType">jks</attribute>-->
> -<!-- <attribute name="keyStoreProvider">SUN</attribute>-->
> -<!-- <attribute name="keyStorePassword">password</attribute>-->
> -<!-- <reference name="serverInfo">-->
> -<!-- <application>null</application>-->
> -<!-- <moduleType>J2EEModule</moduleType>-->
> -<!-- <module>org/apache/geronimo/System</module>-->
> -<!-- <type>GBean</type>-->
> -<!-- <name>ServerInfo</name>-->
> -<!-- </reference>-->
> -<!-- </gbean>-->
> + <gbean gbeanName="geronimo.security:type=KeyStore" class="org.apache.geronimo.console.core.keystore.KeyStoreGBean">
> + <attribute name="keyStoreLocation">var/security/ssl-keystore-1</attribute>
> + <attribute name="keyStoreType">jks</attribute>
> + <attribute name="keyStoreProvider">SUN</attribute>
> + <attribute name="keyStorePassword">password</attribute>
> + <reference name="serverInfo">
> + <application>null</application>
> + <moduleType>J2EEModule</moduleType>
> + <module>org/apache/geronimo/System</module>
> + <type>GBean</type>
> + <name>ServerInfo</name>
> + </reference>
> + </gbean>
>
> </application>
>
> Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/CertManagerPortlet.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/CertManagerPortlet.java?rev=326194&view=auto
> ==============================================================================
> --- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/CertManagerPortlet.java (added)
> +++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/CertManagerPortlet.java Tue Oct 18 11:22:57 2005
> @@ -0,0 +1,152 @@
> +/**
> + *
> + * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.console.certmanager;
> +
> +import java.io.IOException;
> +import java.util.Enumeration;
> +
> +import javax.management.ObjectName;
> +import javax.portlet.ActionRequest;
> +import javax.portlet.ActionResponse;
> +import javax.portlet.GenericPortlet;
> +import javax.portlet.PortletConfig;
> +import javax.portlet.PortletContext;
> +import javax.portlet.PortletException;
> +import javax.portlet.PortletRequestDispatcher;
> +import javax.portlet.RenderRequest;
> +import javax.portlet.RenderResponse;
> +
> +import org.apache.geronimo.console.certmanager.actions.ChangeStorePassword;
> +import org.apache.geronimo.console.certmanager.actions.GenerateCSR;
> +import org.apache.geronimo.console.certmanager.actions.GenerateKeyPair;
> +import org.apache.geronimo.console.certmanager.actions.ImportCAReply;
> +import org.apache.geronimo.console.certmanager.actions.ImportTrustedCertificate;
> +import org.apache.geronimo.console.certmanager.actions.UploadCertificateFile;
> +import org.apache.geronimo.console.certmanager.actions.ViewKeyStore;
> +import org.apache.geronimo.console.certmanager.actions.ViewKeyStoreEntryDetail;
> +import org.apache.geronimo.console.util.ObjectNameConstants;
> +
> +public class CertManagerPortlet extends GenericPortlet {
> +
> + private PortletContext ctx;
> +
> + private ObjectName ksobjname;
> +
> + public CertManagerPortlet() {
> + this.ctx = null;
> + }
> +
> + public void init(PortletConfig portletConfig) throws PortletException {
> + super.init(portletConfig);
> +
> + // iniitialize portlet environment
> + this.ctx = portletConfig.getPortletContext();
> +
> + try {
> + this.ksobjname = new ObjectName(
> + ObjectNameConstants.KEYSTORE_OBJ_NAME);
> + } catch (Exception e) {
> + throw new PortletException(e);
> + }
> +
> + this.ctx.log("Certificate manager portlet initialized");
> + }
> +
> + public ObjectName getKeyStoreObjectName() {
> + return ksobjname;
> + }
> +
> + public void processAction(ActionRequest request, ActionResponse response)
> + throws PortletException, IOException {
> +
> + String action = request.getParameter("action");
> + ctx.log("process-action: action = " + action);
> +
> + if (action == null) {
> + return;
> + }
> +
> + // pass 'action' parameter value to render method
> + response.setRenderParameter("action", action);
> +
> + if (action.equals("upload-certificate-file")) {
> + UploadCertificateFile.action(this, request, response);
> + } else if (action.equals("import-trusted-certificate")) {
> + ImportTrustedCertificate.action(this, request, response);
> + } else if (action.equals("tools-generate-key-pair")) {
> + GenerateKeyPair.action(this, request, response);
> + } else if (action.equals("tools-change-keystore-password")) {
> + ChangeStorePassword.action(this, request, response);
> + } else if (action.equals("generate-csr")) {
> + GenerateCSR.action(this, request, response);
> + } else if (action.equals("import-ca-reply")) {
> + ImportCAReply.action(this, request, response);
> + } else if (action.equals("save-pkcs7-cert")) {
> + ImportCAReply.action(this, request, response);
> + } else if (action.equals("generate-key-pair")) {
> + GenerateKeyPair.action(this, request, response);
> + }
> + }
> +
> + public void doView(RenderRequest request, RenderResponse response)
> + throws PortletException, IOException {
> +
> + PortletRequestDispatcher prd = null;
> +
> + String action = request.getParameter("action");
> + ctx.log("do-view: action = " + action);
> +
> + Enumeration e = request.getParameterNames();
> + while (e.hasMoreElements()) {
> + String pname = (String) e.nextElement();
> + String value = request.getParameter(pname);
> + ctx.log("param-name = " + pname + ", param-value = " + value);
> + }
> +
> + if (action == null) {
> + ViewKeyStore.render(this, request, response);
> + } else if (action.equals("tools-import-trusted-certificate")) {
> + ImportTrustedCertificate.render(this, request, response);
> + } else if (action.equals("tools-generate-key-pair")) {
> + GenerateKeyPair.render(this, request, response);
> + } else if (action.equals("tools-change-keystore-password")) {
> + ChangeStorePassword.render(this, request, response);
> + } else if (action.equals("upload-certificate-file")) {
> + UploadCertificateFile.render(this, request, response);
> + } else if (action.equals("import-trusted-certificate")) {
> + ImportTrustedCertificate.render(this, request, response);
> + } else if (action.equals("view-keystore-entry-details")) {
> + ViewKeyStoreEntryDetail.render(this, request, response);
> + } else if (action.equals("generate-csr")) {
> + GenerateCSR.render(this, request, response);
> + } else if (action.equals("import-ca-reply")) {
> + ImportCAReply.render(this, request, response);
> + } else if (action.equals("save-pkcs7-cert")) {
> + ImportCAReply.render(this, request, response);
> + } else if (action.equals("generate-key-pair")) {
> + GenerateKeyPair.render(this, request, response);
> + }
> + }
> +
> + public void doHelp(RenderRequest renderRequest,
> + RenderResponse renderResponse) throws PortletException, IOException {
> + PortletRequestDispatcher prd = ctx
> + .getRequestDispatcher("/WEB-INF/view/certmanager/viewKeyStoreHelp.jsp");
> + prd.include(renderRequest, renderResponse);
> + }
> +}
>
> Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ChangeStorePassword.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ChangeStorePassword.java?rev=326194&view=auto
> ==============================================================================
> --- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ChangeStorePassword.java (added)
> +++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ChangeStorePassword.java Tue Oct 18 11:22:57 2005
> @@ -0,0 +1,49 @@
> +/**
> + *
> + * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.console.certmanager.actions;
> +
> +import java.io.IOException;
> +
> +import javax.portlet.ActionRequest;
> +import javax.portlet.ActionResponse;
> +import javax.portlet.PortletException;
> +import javax.portlet.PortletRequestDispatcher;
> +import javax.portlet.RenderRequest;
> +import javax.portlet.RenderResponse;
> +
> +import org.apache.geronimo.console.certmanager.CertManagerPortlet;
> +
> +public class ChangeStorePassword {
> + public static void action(CertManagerPortlet portlet,
> + ActionRequest request, ActionResponse response)
> + throws PortletException, IOException {
> + response.setRenderParameter("action", request.getParameter("action"));
> + }
> +
> + public static void render(CertManagerPortlet portlet,
> + RenderRequest request, RenderResponse response)
> + throws PortletException, IOException {
> +
> + PortletRequestDispatcher rd = portlet
> + .getPortletContext()
> + .getRequestDispatcher(
> + "/WEB-INF/view/certmanager/changeStorePasswordNormal.jsp");
> +
> + rd.include(request, response);
> + }
> +}
>
> Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateCSR.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateCSR.java?rev=326194&view=auto
> ==============================================================================
> --- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateCSR.java (added)
> +++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateCSR.java Tue Oct 18 11:22:57 2005
> @@ -0,0 +1,63 @@
> +/**
> + *
> + * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.console.certmanager.actions;
> +
> +import java.io.IOException;
> +
> +import javax.portlet.ActionRequest;
> +import javax.portlet.ActionResponse;
> +import javax.portlet.PortletException;
> +import javax.portlet.PortletRequestDispatcher;
> +import javax.portlet.RenderRequest;
> +import javax.portlet.RenderResponse;
> +
> +import org.apache.geronimo.console.certmanager.CertManagerPortlet;
> +import org.apache.geronimo.kernel.KernelRegistry;
> +
> +public class GenerateCSR {
> + public static void action(CertManagerPortlet portlet,
> + ActionRequest request, ActionResponse response)
> + throws PortletException, IOException {
> + response.setRenderParameter("action", request.getParameter("action"));
> + }
> +
> + public static void render(CertManagerPortlet portlet,
> + RenderRequest request, RenderResponse response)
> + throws PortletException, IOException {
> +
> + String alias = request.getParameter("alias");
> +
> + try {
> + String csr = (String) KernelRegistry.getSingleKernel()
> + .invoke(portlet.getKeyStoreObjectName(), "generateCSR",
> + new Object[] { alias },
> + new String[] { "java.lang.String" });
> +
> + request.setAttribute("com.gluecode.se.cert.csr", csr);
> + request.setAttribute("alias", alias);
> + } catch (Exception e) {
> + throw new PortletException(e);
> + }
> +
> + PortletRequestDispatcher rd = portlet.getPortletContext()
> + .getRequestDispatcher(
> + "/WEB-INF/view/certmanager/generateCSRNormal.jsp");
> +
> + rd.include(request, response);
> + }
> +}
>
> Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateKeyPair.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateKeyPair.java?rev=326194&view=auto
> ==============================================================================
> --- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateKeyPair.java (added)
> +++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/GenerateKeyPair.java Tue Oct 18 11:22:57 2005
> @@ -0,0 +1,143 @@
> +/**
> + *
> + * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.console.certmanager.actions;
> +
> +import java.io.IOException;
> +import java.util.Iterator;
> +import java.util.List;
> +
> +import javax.management.ObjectName;
> +import javax.portlet.ActionRequest;
> +import javax.portlet.ActionResponse;
> +import javax.portlet.PortletException;
> +import javax.portlet.PortletRequestDispatcher;
> +import javax.portlet.RenderRequest;
> +import javax.portlet.RenderResponse;
> +
> +import org.apache.geronimo.console.certmanager.CertManagerPortlet;
> +import org.apache.geronimo.kernel.KernelRegistry;
> +
> +public class GenerateKeyPair {
> + public static void action(CertManagerPortlet portlet,
> + ActionRequest request, ActionResponse response)
> + throws PortletException, IOException {
> + response.setRenderParameter("action", request.getParameter("action"));
> +
> + String action = request.getParameter("action");
> +
> + if (action == null) {
> + return;
> + }
> +
> + if (action.equals("generate-key-pair")) {
> +
> + String submit = request.getParameter("submit");
> + String alias = request.getParameter("alias");
> + String keyalg = request.getParameter("keyalg");
> + String keysize = request.getParameter("keysize");
> + String sigalg = request.getParameter("sigalg");
> + String validity = request.getParameter("validity");
> +
> + String cn = request.getParameter("cn");
> + String ou = request.getParameter("ou");
> + String o = request.getParameter("o");
> + String l = request.getParameter("l");
> + String st = request.getParameter("st");
> + String c = request.getParameter("c");
> +
> + if (submit.equals("cancel")) {
> + return;
> + }
> +
> + try {
> + Integer ikeysize = new Integer(Integer.parseInt(keysize));
> + Integer ivalidity = new Integer(Integer.parseInt(validity));
> +
> + KernelRegistry.getSingleKernel().invoke(
> + portlet.getKeyStoreObjectName(),
> + "generateKeyPair",
> + new Object[] { alias, keyalg, ikeysize, sigalg,
> + ivalidity, cn, ou, o, l, st, c },
> + new String[] { "java.lang.String", "java.lang.String",
> + "java.lang.Integer", "java.lang.String",
> + "java.lang.Integer", "java.lang.String",
> + "java.lang.String", "java.lang.String",
> + "java.lang.String", "java.lang.String",
> + "java.lang.String" });
> + } catch (Exception ex) {
> + throw new PortletException(ex);
> + }
> + }
> + }
> +
> + public static void render(CertManagerPortlet portlet,
> + RenderRequest request, RenderResponse response)
> + throws PortletException, IOException {
> +
> + String action = request.getParameter("action");
> +
> + PortletRequestDispatcher rd = null;
> +
> + if (action.equals("tools-generate-key-pair")) {
> + rd = portlet.getPortletContext().getRequestDispatcher(
> + "/WEB-INF/view/certmanager/generateKeyPairNormal.jsp");
> + } else {
> + try {
> + ObjectName objname = portlet.getKeyStoreObjectName();
> +
> + String keyStoreType = (String) KernelRegistry.getSingleKernel()
> + .getAttribute(objname, "keyStoreType");
> + String keyStoreProvider = (String) KernelRegistry
> + .getSingleKernel().getAttribute(objname,
> + "keyStoreProvider");
> + String keyStoreLocation = (String) KernelRegistry
> + .getSingleKernel().getAttribute(objname,
> + "keyStoreLocation");
> +
> + request.setAttribute("com.gluecode.se.keystore.type",
> + keyStoreType);
> + request.setAttribute("com.gluecode.se.keystore.provider",
> + keyStoreProvider);
> + request.setAttribute("com.gluecode.se.keystore.location",
> + keyStoreLocation);
> +
> + List storelist = (List) KernelRegistry.getSingleKernel()
> + .invoke(objname, "getKeyStoreEntries");
> +
> + Iterator iter = storelist.iterator();
> + while (iter.hasNext()) {
> + portlet.getPortletContext().log(
> + "store-item = " + iter.next());
> + }
> +
> + request
> + .setAttribute("com.gluecode.se.keystore.list",
> + storelist);
> + request.setAttribute("com.gluecode.se.keystore.size", String
> + .valueOf(storelist.size()));
> + } catch (Exception e) {
> + throw new PortletException(e);
> + }
> +
> + rd = portlet.getPortletContext().getRequestDispatcher(
> + "/WEB-INF/view/certmanager/viewKeyStoreNormal.jsp");
> + }
> +
> + rd.include(request, response);
> + }
> +}
>
> Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportCAReply.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportCAReply.java?rev=326194&view=auto
> ==============================================================================
> --- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportCAReply.java (added)
> +++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportCAReply.java Tue Oct 18 11:22:57 2005
> @@ -0,0 +1,101 @@
> +/**
> + *
> + * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.console.certmanager.actions;
> +
> +import java.io.IOException;
> +
> +import javax.portlet.ActionRequest;
> +import javax.portlet.ActionResponse;
> +import javax.portlet.PortletException;
> +import javax.portlet.PortletRequestDispatcher;
> +import javax.portlet.RenderRequest;
> +import javax.portlet.RenderResponse;
> +
> +import org.apache.geronimo.console.certmanager.CertManagerPortlet;
> +import org.apache.geronimo.kernel.KernelRegistry;
> +
> +public class ImportCAReply {
> + public static void action(CertManagerPortlet portlet,
> + ActionRequest request, ActionResponse response)
> + throws PortletException, IOException {
> +
> + // pass 'alias' parameter along
> + String alias = request.getParameter("alias");
> + response.setRenderParameter("alias", alias);
> +
> + String action = request.getParameter("action");
> +
> + // this should never happen
> + if (action == null) {
> + return;
> + }
> +
> + if (action.equals("import-ca-reply")) {
> + return;
> + } else if (action.equals("save-pkcs7-cert")) {
> + String submit = request.getParameter("submit");
> +
> + if (submit.equalsIgnoreCase("cancel")) {
> + return;
> + }
> +
> + // save pkcs7-encoded certificate
> + String pkcs7cert = request.getParameter("pkcs7cert");
> +
> + try {
> + KernelRegistry.getSingleKernel()
> + .invoke(
> + portlet.getKeyStoreObjectName(),
> + "importPKCS7Certificate",
> + new Object[] { alias, pkcs7cert },
> + new String[] { "java.lang.String",
> + "java.lang.String" });
> + } catch (Exception e) {
> + throw new PortletException(e);
> + }
> + }
> + }
> +
> + public static void render(CertManagerPortlet portlet,
> + RenderRequest request, RenderResponse response)
> + throws PortletException, IOException {
> +
> + String action = request.getParameter("action");
> + String alias = request.getParameter("alias");
> +
> + // set alias name
> + request.setAttribute("alias", alias);
> +
> + // this should never happen
> + if (action == null) {
> + ViewKeyStoreEntryDetail.render(portlet, request, response);
> + return;
> + }
> +
> + if (action.equals("import-ca-reply")) {
> + PortletRequestDispatcher rd = portlet
> + .getPortletContext()
> + .getRequestDispatcher(
> + "/WEB-INF/view/certmanager/importCAReplyNormal.jsp");
> +
> + rd.include(request, response);
> + } else if (action.equals("save-pkcs7-cert")) {
> + ViewKeyStoreEntryDetail.render(portlet, request, response);
> + }
> + }
> +}
>
> Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportTrustedCertificate.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportTrustedCertificate.java?rev=326194&view=auto
> ==============================================================================
> --- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportTrustedCertificate.java (added)
> +++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ImportTrustedCertificate.java Tue Oct 18 11:22:57 2005
> @@ -0,0 +1,90 @@
> +/**
> + *
> + * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.console.certmanager.actions;
> +
> +import java.io.IOException;
> +import java.net.URLDecoder;
> +
> +import javax.portlet.ActionRequest;
> +import javax.portlet.ActionResponse;
> +import javax.portlet.PortletException;
> +import javax.portlet.PortletRequestDispatcher;
> +import javax.portlet.RenderRequest;
> +import javax.portlet.RenderResponse;
> +
> +import org.apache.geronimo.console.certmanager.CertManagerPortlet;
> +import org.apache.geronimo.kernel.KernelRegistry;
> +
> +public class ImportTrustedCertificate {
> + public static void action(CertManagerPortlet portlet,
> + ActionRequest request, ActionResponse response)
> + throws PortletException, IOException {
> +
> + String action = request.getParameter("action");
> +
> + if (action == null) {
> + return;
> + }
> +
> + // nothing to do
> + if (action.equals("tools-generate-trusted-certificate")) {
> + return;
> + }
> +
> + String submit = request.getParameter("submit");
> +
> + if (submit.equalsIgnoreCase("cancel")) {
> + return;
> + }
> +
> + String certfileEnc = request
> + .getParameter("com.gluecode.se.cert.file.enc");
> + String alias = request.getParameter("alias");
> +
> + // decode certificate file name
> + String certfile = URLDecoder.decode(certfileEnc, "UTF-8");
> +
> + // import certificate into the key store
> + try {
> + KernelRegistry.getSingleKernel().invoke(
> + portlet.getKeyStoreObjectName(),
> + "importTrustedX509Certificate",
> + new Object[] { alias, certfile },
> + new String[] { "java.lang.String", "java.lang.String" });
> + } catch (Exception ex) {
> + throw new PortletException(ex);
> + }
> + }
> +
> + public static void render(CertManagerPortlet portlet,
> + RenderRequest request, RenderResponse response)
> + throws PortletException, IOException {
> + PortletRequestDispatcher rd = null;
> +
> + String action = request.getParameter("action");
> +
> + if (action.equals("tools-import-trusted-certificate")) {
> + rd = portlet.getPortletContext().getRequestDispatcher(
> + "/WEB-INF/view/certmanager/importTrustedCertNormal.jsp");
> +
> + rd.include(request, response);
> + } else {
> + ViewKeyStore.render(portlet, request, response);
> + }
> + }
> +}
>
> Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/UploadCertificateFile.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/UploadCertificateFile.java?rev=326194&view=auto
> ==============================================================================
> --- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/UploadCertificateFile.java (added)
> +++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/UploadCertificateFile.java Tue Oct 18 11:22:57 2005
> @@ -0,0 +1,142 @@
> +/**
> + *
> + * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.console.certmanager.actions;
> +
> +import java.io.File;
> +import java.io.FileInputStream;
> +import java.io.IOException;
> +import java.io.InputStream;
> +import java.net.URLDecoder;
> +import java.net.URLEncoder;
> +import java.security.cert.CertificateFactory;
> +import java.util.Collection;
> +import java.util.Iterator;
> +import java.util.List;
> +
> +import javax.portlet.ActionRequest;
> +import javax.portlet.ActionResponse;
> +import javax.portlet.PortletException;
> +import javax.portlet.PortletRequestDispatcher;
> +import javax.portlet.RenderRequest;
> +import javax.portlet.RenderResponse;
> +
> +import org.apache.commons.fileupload.FileItem;
> +import org.apache.commons.fileupload.FileUploadException;
> +import org.apache.commons.fileupload.disk.DiskFileItemFactory;
> +import org.apache.commons.fileupload.portlet.PortletFileUpload;
> +import org.apache.geronimo.console.certmanager.CertManagerPortlet;
> +
> +public class UploadCertificateFile {
> +
> + public static void action(CertManagerPortlet portlet,
> + ActionRequest request, ActionResponse response)
> + throws PortletException, IOException {
> + if (!PortletFileUpload.isMultipartContent(request)) {
> + throw new PortletException("Expected file upload");
> + }
> +
> + File rootDir = new File(System.getProperty("java.io.tmpdir"));
> + PortletFileUpload uploader = new PortletFileUpload(
> + new DiskFileItemFactory(10240, rootDir));
> + File certFile = null;
> +
> + try {
> + List items = uploader.parseRequest(request);
> + for (Iterator i = items.iterator(); i.hasNext();) {
> + FileItem item = (FileItem) i.next();
> + if (!item.isFormField()) {
> + String name = item.getName().trim();
> +
> + if (name.length() == 0) {
> + certFile = null;
> + } else {
> + // Firefox sends basename, IE sends full path
> + int index = name.lastIndexOf('\\');
> + if (index != -1) {
> + name = name.substring(index + 1);
> + }
> + certFile = new File(rootDir, name);
> + }
> +
> + if (certFile != null) {
> + try {
> + item.write(certFile);
> + } catch (Exception e) {
> + throw new PortletException(e);
> + }
> + }
> + }
> + }
> + } catch (FileUploadException e) {
> + throw new PortletException(e);
> + }
> +
> + // pass certificate file name along
> + String certFileName = certFile.getCanonicalPath();
> + String enc = URLEncoder.encode(certFileName, "UTF-8");
> +
> + portlet.getPortletContext().log("cert-file-name: " + certFileName);
> + portlet.getPortletContext().log("enc: " + enc);
> +
> + response.setRenderParameter("com.gluecode.se.cert.file.enc", enc);
> + response.setRenderParameter("action", request.getParameter("action"));
> + }
> +
> + public static void render(CertManagerPortlet portlet,
> + RenderRequest request, RenderResponse response)
> + throws PortletException, IOException {
> +
> + String encodedCertFileName = request
> + .getParameter("com.gluecode.se.cert.file.enc");
> + String certFileName = URLDecoder.decode(encodedCertFileName, "UTF-8");
> + portlet.getPortletContext().log("cert file: " + certFileName);
> +
> + Collection certs = null;
> + InputStream is = null;
> +
> + if (certFileName != null) {
> + File certFile = new File(certFileName);
> + try {
> + is = new FileInputStream(certFile);
> +
> + CertificateFactory cf = CertificateFactory.getInstance("X.509");
> + certs = cf.generateCertificates(is);
> + } catch (Exception e) {
> + throw new PortletException(e);
> + } finally {
> + try {
> + if (is != null) {
> + is.close();
> + }
> + } catch (Exception e) {
> + }
> + }
> +
> + request.setAttribute("com.gluecode.se.certs", certs);
> + request.setAttribute("com.gluecode.se.cert.file.enc",
> + encodedCertFileName);
> + }
> +
> + PortletRequestDispatcher prd = null;
> +
> + prd = portlet.getPortletContext().getRequestDispatcher(
> + "/WEB-INF/view/certmanager/importTrustedCertNormal.jsp");
> +
> + prd.include(request, response);
> + }
> +}
>
> Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStore.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStore.java?rev=326194&view=auto
> ==============================================================================
> --- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStore.java (added)
> +++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStore.java Tue Oct 18 11:22:57 2005
> @@ -0,0 +1,83 @@
> +/**
> + *
> + * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.console.certmanager.actions;
> +
> +import java.io.IOException;
> +import java.util.Iterator;
> +import java.util.List;
> +
> +import javax.management.ObjectName;
> +import javax.portlet.ActionRequest;
> +import javax.portlet.ActionResponse;
> +import javax.portlet.PortletException;
> +import javax.portlet.PortletRequestDispatcher;
> +import javax.portlet.RenderRequest;
> +import javax.portlet.RenderResponse;
> +
> +import org.apache.geronimo.console.certmanager.CertManagerPortlet;
> +import org.apache.geronimo.kernel.KernelRegistry;
> +
> +public class ViewKeyStore {
> + public static void action(CertManagerPortlet portlet,
> + ActionRequest request, ActionResponse response)
> + throws PortletException, Exception {
> + response.setRenderParameter("action", request.getParameter("action"));
> + }
> +
> + public static void render(CertManagerPortlet portlet,
> + RenderRequest request, RenderResponse response)
> + throws PortletException, IOException {
> +
> + PortletRequestDispatcher rd = null;
> +
> + try {
> + ObjectName objname = portlet.getKeyStoreObjectName();
> +
> + String keyStoreType = (String) KernelRegistry.getSingleKernel()
> + .getAttribute(objname, "keyStoreType");
> + String keyStoreProvider = (String) KernelRegistry.getSingleKernel()
> + .getAttribute(objname, "keyStoreProvider");
> + String keyStoreLocation = (String) KernelRegistry.getSingleKernel()
> + .getAttribute(objname, "keyStoreLocation");
> +
> + request.setAttribute("com.gluecode.se.keystore.type", keyStoreType);
> + request.setAttribute("com.gluecode.se.keystore.provider",
> + keyStoreProvider);
> + request.setAttribute("com.gluecode.se.keystore.location",
> + keyStoreLocation);
> +
> + List storelist = (List) KernelRegistry.getSingleKernel().invoke(
> + objname, "getKeyStoreEntries");
> +
> + Iterator iter = storelist.iterator();
> + while (iter.hasNext()) {
> + portlet.getPortletContext().log("store-item = " + iter.next());
> + }
> +
> + request.setAttribute("com.gluecode.se.keystore.list", storelist);
> + request.setAttribute("com.gluecode.se.keystore.size", String
> + .valueOf(storelist.size()));
> + } catch (Exception e) {
> + throw new PortletException(e);
> + }
> +
> + rd = portlet.getPortletContext().getRequestDispatcher(
> + "/WEB-INF/view/certmanager/viewKeyStoreNormal.jsp");
> + rd.include(request, response);
> + }
> +}
>
> Added: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStoreEntryDetail.java
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStoreEntryDetail.java?rev=326194&view=auto
> ==============================================================================
> --- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStoreEntryDetail.java (added)
> +++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/certmanager/actions/ViewKeyStoreEntryDetail.java Tue Oct 18 11:22:57 2005
> @@ -0,0 +1,79 @@
> +/**
> + *
> + * Copyright 2004, 2005 The Apache Software Foundation or its licensors, as applicable.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.geronimo.console.certmanager.actions;
> +
> +import java.io.IOException;
> +import java.security.cert.Certificate;
> +
> +import javax.management.ObjectName;
> +import javax.portlet.PortletException;
> +import javax.portlet.PortletRequestDispatcher;
> +import javax.portlet.RenderRequest;
> +import javax.portlet.RenderResponse;
> +
> +import org.apache.commons.logging.Log;
> +import org.apache.commons.logging.LogFactory;
> +import org.apache.geronimo.console.certmanager.CertManagerPortlet;
> +import org.apache.geronimo.console.core.keystore.KeyEntryInfo;
> +import org.apache.geronimo.console.core.keystore.KeyStoreGBean;
> +import org.apache.geronimo.kernel.KernelRegistry;
> +
> +public class ViewKeyStoreEntryDetail {
> +
> + private static Log log = LogFactory.getLog(ViewKeyStoreEntryDetail.class);
> +
> + public static void render(CertManagerPortlet portlet,
> + RenderRequest request, RenderResponse response)
> + throws PortletException, IOException {
> +
> + String alias = request.getParameter("alias");
> +
> + portlet.getPortletContext().log(
> + "view-key-store-entry-detail: key-store-alias = " + alias);
> +
> + try {
> + // entry info
> + ObjectName objname = new ObjectName(
> + KeyStoreGBean.KEY_STORE_OBJ_NAME);
> + KeyEntryInfo kinfo = (KeyEntryInfo) KernelRegistry
> + .getSingleKernel().invoke(objname, "getKeyEntryInfo",
> + new Object[] { alias },
> + new String[] { "java.lang.String" });
> +
> + request.setAttribute("com.gluecode.se.keystore.entry.info", kinfo);
> +
> + // get keystore certificate chain by the alias
> + Certificate[] chain = (Certificate[]) KernelRegistry
> + .getSingleKernel().invoke(objname, "getCertificateChain",
> + new Object[] { alias },
> + new String[] { "java.lang.String" });
> +
> + // set attributes
> + request.setAttribute("com.gluecode.se.certs", chain);
> + } catch (Exception e) {
> + throw new PortletException(e);
> + }
> +
> + // display entry detail
> + PortletRequestDispatcher rd = portlet.getPortletContext()
> + .getRequestDispatcher(
> + "/WEB-INF/view/certmanager/viewCertificateNormal.jsp");
> +
> + rd.include(request, response);
> + }
> +}
>
> Modified: geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/web.xml
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/web.xml?rev=326194&r1=326193&r2=326194&view=diff
> ==============================================================================
> --- geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/web.xml (original)
> +++ geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/web.xml Tue Oct 18 11:22:57 2005
> @@ -80,7 +80,7 @@
> <servlet-class>org.apache.pluto.core.PortletServlet</servlet-class>
> <init-param>
> <param-name>portlet-class</param-name>
> - <param-value>org.apache.geronimo.console.EmptyPortlet</param-value>
> + <param-value>org.apache.geronimo.console.certmanager.CertManagerPortlet</param-value>
> </init-param>
> <init-param>
> <param-name>portlet-guid</param-name>
>
> Modified: geronimo/trunk/modules/assembly/src/plan/webconsole-jetty-plan.xml
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/webconsole-jetty-plan.xml?rev=326194&r1=326193&r2=326194&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/assembly/src/plan/webconsole-jetty-plan.xml (original)
> +++ geronimo/trunk/modules/assembly/src/plan/webconsole-jetty-plan.xml Tue Oct 18 11:22:57 2005
> @@ -62,25 +62,24 @@
> <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/System,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbean-name>
> </reference>
> <reference name="LoginModule">
> -<!-- <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Server,J2EEServer=geronimo,j2eeType=LoginModule,name=properties-login</gbean-name>-->
> + <!-- <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Server,J2EEServer=geronimo,j2eeType=LoginModule,name=properties-login</gbean-name>-->
> <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Security,J2EEServer=geronimo,j2eeType=LoginModule,name=properties-login</gbean-name>
> </reference>
> </gbean>
>
> <!-- Keystore configuration -->
> - <!-- I think this requires a modified GERONIMO-887 to be applied first -->
> -<!-- <gbean gbeanName="geronimo.security:type=KeyStore" class="org.apache.geronimo.console.core.keystore.KeyStoreGBean">-->
> -<!-- <attribute name="keyStoreLocation">var/security/ssl-keystore-1</attribute>-->
> -<!-- <attribute name="keyStoreType">jks</attribute>-->
> -<!-- <attribute name="keyStoreProvider">SUN</attribute>-->
> -<!-- <attribute name="keyStorePassword">password</attribute>-->
> -<!-- <reference name="serverInfo">-->
> -<!-- <application>null</application>-->
> -<!-- <moduleType>J2EEModule</moduleType>-->
> -<!-- <module>org/apache/geronimo/System</module>-->
> -<!-- <type>GBean</type>-->
> -<!-- <name>ServerInfo</name>-->
> -<!-- </reference>-->
> -<!-- </gbean>-->
> + <gbean gbeanName="geronimo.security:type=KeyStore" class="org.apache.geronimo.console.core.keystore.KeyStoreGBean">
> + <attribute name="keyStoreLocation">var/security/ssl-keystore-1</attribute>
> + <attribute name="keyStoreType">jks</attribute>
> + <attribute name="keyStoreProvider">SUN</attribute>
> + <attribute name="keyStorePassword">password</attribute>
> + <reference name="serverInfo">
> + <application>null</application>
> + <moduleType>J2EEModule</moduleType>
> + <module>org/apache/geronimo/System</module>
> + <type>GBean</type>
> + <name>ServerInfo</name>
> + </reference>
> + </gbean>
>
> </application>
>
> Modified: geronimo/trunk/modules/assembly/src/plan/webconsole-tomcat-plan.xml
> URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/webconsole-tomcat-plan.xml?rev=326194&r1=326193&r2=326194&view=diff
> ==============================================================================
> --- geronimo/trunk/modules/assembly/src/plan/webconsole-tomcat-plan.xml (original)
> +++ geronimo/trunk/modules/assembly/src/plan/webconsole-tomcat-plan.xml Tue Oct 18 11:22:57 2005
> @@ -70,19 +70,18 @@
> </gbean>
>
> <!-- Keystore configuration -->
> - <!-- I think this requires a modified GERONIMO-887 to be applied first -->
> - <!-- <gbean gbeanName="geronimo.security:type=KeyStore" class="org.apache.geronimo.console.core.keystore.KeyStoreGBean">-->
> - <!-- <attribute name="keyStoreLocation">var/security/ssl-keystore-1</attribute>-->
> - <!-- <attribute name="keyStoreType">jks</attribute>-->
> - <!-- <attribute name="keyStoreProvider">SUN</attribute>-->
> - <!-- <attribute name="keyStorePassword">password</attribute>-->
> - <!-- <reference name="serverInfo">-->
> - <!-- <application>null</application>-->
> - <!-- <moduleType>J2EEModule</moduleType>-->
> - <!-- <module>org/apache/geronimo/System</module>-->
> - <!-- <type>GBean</type>-->
> - <!-- <name>ServerInfo</name>-->
> - <!-- </reference>-->
> - <!-- </gbean>-->
> + <gbean gbeanName="geronimo.security:type=KeyStore" class="org.apache.geronimo.console.core.keystore.KeyStoreGBean">
> + <attribute name="keyStoreLocation">var/security/ssl-keystore-1</attribute>
> + <attribute name="keyStoreType">jks</attribute>
> + <attribute name="keyStoreProvider">SUN</attribute>
> + <attribute name="keyStorePassword">password</attribute>
> + <reference name="serverInfo">
> + <application>null</application>
> + <moduleType>J2EEModule</moduleType>
> + <module>org/apache/geronimo/System</module>
> + <type>GBean</type>
> + <name>ServerInfo</name>
> + </reference>
> + </gbean>
>
> </application>
>
>
>
--
Davanum Srinivas : http://wso2.com/blogs/
|