/*
Copyright 2013, 2016 Nationale-Nederlanden
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package nl.nn.adapterframework.webcontrol.action;
import java.io.IOException;
import java.lang.reflect.Method;
import java.net.URL;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.transform.Transformer;
import nl.nn.adapterframework.configuration.Configuration;
import nl.nn.adapterframework.configuration.ConfigurationUtils;
import nl.nn.adapterframework.core.Adapter;
import nl.nn.adapterframework.core.HasSender;
import nl.nn.adapterframework.core.IAdapter;
import nl.nn.adapterframework.core.IPipe;
import nl.nn.adapterframework.core.IReceiver;
import nl.nn.adapterframework.core.ISender;
import nl.nn.adapterframework.core.PipeLine;
import nl.nn.adapterframework.ftp.FtpSender;
import nl.nn.adapterframework.http.HttpSender;
import nl.nn.adapterframework.http.WebServiceSender;
import nl.nn.adapterframework.jdbc.DirectQuerySender;
import nl.nn.adapterframework.jdbc.JdbcException;
import nl.nn.adapterframework.jms.JmsException;
import nl.nn.adapterframework.jms.JmsRealmFactory;
import nl.nn.adapterframework.jms.JmsSender;
import nl.nn.adapterframework.pipes.MessageSendingPipe;
import nl.nn.adapterframework.util.AppConstants;
import nl.nn.adapterframework.util.ClassUtils;
import nl.nn.adapterframework.util.CredentialFactory;
import nl.nn.adapterframework.util.Misc;
import nl.nn.adapterframework.util.StringResolver;
import nl.nn.adapterframework.util.XmlBuilder;
import nl.nn.adapterframework.util.XmlUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.w3c.dom.Element;
/**
* Shows the used certificate.
*
* @author Peter Leeuwenburgh
* @since 4.8
*/
public final class ShowSecurityItems extends ActionBase {
public static final String AUTHALIAS_XSLT = "xml/xsl/authAlias.xsl";
public static final String GETCONNPOOLPROP_XSLT = "xml/xsl/getConnectionPoolProperties.xsl";
public ActionForward executeSub(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
// Initialize action
initAction(request);
XmlBuilder securityItems = new XmlBuilder("securityItems");
addRegisteredAdapters(securityItems);
addApplicationDeploymentDescriptor(securityItems);
addSecurityRoleBindings(securityItems);
addJmsRealms(securityItems);
addSapSystems(securityItems);
addAuthEntries(securityItems);
addServerProps(securityItems);
request.setAttribute("secItems", securityItems.toXML());
// Forward control to the specified success URI
log.debug("forward to success");
return (mapping.findForward("success"));
}
private void addRegisteredAdapters(XmlBuilder securityItems) {
XmlBuilder registeredAdapters = new XmlBuilder("registeredAdapters");
securityItems.addSubElement(registeredAdapters);
for (IAdapter iAdapter : ibisManager.getRegisteredAdapters()) {
Adapter adapter = (Adapter)iAdapter;
XmlBuilder adapterXML = new XmlBuilder("adapter");
registeredAdapters.addSubElement(adapterXML);
adapterXML.addAttribute("name", adapter.getName());
Iterator recIt = adapter.getReceiverIterator();
if (recIt.hasNext()) {
XmlBuilder receiversXML = new XmlBuilder("receivers");
while (recIt.hasNext()) {
IReceiver receiver = (IReceiver) recIt.next();
XmlBuilder receiverXML = new XmlBuilder("receiver");
receiversXML.addSubElement(receiverXML);
receiverXML.addAttribute("name", receiver.getName());
if (receiver instanceof HasSender) {
ISender sender = ((HasSender) receiver).getSender();
if (sender != null) {
receiverXML.addAttribute("senderName", sender.getName());
}
}
}
adapterXML.addSubElement(receiversXML);
}
// make list of pipes to be displayed in configuration status
XmlBuilder pipesElem = new XmlBuilder("pipes");
adapterXML.addSubElement(pipesElem);
PipeLine pipeline = adapter.getPipeLine();
for (int i = 0; i < pipeline.getPipes().size(); i++) {
IPipe pipe = pipeline.getPipe(i);
String pipename = pipe.getName();
if (pipe instanceof MessageSendingPipe) {
MessageSendingPipe msp = (MessageSendingPipe) pipe;
XmlBuilder pipeElem = new XmlBuilder("pipe");
pipeElem.addAttribute("name", pipename);
ISender sender = msp.getSender();
pipeElem.addAttribute("sender", ClassUtils.nameOf(sender));
pipesElem.addSubElement(pipeElem);
if (sender instanceof WebServiceSender) {
WebServiceSender s = (WebServiceSender) sender;
String certificate = s.getCertificate();
if (StringUtils.isNotEmpty(certificate)) {
XmlBuilder certElem = new XmlBuilder("certificate");
certElem.addAttribute("name", certificate);
String certificateAuthAlias = s.getCertificateAuthAlias();
certElem.addAttribute("authAlias", certificateAuthAlias);
URL certificateUrl = ClassUtils.getResourceURL(this, certificate);
if (certificateUrl == null) {
certElem.addAttribute("url", "");
pipeElem.addSubElement(certElem);
XmlBuilder infoElem = new XmlBuilder("info");
infoElem.setCdataValue("*** ERROR ***");
certElem.addSubElement(infoElem);
} else {
certElem.addAttribute("url", certificateUrl.toString());
pipeElem.addSubElement(certElem);
String certificatePassword = s.getCertificatePassword();
CredentialFactory certificateCf = new CredentialFactory(certificateAuthAlias, null, certificatePassword);
String keystoreType = s.getKeystoreType();
addCertificateInfo(certElem, certificateUrl, certificateCf.getPassword(), keystoreType, "Certificate chain");
}
}
} else {
if (sender instanceof HttpSender) {
HttpSender s = (HttpSender) sender;
String certificate = s.getCertificate();
if (StringUtils.isNotEmpty(certificate)) {
XmlBuilder certElem = new XmlBuilder("certificate");
certElem.addAttribute("name", certificate);
String certificateAuthAlias = s.getCertificateAuthAlias();
certElem.addAttribute("authAlias", certificateAuthAlias);
URL certificateUrl = ClassUtils.getResourceURL(this, certificate);
if (certificateUrl == null) {
certElem.addAttribute("url", "");
pipeElem.addSubElement(certElem);
XmlBuilder infoElem = new XmlBuilder("info");
infoElem.setCdataValue("*** ERROR ***");
certElem.addSubElement(infoElem);
} else {
certElem.addAttribute("url", certificateUrl.toString());
pipeElem.addSubElement(certElem);
String certificatePassword = s.getCertificatePassword();
CredentialFactory certificateCf = new CredentialFactory(certificateAuthAlias, null, certificatePassword);
String keystoreType = s.getKeystoreType();
addCertificateInfo(certElem, certificateUrl, certificateCf.getPassword(), keystoreType, "Certificate chain");
}
}
} else {
if (sender instanceof FtpSender) {
FtpSender s = (FtpSender) sender;
String certificate = s.getCertificate();
if (StringUtils.isNotEmpty(certificate)) {
XmlBuilder certElem = new XmlBuilder("certificate");
certElem.addAttribute("name", certificate);
String certificateAuthAlias = s.getCertificateAuthAlias();
certElem.addAttribute("authAlias", certificateAuthAlias);
URL certificateUrl = ClassUtils.getResourceURL(this, certificate);
if (certificateUrl == null) {
certElem.addAttribute("url", "");
pipeElem.addSubElement(certElem);
XmlBuilder infoElem = new XmlBuilder("info");
infoElem.setCdataValue("*** ERROR ***");
certElem.addSubElement(infoElem);
} else {
certElem.addAttribute("url", certificateUrl.toString());
pipeElem.addSubElement(certElem);
String certificatePassword = s.getCertificatePassword();
CredentialFactory certificateCf = new CredentialFactory(certificateAuthAlias, null, certificatePassword);
String keystoreType = s.getCertificateType();
addCertificateInfo(certElem, certificateUrl, certificateCf.getPassword(), keystoreType, "Certificate chain");
}
}
}
}
}
}
}
}
}
private void addCertificateInfo(XmlBuilder certElem, final URL url, final String password, String keyStoreType, String prefix) {
try {
KeyStore keystore = KeyStore.getInstance(keyStoreType);
keystore.load(url.openStream(), password != null ? password.toCharArray() : null);
if (log.isInfoEnabled()) {
Enumeration aliases = keystore.aliases();
while (aliases.hasMoreElements()) {
String alias = (String) aliases.nextElement();
XmlBuilder infoElem = new XmlBuilder("info");
infoElem.setCdataValue(prefix + " '" + alias + "':");
certElem.addSubElement(infoElem);
Certificate trustedcert = keystore.getCertificate(alias);
if (trustedcert != null && trustedcert instanceof X509Certificate) {
X509Certificate cert = (X509Certificate) trustedcert;
infoElem = new XmlBuilder("info");
infoElem.setCdataValue(" Subject DN: " + cert.getSubjectDN());
certElem.addSubElement(infoElem);
infoElem = new XmlBuilder("info");
infoElem.setCdataValue(" Signature Algorithm: " + cert.getSigAlgName());
certElem.addSubElement(infoElem);
infoElem = new XmlBuilder("info");
infoElem.setCdataValue(" Valid from: " + cert.getNotBefore());
certElem.addSubElement(infoElem);
infoElem = new XmlBuilder("info");
infoElem.setCdataValue(" Valid until: " + cert.getNotAfter());
certElem.addSubElement(infoElem);
infoElem = new XmlBuilder("info");
infoElem.setCdataValue(" Issuer: " + cert.getIssuerDN());
certElem.addSubElement(infoElem);
}
}
}
} catch (Exception e) {
XmlBuilder infoElem = new XmlBuilder("info");
infoElem.setCdataValue("*** ERROR ***");
certElem.addSubElement(infoElem);
}
}
private void addApplicationDeploymentDescriptor(XmlBuilder securityItems) {
XmlBuilder appDD = new XmlBuilder("applicationDeploymentDescriptor");
String appDDString = null;
try {
appDDString = Misc.getApplicationDeploymentDescriptor();
appDDString = XmlUtils.skipXmlDeclaration(appDDString);
appDDString = XmlUtils.skipDocTypeDeclaration(appDDString);
appDDString = XmlUtils.removeNamespaces(appDDString);
} catch (IOException e) {
appDDString = "*** ERROR ***";
}
appDD.setValue(appDDString, false);
securityItems.addSubElement(appDD);
}
private void addSecurityRoleBindings(XmlBuilder securityItems) {
XmlBuilder appBnd = new XmlBuilder("securityRoleBindings");
String appBndString = null;
try {
appBndString = Misc.getDeployedApplicationBindings();
appBndString = XmlUtils.removeNamespaces(appBndString);
} catch (IOException e) {
appBndString = "*** ERROR ***";
}
appBnd.setValue(appBndString, false);
securityItems.addSubElement(appBnd);
}
private void addJmsRealms(XmlBuilder securityItems) {
List jmsRealms = JmsRealmFactory.getInstance().getRegisteredRealmNamesAsList();
XmlBuilder jrs = new XmlBuilder("jmsRealms");
securityItems.addSubElement(jrs);
String confResString;
try {
confResString = Misc.getConfigurationResources();
if (confResString!=null) {
confResString = XmlUtils.removeNamespaces(confResString);
}
} catch (IOException e) {
log.warn("error getting configuration resources ["+e+"]");
confResString = null;
}
for (int j = 0; j < jmsRealms.size(); j++) {
String jmsRealm = (String) jmsRealms.get(j);
String dsName = null;
String qcfName = null;
String tcfName = null;
String dsInfo = null;
String qcfInfo = null;
DirectQuerySender qs = (DirectQuerySender)ibisManager.getIbisContext().createBeanAutowireByName(DirectQuerySender.class);
qs.setJmsRealm(jmsRealm);
try {
dsName = qs.getDataSourceNameToUse();
dsInfo = qs.getDatasourceInfo();
} catch (JdbcException jdbce) {
// no datasource
}
if (StringUtils.isNotEmpty(dsName)) {
XmlBuilder jr = new XmlBuilder("jmsRealm");
jrs.addSubElement(jr);
jr.addAttribute("name", jmsRealm);
jr.addAttribute("datasourceName", dsName);
XmlBuilder infoElem = new XmlBuilder("info");
infoElem.setValue(dsInfo);
jr.addSubElement(infoElem);
if (confResString!=null) {
String connectionPoolProperties = getConnectionPoolProperties(confResString, "JDBC", dsName);
if (StringUtils.isNotEmpty(connectionPoolProperties)) {
infoElem = new XmlBuilder("info");
infoElem.setValue(connectionPoolProperties);
jr.addSubElement(infoElem);
}
}
}
JmsSender js = new JmsSender();
js.setJmsRealm(jmsRealm);
try {
qcfName = js.getConnectionFactoryName();
qcfInfo = js.getConnectionFactoryInfo();
} catch (JmsException jmse) {
// no connectionFactory
}
if (StringUtils.isNotEmpty(qcfName)) {
XmlBuilder jr = new XmlBuilder("jmsRealm");
jrs.addSubElement(jr);
jr.addAttribute("name", jmsRealm);
jr.addAttribute("queueConnectionFactoryName", qcfName);
XmlBuilder infoElem = new XmlBuilder("info");
infoElem.setValue(qcfInfo);
jr.addSubElement(infoElem);
if (confResString!=null) {
String connectionPoolProperties = getConnectionPoolProperties(confResString, "JMS", qcfName);
if (StringUtils.isNotEmpty(connectionPoolProperties)) {
infoElem = new XmlBuilder("info");
infoElem.setValue(connectionPoolProperties);
jr.addSubElement(infoElem);
}
}
}
tcfName = js.getTopicConnectionFactoryName();
if (StringUtils.isNotEmpty(tcfName)) {
XmlBuilder jr = new XmlBuilder("jmsRealm");
jrs.addSubElement(jr);
jr.addAttribute("name", jmsRealm);
jr.addAttribute("topicConnectionFactoryName", tcfName);
}
}
}
private String getConnectionPoolProperties(String confResString, String providerType, String jndiName) {
String connectionPoolProperties = null;
try {
URL url = ClassUtils.getResourceURL(this, GETCONNPOOLPROP_XSLT);
if (url != null) {
Transformer t = XmlUtils.createTransformer(url, true);
Map parameters = new Hashtable();
parameters.put("providerType", providerType);
parameters.put("jndiName", jndiName);
XmlUtils.setTransformerParameters(t, parameters);
connectionPoolProperties = XmlUtils.transformXml(t, confResString);
}
} catch (Exception e) {
connectionPoolProperties = "*** ERROR ***";
}
return connectionPoolProperties;
}
private void addSapSystems(XmlBuilder securityItems) {
List sapSystems = null;
Object sapSystemFactory = null;
Method factoryGetSapSystemInfo = null;
try {
Class c = Class.forName("nl.nn.adapterframework.extensions.sap.SapSystemFactory");
Method factoryGetInstance = c.getMethod("getInstance");
sapSystemFactory = factoryGetInstance.invoke(null, null);
Method factoryGetRegisteredSapSystemsNamesAsList = c.getMethod("getRegisteredSapSystemsNamesAsList");
sapSystems = (List) factoryGetRegisteredSapSystemsNamesAsList.invoke(sapSystemFactory, null);
factoryGetSapSystemInfo = c.getMethod("getSapSystemInfo", String.class);
} catch (Throwable t) {
log.debug("Caught NoClassDefFoundError, just no sapSystem available: " + t.getMessage());
}
if (sapSystems!=null) {
XmlBuilder sss = new XmlBuilder("sapSystems");
securityItems.addSubElement(sss);
Iterator iter = sapSystems.iterator();
while (iter.hasNext()) {
XmlBuilder ss = new XmlBuilder("sapSystem");
sss.addSubElement(ss);
String name = (String) iter.next();
ss.addAttribute("name", name);
XmlBuilder infoElem = new XmlBuilder("info");
try {
infoElem.setCdataValue((String) factoryGetSapSystemInfo.invoke(sapSystemFactory, name));
} catch (Exception e) {
infoElem.setValue("*** ERROR ***");
}
ss.addSubElement(infoElem);
}
}
}
private void addAuthEntries(XmlBuilder securityItems) {
XmlBuilder aes = new XmlBuilder("authEntries");
securityItems.addSubElement(aes);
Collection entries = null;
try {
URL url = ClassUtils.getResourceURL(this, AUTHALIAS_XSLT);
if (url != null) {
for (Configuration configuration : ibisManager.getConfigurations()) {
Transformer t = XmlUtils.createTransformer(url, true);
String configString = configuration.getOriginalConfiguration();
configString = StringResolver.substVars(configString, AppConstants.getInstance());
configString = ConfigurationUtils.getActivatedConfiguration(configuration, configString);
String authEntries = XmlUtils.transformXml(t, configString);
Element authEntriesElement = XmlUtils.buildElement(authEntries);
if (entries == null) {
entries = XmlUtils.getChildTags(authEntriesElement, "entry");
} else {
entries.addAll(XmlUtils.getChildTags(authEntriesElement, "entry"));
}
}
}
} catch (Exception e) {
XmlBuilder ae = new XmlBuilder("entry");
aes.addSubElement(ae);
ae.addAttribute("alias", "*** ERROR ***");
}
if (entries != null) {
Iterator iter = entries.iterator();
while (iter.hasNext()) {
Element itemElement = (Element) iter.next();
String alias = itemElement.getAttribute("alias");
CredentialFactory cf = new CredentialFactory(alias, null, null);
XmlBuilder ae = new XmlBuilder("entry");
aes.addSubElement(ae);
ae.addAttribute("alias", alias);
String userName;
String passWord;
try {
userName = cf.getUsername();
passWord = StringUtils.repeat("*", cf.getPassword().length());
} catch (Exception e) {
userName = "*** ERROR ***";
passWord = "*** ERROR ***";
}
ae.addAttribute("userName", userName);
ae.addAttribute("passWord", passWord);
}
}
}
private void addServerProps(XmlBuilder securityItems) {
XmlBuilder serverProps = new XmlBuilder("serverProps");
XmlBuilder transactionService = new XmlBuilder("transactionService");
serverProps.addSubElement(transactionService);
String totalTransactionLifetimeTimeout;
try {
totalTransactionLifetimeTimeout = Misc.getTotalTransactionLifetimeTimeout();
} catch (Exception e) {
totalTransactionLifetimeTimeout = "*** ERROR ***";
}
transactionService.addAttribute("totalTransactionLifetimeTimeout", totalTransactionLifetimeTimeout);
String maximumTransactionTimeout;
try {
maximumTransactionTimeout = Misc.getMaximumTransactionTimeout();
} catch (Exception e) {
maximumTransactionTimeout = "*** ERROR ***";
}
transactionService.addAttribute("maximumTransactionTimeout", maximumTransactionTimeout);
securityItems.addSubElement(serverProps);
}
}