Author: tyrell
Date: Fri May 16 14:47:01 2008
New Revision: 17139
Log:
Adding code to read certificate chains from a given https URL.
Modified:
trunk/mashup/java/modules/admin/service/src/org/wso2/mashup/admin/service/MashupAdminService.java
trunk/mashup/java/modules/www/cert_manager.jsp
trunk/mashup/java/modules/www/js/services.js
Modified:
trunk/mashup/java/modules/admin/service/src/org/wso2/mashup/admin/service/MashupAdminService.java
==============================================================================
---
trunk/mashup/java/modules/admin/service/src/org/wso2/mashup/admin/service/MashupAdminService.java
(original)
+++
trunk/mashup/java/modules/admin/service/src/org/wso2/mashup/admin/service/MashupAdminService.java
Fri May 16 14:47:01 2008
@@ -45,6 +45,10 @@
import org.wso2.wsas.persistence.exception.ServiceNotFoundException;
import javax.activation.DataHandler;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLSocketFactory;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
@@ -61,6 +65,7 @@
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateException;
+import java.net.URL;
public class MashupAdminService {
@@ -528,6 +533,7 @@
return Boolean.valueOf(success);
}
+
public Boolean importCert(String userName, String alias, DataHandler cert)
throws MashupFault {
try {
InputStream certIn = cert.getDataSource().getInputStream();
@@ -577,6 +583,71 @@
}
+ public Boolean importCertFromUrl(String userName, String alias, String
url) throws MashupFault {
+ try {
+ // Create the client socket
+ int port = 443;
+ String hostname = new URL(url).getHost();
+ SSLSocketFactory factory =
HttpsURLConnection.getDefaultSSLSocketFactory();
+ SSLSocket socket = (SSLSocket) factory.createSocket(hostname,
port);
+
+ // Connect to the server
+ socket.startHandshake();
+
+ // Retrieve the server's certificate chain
+ java.security.cert.Certificate[] serverCerts =
+ socket.getSession().getPeerCertificates();
+
+ // Close the socket
+ socket.close();
+
+ // Retrieve the user keystore
+ Resource useKeyStoreResource =
MashupUtils.getUserKeystoreResource(userName);
+ KeyStore userKeyStore = KeyStore.getInstance("JKS");
+ char[] keyPassphrase =
+
useKeyStoreResource.getProperty(MashupConstants.USER_KEYSTORE_PASSWORD)
+ .toCharArray();
+ userKeyStore.load(new ByteArrayInputStream((byte[])
useKeyStoreResource.getContent()),
+ keyPassphrase);
+
+ // Adding the certificate chain to keystore
+ for (int x = 0; x < serverCerts.length; x++) {
+ // Check to prevent alias conflicts
+ int seq = 0;
+ while (userKeyStore.containsAlias(alias)) {
+ seq++;
+ alias = alias + "." + seq;
+ }
+ userKeyStore.setCertificateEntry(alias, serverCerts[x]);
+ }
+
+ ByteArrayOutputStream newKeyStoreContent = new
ByteArrayOutputStream();
+ userKeyStore.store(newKeyStoreContent, keyPassphrase);
+
+ // Updating the keystore in registry
+ if (!MashupUtils.putUserKeystoreResource(userName,
newKeyStoreContent.toByteArray())) {
+ throw new MashupFault(
+ "An error occured while adding the new certificate.
Please refer the log for details.");
+ } else {
+ return Boolean.valueOf(true);
+ }
+
+ } catch (SSLPeerUnverifiedException e) {
+ throw new MashupFault(e);
+ } catch (IOException e) {
+ throw new MashupFault(e);
+ } catch (RegistryException e) {
+ throw new MashupFault(e);
+ } catch (NoSuchAlgorithmException e) {
+ throw new MashupFault(e);
+ } catch (KeyStoreException e) {
+ throw new MashupFault(e);
+ } catch (CertificateException e) {
+ throw new MashupFault(e);
+ }
+ }
+
+
public Boolean deleteCert(String userName, String alias) throws
MashupFault {
try {
Modified: trunk/mashup/java/modules/www/cert_manager.jsp
==============================================================================
--- trunk/mashup/java/modules/www/cert_manager.jsp (original)
+++ trunk/mashup/java/modules/www/cert_manager.jsp Fri May 16 14:47:01 2008
@@ -17,6 +17,8 @@
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ page import="java.util.ResourceBundle" %>
<%@ page import="org.wso2.wsas.admin.service.util.CertData" %>
+<%@ page import="java.util.Arrays" %>
+<%@ page import="java.util.Comparator" %>
<!--Required to keep a user logged in if 'Remember Me' option is selected-->
<%@ include file="validate_login.jsp" %>
@@ -29,205 +31,261 @@
<html>
<head>
- <title><%= bundle.getString("main.title")%> - Certificate Manager</title>
+<title><%= bundle.getString("main.title")%> - Certificate Manager</title>
- <!-- Required CSS -->
- <link href="css/styles.css" rel="stylesheet" type="text/css"/>
+<!-- Required CSS -->
+<link href="css/styles.css" rel="stylesheet" type="text/css"/>
- <!-- Required Javascript -->
- <script language="javascript" src="js/common.js"
type="text/javascript"></script>
- <script language="javascript" src="js/mashup-main.js"
type="text/javascript"></script>
- <script language="javascript" src="js/mashup-utils.js"
type="text/javascript"></script>
- <script language="javascript"
src="js/yui/yahoo-dom-event/yahoo-dom-event.js"
- type="text/javascript"></script>
- <script language="javascript" src="js/yui/connection/connection.js"
- type="text/javascript"></script>
- <script language="javascript" src="js/wso2/WSRequest.js"
- type="text/javascript"></script>
- <script type="text/javascript"
src="../wsasadmin/global_params.js"></script>
- <script type="text/javascript" src="../wsasadmin/js/main.js"></script>
- <script language="javascript" src="js/services.js"
- type="text/javascript"></script>
-
- <script type="text/javascript" language="JavaScript">
- var currentUser = '<%=currentUser.trim()%>';
-
- var callback =
- {
- success:handleSuccess,
- failure:handleFailure,
- upload:handleSuccess
- };
-
- function handleSuccess(o) {
- clearText();
- location.reload();
- }
-
- function handleFailure(o) {
- alert("Failed to add the certificate. [" + o.responseText + "]");
- }
-
- function submitFormAsync(formId, isFileUpload) {
- var form = document.getElementById(formId);
-
- if ((isFileUpload) && (document.getElementById("cert").value ==
"")) {
- WSO2.MashupUtils.dialog("Insufficient data", "<pre>Please
browse your file system for a valid certificate.</pre><br><input type='button'
value='Close' onclick='WSO2.MashupUtils.dialog.close();'", 70, 70);
- } else if ((!isFileUpload) &&
(document.getElementById("alias").value == "")) {
- WSO2.MashupUtils.dialog("Insufficient data", "<pre>Please type
an alias for the certificate.</pre><br><input type='button' value='Close'
onclick='WSO2.MashupUtils.dialog.close();'", 70, 70);
+<!-- Required Javascript -->
+<script language="javascript" src="js/common.js"
type="text/javascript"></script>
+<script language="javascript" src="js/mashup-main.js"
type="text/javascript"></script>
+<script language="javascript" src="js/mashup-utils.js"
type="text/javascript"></script>
+<script language="javascript" src="js/yui/yahoo-dom-event/yahoo-dom-event.js"
+ type="text/javascript"></script>
+<script language="javascript" src="js/yui/connection/connection.js"
+ type="text/javascript"></script>
+<script language="javascript" src="js/wso2/WSRequest.js"
+ type="text/javascript"></script>
+<script type="text/javascript" src="../wsasadmin/global_params.js"></script>
+<script type="text/javascript" src="../wsasadmin/js/main.js"></script>
+<script language="javascript" src="js/services.js"
+ type="text/javascript"></script>
+
+<script type="text/javascript" language="JavaScript">
+ var currentUser = '<%=currentUser.trim()%>';
+
+ var callback =
+ {
+ success:handleSuccess,
+ failure:handleFailure,
+ upload:handleSuccess
+ };
+
+ function handleSuccess(o) {
+ clearText();
+ location.reload();
+ }
+
+ function handleFailure(o) {
+ alert("Failed to add the certificate. [" + o.responseText + "]");
+ }
+
+ function submitFormAsync(formId, isFileUpload) {
+ var form = document.getElementById(formId);
+
+ if ((isFileUpload) && (document.getElementById("cert").value == "")) {
+ WSO2.MashupUtils.dialog("Insufficient data", "<pre>Please browse
your file system for a valid certificate.</pre><br><input type='button'
value='Close' onclick='WSO2.MashupUtils.dialog.close();'", 70, 70);
+ } else if ((!isFileUpload) && (document.getElementById("alias").value
== "")) {
+ WSO2.MashupUtils.dialog("Insufficient data", "<pre>Please type an
alias for the certificate.</pre><br><input type='button' value='Close'
onclick='WSO2.MashupUtils.dialog.close();'", 70, 70);
+ } else {
+ if (isFileUpload) {
+ YAHOO.util.Connect.setForm(form, true, true);
+ YAHOO.util.Connect.asyncRequest("POST",
form.getAttribute("action"), callback, null);
} else {
- if (isFileUpload) {
- YAHOO.util.Connect.setForm(form, true, true);
- YAHOO.util.Connect.asyncRequest("POST",
form.getAttribute("action"), callback, null);
- } else {
- YAHOO.util.Connect.setForm(form);
- YAHOO.util.Connect.asyncRequest("POST",
form.getAttribute("action"), callback, null);
- }
+ YAHOO.util.Connect.setForm(form);
+ YAHOO.util.Connect.asyncRequest("POST",
form.getAttribute("action"), callback, null);
}
}
+ }
- function noEnter(e) {
- var keynum = "";
- if (window.event) // IE
- {
- keynum = e.keyCode;
-
- if (keynum == 13) {
- e.cancelBubble = true;
- e.returnValue = false;
- }
+ function noEnter(e) {
+ var keynum = "";
+ if (window.event) // IE
+ {
+ keynum = e.keyCode;
+
+ if (keynum == 13) {
+ e.cancelBubble = true;
+ e.returnValue = false;
}
- else if (e.which) // Netscape/Firefox/Opera
- {
- keynum = e.which;
- if (keynum == 13) {
- e.preventDefault();
- }
+ }
+ else if (e.which) // Netscape/Firefox/Opera
+ {
+ keynum = e.which;
+ if (keynum == 13) {
+ e.preventDefault();
}
-
}
- function clearText() {
- document.getElementById("cert").value = "";
- document.getElementById("alias").value = "";
- }
+ }
- function deleteCertCallback() {
- location.reload();
+ function clearText() {
+ document.getElementById("cert").value = "";
+ document.getElementById("alias").value = "";
+ document.getElementById("url").value = "";
+ document.getElementById("alias_url").value = "";
+ }
+
+ function deleteCertCallback() {
+ clearText();
+ location.reload();
+ }
+
+ function deleteCert(certAlias) {
+ var response = confirm("You are about to delete the certificate with
alias '" +
+ certAlias +
+ "'. This might prevent your services/mashups
from connecting to the site bearing this certificate. Are you sure?");
+ if (response) {
+ // Calling the cert deletion service
+ wso2.mashup.services.deleteCertificate(currentUser, certAlias,
deleteCertCallback)
}
+ }
- function deleteCert(certAlias) {
- var response = confirm("You are about to delete the certificate
with alias '" +
- certAlias +
- "'. This might prevent your
services/mashups from connecting to the site bearing this certificate. Are you
sure?");
- if (response) {
- // Calling the cert deletion service
- wso2.mashup.services.deleteCertificate(currentUser, certAlias,
deleteCertCallback)
- }
+ function addCertFromUrlCallback() {
+ location.reload();
+ }
+
+ function addCertFromUrl() {
+ if (document.getElementById("url").value == "") {
+ WSO2.MashupUtils.dialog("Insufficient data", "<pre>Please enter
the URL of the site to add.</pre><br><input type='button' value='Close'
onclick='WSO2.MashupUtils.dialog.close();'", 70, 70);
+ } else if (document.getElementById("alias_url").value == "") {
+ WSO2.MashupUtils.dialog("Insufficient data", "<pre>Please type an
alias for the certificate.</pre><br><input type='button' value='Close'
onclick='WSO2.MashupUtils.dialog.close();'", 70, 70);
+ } else {
+ var url = document.getElementById("url").value;
+ var alias = document.getElementById("alias_url").value;
+
+ wso2.mashup.services.importCertFromUrl(currentUser, alias, url,
addCertFromUrlCallback);
}
+ }
- </script>
+</script>
</head>
-<body>
+<body onload="clearText();">
<div id="page">
- <%@ include file="header.jsp" %>
- <%@ include file="searchbox.jsp" %>
+<%@ include file="header.jsp" %>
+<%@ include file="searchbox.jsp" %>
- <div id="content">
- <%
- if (!RegistryUtils.isLoggedIn(userRegistry)) {
- %>
- You need to <a href="signin.jsp?bounceback=<%=thisPage%>">sign in</a>
to perform this
- operation.
- <%
- } else {
- %>
- <h3>Trusted Site Certificates of <%=RegistryUtils.getFullName(request,
currentUser)%>
- </h3>
- <fieldset>
- <legend>Add a new certificate</legend>
- <br/>
-
- <form id="form" method="post" enctype="multipart/form-data"
- action="/services/MashupAdminService/importCert"
- target="uploadFrame">
- <input type="hidden" id="userName" name="userName"
value="<%=currentUser%>"/>
- <label>Certificate<font color="red">*</font></label><input
- type="file" size="50" id="cert" name="cert"
- style="margin-left: 5px;" onkeydown="noEnter(event);"/>
- <br/>
- <br/>
- <label>Alias<font color="red">*</font></label><input
type="text" id="alias"
-
name="alias"
-
style="margin-left: 32px;"
-
onkeydown="noEnter(event);"/>
- <br/>
- <br/>
- <input type="button" value="Upload" align="right"
- onclick="return submitFormAsync('form',true);"/>
- </form>
- </fieldset>
- <br/>
- <fieldset>
- <legend>You are currently trusting the following
certificates</legend>
- <table id="certificates">
- <thead>
- <tr class="mashup_label">
- <th style="text-align: center;">Alias</th>
- <th style="text-align: center;">Issued by</th>
- <th style="text-align: center;">Issued to</th>
- <th style="text-align: center;">Valid from</th>
- <th style="text-align: center;">Valid till</th>
- <th style="text-align: center;">Serial Number</th>
- <th style="text-align: center;">Version</th>
- <th style="text-align: center;">Tasks</th>
- </tr>
- </thead>
- <tbody>
- <%
- CertData[] certs = MashupUtils.getCerts(currentUser);
- for (int x = 0; x < certs.length; x++) {
- if (x % 2 == 0) {
- %>
- <tr style="background-color: gainsboro;">
- <%
- }
- %>
- <td><%=certs[x].getAlias()%>
- </td>
- <td><%=certs[x].getIssuerDN()%>
- </td>
- <td><%=certs[x].getSubjectDN()%>
- </td>
- <td><%=certs[x].getNotBefore()%>
- </td>
- <td><%=certs[x].getNotAfter()%>
- </td>
- <td><%=certs[x].getSerialNumber()%>
- </td>
- <td><%=certs[x].getVersion()%>
- </td>
- <td>
- <a href="#"
onclick="deleteCert('<%=certs[x].getAlias()%>');"><img
- border="0" title="Delete this certificater"
- alt="Delete certificate"
- src="images/delete.gif"/></a>
- </td>
- </tr>
- <%
-
- }
- %>
-
- </tbody>
- </table>
- </fieldset>
- <%
- }
- %>
+<div id="content">
+<%
+ if (!RegistryUtils.isLoggedIn(userRegistry)) {
+%>
+You need to <a href="signin.jsp?bounceback=<%=thisPage%>">sign in</a> to
perform this
+operation.
+<%
+} else {
+%>
+<h3>Trusted Site Certificates of <%=RegistryUtils.getFullName(request,
currentUser)%>
+</h3>
+<fieldset>
+ <legend>Add a new certificate from a file</legend>
+ <br/>
+
+ <form id="form" method="post" enctype="multipart/form-data"
+ action="/services/MashupAdminService/importCert"
+ target="uploadFrame">
+ <input type="hidden" id="userName" name="userName"
value="<%=currentUser%>"/>
+ <label>Certificate<font color="red">*</font></label><input
+ type="file" size="50" id="cert" name="cert"
+ style="margin-left: 5px;" onkeydown="noEnter(event);"/>
+ <br/>
+ <br/>
+ <label>Alias<font color="red">*</font></label><input type="text"
id="alias"
+ name="alias"
+
style="margin-left: 32px;"
+
onkeydown="noEnter(event);"/>
+ <br/>
+ <br/>
+ <input type="button" value="Upload" align="right"
+ onclick="return submitFormAsync('form',true);"/>
+ </form>
+</fieldset>
+<br/>
+<fieldset>
+ <legend>Add a new certificate using a trusted HTTPS site URL</legend>
+ <div>
+ <label>Site URL<font color="red">*</font></label><input
+ type="text" size="50" id="url" name="cert"
+ style="margin-left: 10px;" onkeydown="noEnter(event);" value=""/>
+ <br/>
+ <br/>
+ <label>Alias<font color="red">*</font></label><input type="text"
id="alias_url"
+ name="alias"
+
style="margin-left: 32px;"
+
onkeydown="noEnter(event);" value=""/>
+ <br/>
+ <br/>
+ <input type="button" value="Add" align="right"
+ onclick="addCertFromUrl();"/>
</div>
+</fieldset>
+<br/>
+<fieldset>
+ <legend>You are currently trusting the following certificates</legend>
+ <table id="certificates">
+ <thead>
+ <tr class="mashup_label">
+ <th style="text-align: center;">Alias</th>
+ <th style="text-align: center;">Issued by</th>
+ <th style="text-align: center;">Issued to</th>
+ <th style="text-align: center;">Valid from</th>
+ <th style="text-align: center;">Valid till</th>
+ <th style="text-align: center;">Serial Number</th>
+ <th style="text-align: center;">Version</th>
+ <th style="text-align: center;">Tasks</th>
+ </tr>
+ </thead>
+ <tbody>
+ <%
+ // Obtaining the list of certificates stored in this users
keystore
+ CertData[] certs = MashupUtils.getCerts(currentUser);
+
+ // Sorting the array using alias
+ Comparator AliasComparator = new Comparator() {
+ public int compare(Object cert1, Object cert2) {
+ String alias1 = ((CertData) cert1).getAlias();
+ String alias2 = ((CertData) cert2).getAlias();
+
+ if (!(alias1.equals(alias2)))
+ return alias1.compareTo(alias2);
+ else
+ return alias1.compareTo(alias2);
+ }
+ };
+ Arrays.sort(certs,AliasComparator);
+
+ // Displaying the sorted cert data
+ for (int x = 0; x < certs.length; x++) {
+ if (x % 2 == 0) {
+ %>
+ <tr style="background-color: gainsboro;">
+ <%
+ }
+ %>
+ <td><%=certs[x].getAlias()%>
+ </td>
+ <td><%=certs[x].getIssuerDN()%>
+ </td>
+ <td><%=certs[x].getSubjectDN()%>
+ </td>
+ <td><%=certs[x].getNotBefore()%>
+ </td>
+ <td><%=certs[x].getNotAfter()%>
+ </td>
+ <td><%=certs[x].getSerialNumber()%>
+ </td>
+ <td><%=certs[x].getVersion()%>
+ </td>
+ <td>
+ <a href="#"
onclick="deleteCert('<%=certs[x].getAlias()%>');"><img
+ border="0" title="Delete this certificater"
+ alt="Delete certificate"
+ src="images/delete.gif"/></a>
+ </td>
+ </tr>
+ <%
+
+ }
+ %>
+
+ </tbody>
+ </table>
+</fieldset>
+<%
+ }
+%>
+</div>
- <%@ include file="footer.jsp" %>
+<%@ include file="footer.jsp" %>
</div>
</body>
</html>
\ No newline at end of file
Modified: trunk/mashup/java/modules/www/js/services.js
==============================================================================
--- trunk/mashup/java/modules/www/js/services.js (original)
+++ trunk/mashup/java/modules/www/js/services.js Fri May 16 14:47:01 2008
@@ -440,6 +440,25 @@
};
/**
+ * @description Imports a certificate chain from a given URLs domain into a
user keystore
+ * @param {String} userName User name of the keystore owner
+ * @param {String} certAlias Alias used when storing the certificate in the
keystore
+ * @param {String} url URL of the trusted site
+ * @param {callback} callback User-defined callback function or object
+ */
+wso2.mashup.services.importCertFromUrl = function (userName, certAlias, url,
callback) {
+ var callURL = serverURL + "/" + "MashupAdminService" + "/" ;
+
+ var body_xml = '<req:importCertFromUrl
xmlns:req="http://service.admin.mashup.wso2.org/xsd";>\n' +
+ ' <req:userName>' + userName + '</req:userName>\n' +
+ ' <req:alias>' + certAlias + '</req:alias>\n' +
+ ' <req:url>' + url + '</req:url>\n' +
+ ' </req:importCertFromUrl>\n';
+
+ new wso2.wsf.WSRequest(callURL, "importCertFromUrl", body_xml, callback,
"", wso2.mashup.services.defaultErrHandler);
+};
+
+/**
* @description Re deploys a JS Service
* @param {String} serviceName Name of the Service
* @param {callback} callback User-defined callback function or object
_______________________________________________
Mashup-dev mailing list
[email protected]
http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
