<%@ page import="org.jivesoftware.util.CertificateManager, org.jivesoftware.util.JiveGlobals, org.jivesoftware.util.ParamUtils, org.jivesoftware.util.StringUtils, org.jivesoftware.openfire.XMPPServer, org.jivesoftware.openfire.net.SSLConfig, java.io.ByteArrayInputStream, java.security.KeyStore, java.security.PrivateKey, java.security.cert.X509Certificate" errorPage="error.jsp"%> <%@ page import="java.util.Date" %> <%@ page import="java.util.Enumeration" %> <%@ page import="java.util.HashMap" %> <%@ page import="java.util.LinkedHashMap" %> <%@ page import="java.util.Map" %> <%@ page import="org.jivesoftware.openfire.container.PluginManager" %> <%@ page import="org.jivesoftware.openfire.container.AdminConsolePlugin" %> <%@ page import="java.io.IOException" %> <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %> <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %> <% webManager.init(request, response, session, application, out ); %> <%-- Created by IntelliJ IDEA. User: gato Date: Nov 7, 2006 Time: 10:03:19 AM To change this template use File | Settings | File Templates. --%> <% // Get parameters: boolean generate = ParamUtils.getBooleanParameter(request, "generate"); boolean delete = ParamUtils.getBooleanParameter(request, "delete"); boolean importReply = ParamUtils.getBooleanParameter(request, "importReply"); String type = ParamUtils.getParameter(request, "type"); String alias = ParamUtils.getParameter(request, "alias"); Map errors = new HashMap(); KeyStore keyStore = null; try { keyStore = SSLConfig.getKeyStore(); } catch (IOException e) { e.printStackTrace(); errors.put("ioerror", e); } if (generate) { String domain = XMPPServer.getInstance().getServerInfo().getXMPPDomain(); try { if (errors.containsKey("ioerror") && keyStore == null) { keyStore = SSLConfig.initializeKeyStore(); } if (errors.containsKey("ioerror") || !CertificateManager.isDSACertificate(keyStore, domain)) { CertificateManager .createDSACert(keyStore, SSLConfig.getKeyPassword(), domain + "_dsa", "cn=" + domain, "cn=" + domain, "*." + domain); } if (errors.containsKey("ioerror") || !CertificateManager.isRSACertificate(keyStore, domain)) { CertificateManager .createRSACert(keyStore, SSLConfig.getKeyPassword(), domain + "_rsa", "cn=" + domain, "cn=" + domain, "*." + domain); } // Save new certificates into the key store SSLConfig.saveStores(); // Log the event webManager.logEvent("generated SSL self-signed certs", null); response.sendRedirect("ssl-certificates.jsp?generatesuccess=true"); return; } catch (Exception e) { e.printStackTrace(); errors.put("generate", e); } } if (delete) { if (type != null && alias != null) { try { CertificateManager.deleteCertificate(keyStore, alias); SSLConfig.saveStores(); // Log the event webManager.logEvent("deleted SSL cert with alias "+alias, null); response.sendRedirect("ssl-certificates.jsp?deletesuccess=true"); return; } catch (Exception e) { e.printStackTrace(); errors.put("delete", e); } } } if (importReply) { String reply = ParamUtils.getParameter(request, "reply"); if (alias != null && reply != null && reply.trim().length() > 0) { try { CertificateManager.installReply(SSLConfig.getKeyStore(), SSLConfig.gets2sTrustStore(), SSLConfig.getKeyPassword(), alias, new ByteArrayInputStream(reply.getBytes()), true, true); SSLConfig.saveStores(); // Log the event webManager.logEvent("imported SSL certificate with alias "+alias, null); response.sendRedirect("ssl-certificates.jsp?importsuccess=true"); return; } catch (Exception e) { e.printStackTrace(); errors.put("importReply", e); } } } PluginManager pluginManager = XMPPServer.getInstance().getPluginManager(); %> <fmt:message key="ssl.certificates.title"/> <% if (((AdminConsolePlugin) pluginManager.getPlugin("admin")).isRestartNeeded()) { %>
" %>" /> " %>" />

<% } else if (errors.containsKey("ioerror")) { Exception e = (Exception)errors.get("ioerror"); %>

" %>" /> " %>" /> " %>" /> " %>" />

<% } else if (keyStore != null && keyStore.size() > 1 && !CertificateManager.isRSACertificate(SSLConfig.getKeyStore(), XMPPServer.getInstance().getServerInfo().getXMPPDomain())) { %>

<% } else if (keyStore != null && keyStore.size() < 2 ) { %>
" %>" /> " %>" /> " %>" /> " %>" />

<% } else if (ParamUtils.getBooleanParameter(request,"addupdatesuccess")) { %>

<% } else if (ParamUtils.getBooleanParameter(request,"generatesuccess")) { %>

<% } else if (ParamUtils.getBooleanParameter(request,"deletesuccess")) { %>

<% } else if (errors.containsKey("delete")) { Exception e = (Exception)errors.get("delete"); %>
<% if (e != null && e.getMessage() != null) { %> : <%= e.getMessage() %> <% } %>

<% } else if (ParamUtils.getBooleanParameter(request,"issuerUpdated")) { %>

<% } else if (ParamUtils.getBooleanParameter(request,"importsuccess")) { %>

<% } else if (errors.containsKey("importReply")) { %>

<% } else if (errors.containsKey("generate")) { Exception e = (Exception)errors.get("generate"); %>
<% if (e != null && e.getMessage() != null) { %> : <%= e.getMessage() %> <% } %>

<% } %>

" %>" /> " %>" />

<% int i = 0; boolean offerUpdateIssuer = false; Map signingRequests = new LinkedHashMap(); if (keyStore != null) { for (Enumeration aliases = keyStore.aliases(); aliases.hasMoreElements();) { i++; String a = (String) aliases.nextElement(); X509Certificate c = (X509Certificate) keyStore.getCertificate(a); StringBuffer identities = new StringBuffer(); for (String identity : CertificateManager.getPeerIdentities(c)) { identities.append(identity).append(", "); } if (identities.length() > 0) { identities.setLength(identities.length() - 2); } // Self-signed certs are certs generated by Openfire whose IssueDN equals SubjectDN boolean isSelfSigned = CertificateManager.isSelfSignedCertificate(keyStore, a); // Signing Request pending = not self signed certs whose chain has only 1 cert (the same cert) boolean isSigningPending = CertificateManager.isSigningRequestPending(keyStore, a); offerUpdateIssuer = offerUpdateIssuer || isSelfSigned || isSigningPending; if (isSigningPending) { // Generate new signing request for certificate PrivateKey privKey = (PrivateKey) keyStore.getKey(a, SSLConfig.getKeyPassword().toCharArray()); if (privKey != null) { signingRequests.put(a, CertificateManager.createSigningRequest(c, privKey)); } } %> <% if (isSelfSigned && !isSigningPending) { %> <% } else if (isSigningPending) { %> <% } else { %> <% } %> <% if (isSigningPending) { %> <% } %> <% } %> <% } %>
 
<%= (i) %>. <%= identities.toString() %> (<%= a %>) <% boolean expired = c.getNotAfter().before(new Date()); if (expired) { %> <% } %> <%= JiveGlobals.formatDate(c.getNotAfter()) %> <% if (expired) { %> <% } %> <fmt:message key=" title=""> <fmt:message key=" title=""> <fmt:message key=" title=""> <%= c.getPublicKey().getAlgorithm() %> " onclick="return confirm('');" >
">
<% if (offerUpdateIssuer || !signingRequests.isEmpty()) { %>
<% if (offerUpdateIssuer) { %>

" %>" /> " %>" />

<% } %> <% if (!signingRequests.isEmpty()) { %>

<% for (Map.Entry entry : signingRequests.entrySet()) { %> <% } %>
<%= entry.getKey() %> <%= StringUtils.escapeHTMLTags(entry.getValue()) %>
<% } %>
<% } %>