Return-Path: Delivered-To: apmail-geronimo-scm-archive@www.apache.org Received: (qmail 19602 invoked from network); 24 May 2006 18:33:51 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 24 May 2006 18:33:51 -0000 Received: (qmail 20600 invoked by uid 500); 24 May 2006 18:33:51 -0000 Delivered-To: apmail-geronimo-scm-archive@geronimo.apache.org Received: (qmail 20457 invoked by uid 500); 24 May 2006 18:33:50 -0000 Mailing-List: contact scm-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list scm@geronimo.apache.org Received: (qmail 20446 invoked by uid 99); 24 May 2006 18:33:50 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 May 2006 11:33:50 -0700 X-ASF-Spam-Status: No, hits=0.6 required=10.0 tests=NO_REAL_NAME X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [140.211.166.113] (HELO eris.apache.org) (140.211.166.113) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 May 2006 11:33:49 -0700 Received: by eris.apache.org (Postfix, from userid 65534) id 8009B1A983A; Wed, 24 May 2006 11:33:29 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r409223 - in /geronimo/trunk: applications/console-standard/src/java/org/apache/geronimo/console/keystores/ applications/console-standard/src/java/org/apache/geronimo/console/webmanager/ applications/console-standard/src/webapp/WEB-INF/view... Date: Wed, 24 May 2006 18:33:27 -0000 To: scm@geronimo.apache.org From: ammulder@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20060524183329.8009B1A983A@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Author: ammulder Date: Wed May 24 11:33:25 2006 New Revision: 409223 URL: http://svn.apache.org/viewvc?rev=409223&view=rev Log: Merge fix for GERONIMO-2049, GERONIMO-2050, GERONIMO-2051, GERONIMO-2052 Modified: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/CreateKeystoreHandler.java geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/ListHandler.java geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UnlockKeystoreHandler.java geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/webmanager/ConnectorPortlet.java geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/webmanager/connector/editHTTPS.jsp geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java Modified: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/CreateKeystoreHandler.java URL: http://svn.apache.org/viewvc/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/CreateKeystoreHandler.java?rev=409223&r1=409222&r2=409223&view=diff ============================================================================== --- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/CreateKeystoreHandler.java (original) +++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/CreateKeystoreHandler.java Wed May 24 11:33:25 2006 @@ -17,13 +17,19 @@ package org.apache.geronimo.console.keystores; import java.io.IOException; +import java.util.Map; +import java.util.HashMap; import javax.portlet.ActionRequest; import javax.portlet.ActionResponse; import javax.portlet.PortletException; import javax.portlet.RenderRequest; import javax.portlet.RenderResponse; +import javax.portlet.PortletSession; import org.apache.geronimo.console.MultiPageModel; import org.apache.geronimo.console.util.PortletManager; +import org.apache.geronimo.gbean.AbstractName; +import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory; +import org.apache.geronimo.management.geronimo.KeystoreInstance; /** * Handler for entering a password to unlock a keystore @@ -54,7 +60,15 @@ response.setRenderParameter("filename", filename); return getMode(); } - PortletManager.getCurrentServer(request).getKeystoreManager().createKeystore(filename, password.toCharArray()); + KeystoreInstance instance = PortletManager.getCurrentServer(request).getKeystoreManager().createKeystore(filename, password.toCharArray()); + PortletSession session = request.getPortletSession(true); + KeystoreData data = new KeystoreData(); + data.setInstance(instance); + session.setAttribute(KEYSTORE_DATA_PREFIX+filename, data); + char[] cpw = password.toCharArray(); + data.setPassword(cpw); + data.setCertificates(data.getInstance().listTrustCertificates(cpw)); + data.setKeys(data.getInstance().listPrivateKeys(cpw)); return LIST_MODE+BEFORE_ACTION; } Modified: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/ListHandler.java URL: http://svn.apache.org/viewvc/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/ListHandler.java?rev=409223&r1=409222&r2=409223&view=diff ============================================================================== --- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/ListHandler.java (original) +++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/ListHandler.java Wed May 24 11:33:25 2006 @@ -69,7 +69,7 @@ if(all.length > 0) { keys.put(data.getInstance().getKeystoreName(), all.length+" key"+(all.length > 1 ? "s" : "")+" ready"); } else { - keys.put(data.getInstance().getKeystoreName(), "NO KEYS READY"); + keys.put(data.getInstance().getKeystoreName(), "trust store only"); } } catch (KeystoreIsLocked locked) {} } Modified: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UnlockKeystoreHandler.java URL: http://svn.apache.org/viewvc/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UnlockKeystoreHandler.java?rev=409223&r1=409222&r2=409223&view=diff ============================================================================== --- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UnlockKeystoreHandler.java (original) +++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UnlockKeystoreHandler.java Wed May 24 11:33:25 2006 @@ -67,16 +67,18 @@ char[] storePass = password.toCharArray(); data.getInstance().unlockKeystore(storePass); if(data.getKeys() != null && data.getKeys().length > 0) { + // if it's unlocked for editing and has keys try { data.getInstance().unlockPrivateKey(alias, keyPassword.toCharArray()); } catch (KeystoreIsLocked e) { throw new PortletException("Invalid password for keystore", e); } - } else { + } else if(data.getInstance().listPrivateKeys(storePass) != null && data.getInstance().listPrivateKeys(storePass).length > 0) { + // if it's locked for editing but has keys response.setRenderParameter("keystore", keystore); response.setRenderParameter("password", password); return UNLOCK_KEY+BEFORE_ACTION; - } + } // otherwise it has no keys return LIST_MODE+BEFORE_ACTION; } } Modified: geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/webmanager/ConnectorPortlet.java URL: http://svn.apache.org/viewvc/geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/webmanager/ConnectorPortlet.java?rev=409223&r1=409222&r2=409223&view=diff ============================================================================== --- geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/webmanager/ConnectorPortlet.java (original) +++ geronimo/trunk/applications/console-standard/src/java/org/apache/geronimo/console/webmanager/ConnectorPortlet.java Wed May 24 11:33:25 2006 @@ -359,6 +359,26 @@ if(server.equals(WEB_SERVER_JETTY)) { int minThreads = ((Number)getProperty(connector, "minThreads")).intValue(); renderRequest.setAttribute("minThreads", String.valueOf(minThreads)); + KeystoreManager mgr = PortletManager.getCurrentServer(renderRequest).getKeystoreManager(); + KeystoreInstance[] stores = mgr.getUnlockedKeyStores(); + String[] storeNames = new String[stores.length]; + for (int i = 0; i < storeNames.length; i++) { + storeNames[i] = stores[i].getKeystoreName(); + } + renderRequest.setAttribute("keyStores", storeNames); + KeystoreInstance[] trusts = mgr.getUnlockedTrustStores(); + String[] trustNames = new String[trusts.length]; + for (int i = 0; i < trustNames.length; i++) { + trustNames[i] = trusts[i].getKeystoreName(); + } + renderRequest.setAttribute("trustStores", trustNames); + Map aliases = new HashMap(); + for (int i = 0; i < stores.length; i++) { + try { + aliases.put(stores[i].getKeystoreName(), stores[i].getUnlockedKeys()); + } catch (KeystoreIsLocked locked) {} + } + renderRequest.setAttribute("unlockedKeys", aliases); } else if (server.equals(WEB_SERVER_TOMCAT)) { //todo: Any Tomcat specific processing? Modified: geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/webmanager/connector/editHTTPS.jsp URL: http://svn.apache.org/viewvc/geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/webmanager/connector/editHTTPS.jsp?rev=409223&r1=409222&r2=409223&view=diff ============================================================================== --- geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/webmanager/connector/editHTTPS.jsp (original) +++ geronimo/trunk/applications/console-standard/src/webapp/WEB-INF/view/webmanager/connector/editHTTPS.jsp Wed May 24 11:33:25 2006 @@ -120,7 +120,8 @@
- The keystore to use for accessing the server's private key + The keystore containing the trusted certificate entries, including + Certification Authority (CA) certificates Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java?rev=409223&r1=409222&r2=409223&view=diff ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java Wed May 24 11:33:25 2006 @@ -126,12 +126,26 @@ public boolean unlockKeystore(char[] password) { //todo: test whether password is correct and if not return false - keystorePassword = password; + try { + kernel.setAttribute(abstractName, "keystorePassword", password == null ? null : new String(password)); + } catch (Exception e) { + throw (IllegalStateException)new IllegalStateException("Unable to set attribute keystorePassword on myself!").initCause(e); + } return true; } + public void setKeystorePassword(String password) { + keystorePassword = password == null ? null : password.toCharArray(); + } + public void lockKeystore() { - keystorePassword = null; + try { + kernel.setAttribute(abstractName, "keystorePassword", null); + keyPasswords.clear(); + storePasswords(); + } catch (Exception e) { + throw (IllegalStateException)new IllegalStateException("Unable to set attribute keystorePassword on myself!").initCause(e); + } } public boolean isKeystoreLocked() { @@ -178,8 +192,8 @@ } public void lockPrivateKey(String alias) { - storePasswords(); keyPasswords.remove(alias); + storePasswords(); } private void storePasswords() { @@ -192,7 +206,7 @@ buf.append(entry.getKey()).append("=").append(entry.getValue()); } try { - kernel.setAttribute(abstractName, "keyPasswords", buf.toString()); + kernel.setAttribute(abstractName, "keyPasswords", buf.length() == 0 ? null : buf.toString()); } catch (Exception e) { log.error("Unable to save key passwords in keystore '"+keystoreName+"'", e); }