[JM-632] Improved robustness of admin console when dealing with corrupt SSL keystores.

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9785 b35dd754-fafc-0310-a699-88a17e54d16e

[JM-632] Improved robustness of admin console when dealing with corrupt SSL keystores.
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9785 b35dd754-fafc-0310-a699-88a17e54d16e
1fed517c · Daniel Henninger · dhenninger · 289998d7 · 1fed517c · 1fed517c
Commit 1fed517c authored Jan 20, 2008 by Daniel Henninger Committed by dhenninger Jan 20, 2008
7 changed files
--- a/src/i18n/openfire_i18n_en.properties
+++ b/src/i18n/openfire_i18n_en.properties
@@ -275,6 +275,10 @@
 #       Added key: 'server.db.connection_details.when_created'
 #       Added key: 'server.db.connection_details.last_used'
 #       Added key: 'server.db.connection_details.thread'
+#       Added key: 'index.certificate-error'
+#       Added key: 'ssl.certificates.io_error'
+#       Added key: 'ssl.certificates.generated'
+#       Added key: 'ssl.certificates.uninstalled'

 # Openfire

@@ -794,6 +798,7 @@ index.uptime=Server Uptime:
 index.version=Version:
 index.home=Server Directory:
 index.certificate-warning=Found RSA certificate that is not valid for the server domain.
+index.certificate-error=Unable to access certificate store.  The keystore may be corrupt.
 index.server_name=Server Name:
 index.server_port=Server Ports
 index.server_ip=IP:Port, Security:
@@ -1795,6 +1800,7 @@ ssl.settings.available=Available
 ssl.settings.notavailable=Not Available
 ssl.settings.required=Required
 ssl.settings.optional=Optional
+ssl.settings.uninstalled=Uninstalled
 ssl.settings.server.legend=Server Connection Security
 ssl.settings.server.label_required=Required
 ssl.settings.server.label_required_info=Connections between servers always use secured connections.
@@ -1831,6 +1837,7 @@ ssl.certificates.algorithm=Algorithm
 ssl.certificates.confirm_delete=Are you sure you want to delete this certificate?
 ssl.certificates.added_updated=Certificate added or modified successfully.
 ssl.certificates.deleted=Certificate deleted successfully.
+ssl.certificates.generated=Certificates generated successfully.
 ssl.certificates.error=Error deleting the certificate.
 ssl.certificates.error_messenge=Error message
 ssl.certificates.error_importing-reply=An error occured while importing the Certificate Authority reply. Verify that \
@@ -1847,6 +1854,7 @@ ssl.certificates.error_installing=Error installing the certificate.
 ssl.certificates.error_reported=Error reported
 ssl.certificates.paste_certificate=Paste in the certificate sent to you by the CA or the self-signed \
        certificate generated via the keytool.
+ssl.certificates.io_error=Unable to access certificate store.  The keystore may be corrupt.

 ssl.signing-request.title=Signing request
 ssl.signing-request.issuer_information=Issuer Information

--- a/src/java/org/jivesoftware/openfire/net/SSLConfig.java
+++ b/src/java/org/jivesoftware/openfire/net/SSLConfig.java
@@ -25,6 +25,7 @@ import java.io.IOException;
 import java.net.InetAddress;
 import java.net.ServerSocket;
 import java.security.KeyStore;
+import java.security.KeyStoreException;
 import java.security.cert.X509Certificate;
 import java.util.List;

@@ -291,6 +292,22 @@ public class SSLConfig {
        return c2sTrustStore;
    }

+    /**
+     * Initializes (wipes and recreates) the keystore, and returns the new keystore.
+     *
+     * @return Newly initialized keystore.
+     */
+    public static KeyStore initializeKeyStore() {
+        try {
+            keyStore = KeyStore.getInstance(storeType);
+            keyStore.load(null, keypass.toCharArray());
+        }
+        catch (Exception e) {
+            Log.error("Unable to initialize keystore: ", e);
+        }
+        return keyStore;
+    }
+
    /**
     * Save all key and trust stores.
     */

--- a/src/web/import-certificate.jsp
+++ b/src/web/import-certificate.jsp
@@ -6,6 +6,7 @@
                java.util.HashMap,
                java.util.Map"
         errorPage="error.jsp"%>
+<%@ page import="java.security.KeyStore" %>

 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
 <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
@@ -41,8 +42,15 @@
                    index = index + 1;
                    alias = domain + "_" + index;
                }
+                KeyStore keystore;
+                try {
+                    keystore = SSLConfig.getKeyStore();
+                }
+                catch (Exception e) {
+                    keystore = SSLConfig.initializeKeyStore();
+                }
                // Import certificate
-                CertificateManager.installCert(SSLConfig.getKeyStore(), SSLConfig.gets2sTrustStore(),
+                CertificateManager.installCert(keystore, SSLConfig.gets2sTrustStore(),
                        SSLConfig.getKeyPassword(), alias, new ByteArrayInputStream(privateKey.getBytes()), passPhrase,
                        new ByteArrayInputStream(certificate.getBytes()), true, true);
                // Save keystore
@@ -138,7 +146,7 @@
                      <fmt:message key="ssl.import.certificate.private-key" />
                  </td>
                  <td width="99%">
-                      <textarea name="private-key" cols="60" rows="5" wrap="virtual"></textarea>
+                      <textarea name="private-key" cols="60" rows="5" wrap="virtual"/>
                  </td>
              </tr>
              <tr valign="top">
@@ -146,7 +154,7 @@
                      <fmt:message key="ssl.import.certificate.certificate" />
                  </td>
                  <td width="99%">
-                      <textarea name="certificate" cols="60" rows="5" wrap="virtual"></textarea>
+                      <textarea name="certificate" cols="60" rows="5" wrap="virtual"/>
                  </td>
              </tr>
          </tbody>

--- a/src/web/index.jsp
+++ b/src/web/index.jsp
@@ -134,7 +134,7 @@
 %>
 <style type="text/css">
 .bar TD {
-    padding : 0px;
+    padding : 0;
 }
 #jive-latest-activity .jive-bottom-line {
 	padding-top: 10px;
@@ -246,8 +246,12 @@
                    <fmt:message key="index.server_name" />
                </td>
                <td class="c2">
+                    <% try { %>
                    <% if (!CertificateManager.isRSACertificate(SSLConfig.getKeyStore(), XMPPServer.getInstance().getServerInfo().getName())) {%>
-                    <img src="images/warning-16x16.gif" width="16" height="16" border="0" alt="<fmt:message key="index.certificate-warning" />" text="<fmt:message key="index.certificate-warning" />">&nbsp;
+                    <img src="images/warning-16x16.gif" width="16" height="16" border="0" alt="<fmt:message key="index.certificate-warning" />" title="<fmt:message key="index.certificate-warning" />">&nbsp;
+                    <% } %>
+                    <% } catch (Exception e) { %>
+                    <img src="images/error-16x16.gif" width="16" height="16" border="0" alt="<fmt:message key="index.certificate-error" />" title="<fmt:message key="index.certificate-error" />">&nbsp;
                    <% } %>
                    ${webManager.serverInfo.name}
                </td>
@@ -378,7 +382,7 @@
                    }
                }

-                %><div class="jive-bottom-line"></div><%
+                %><div class="jive-bottom-line"/><%
                if (lastBlogFeed != null && !lastBlogFeed.getEntries().isEmpty()) {

                    List entries = lastBlogFeed.getEntries();
@@ -392,7 +396,7 @@
                    <fmt:message key="index.cs_blog.unavailable" />
                 <% }

-                 %><div class="jive-bottom-line"></div><%
+                 %><div class="jive-bottom-line"/><%
                if (lastReleaseFeed != null && !lastReleaseFeed.getEntries().isEmpty()) {

                    List entries = lastReleaseFeed.getEntries();
@@ -435,9 +439,9 @@
        <td><%= "0.0.0.0".equals(address.getHostName()) ? LocaleUtils.getLocalizedString("ports.all_ports") : address.getHostName() %></td>
        <td><%= address.getPort() %></td>
        <% if (LocalClientSession.getTLSPolicy() == Connection.TLSPolicy.disabled) { %>
-            <td><img src="images/blank.gif" width="1" height="1"></td>
+            <td><img src="images/blank.gif" width="1" height="1" alt=""/></td>
        <% } else { %>
-            <td><img src="images/lock.gif" width="16" height="16" border="0"/></td>
+            <td><img src="images/lock.gif" width="16" height="16" border="0" alt=""/></td>
        <% } %>
        <td><fmt:message key="ports.client_to_server" /></td>
        <td><fmt:message key="ports.client_to_server.desc">
@@ -454,7 +458,7 @@
    <tr>
        <td><%= "0.0.0.0".equals(address.getHostName()) ? LocaleUtils.getLocalizedString("ports.all_ports") : address.getHostName() %></td>
        <td><%= address.getPort() %></td>
-        <td><img src="images/lock.gif" width="16" height="16" border="0"/></td>
+        <td><img src="images/lock.gif" width="16" height="16" border="0" alt=""/></td>
        <td><fmt:message key="ports.client_to_server" /></td>
        <td><fmt:message key="ports.client_to_server.desc_old_ssl">
            <fmt:param value="<a href='ssl-settings.jsp'>" />
@@ -470,9 +474,9 @@
        <td><%= interfaceName == null ? LocaleUtils.getLocalizedString("ports.all_ports") : serverPort.getIPAddress() %></td>
        <td><%= serverPort.getPort() %></td>
        <% if (JiveGlobals.getBooleanProperty("xmpp.server.tls.enabled", true)) { %>
-            <td><img src="images/lock.gif" width="16" height="16" border="0"/></td>
+            <td><img src="images/lock.gif" width="16" height="16" border="0" alt=""/></td>
        <% } else { %>
-            <td><img src="images/blank.gif" width="1" height="1"></td>
+            <td><img src="images/blank.gif" width="1" height="1" alt=""/></td>
        <% } %>
        <td><fmt:message key="ports.server_to_server" /></td>
        <td><fmt:message key="ports.server_to_server.desc">
@@ -492,9 +496,9 @@
        <td><%= "0.0.0.0".equals(address.getHostName()) ? LocaleUtils.getLocalizedString("ports.all_ports") : address.getHostName() %></td>
        <td><%= address.getPort() %></td>
        <% if (LocalConnectionMultiplexerSession.getTLSPolicy() == Connection.TLSPolicy.disabled) { %>
-            <td><img src="images/blank.gif" width="1" height="1"></td>
+            <td><img src="images/blank.gif" width="1" height="1" alt=""></td>
        <% } else { %>
-            <td><img src="images/lock.gif" width="16" height="16" border="0"/></td>
+            <td><img src="images/lock.gif" width="16" height="16" border="0" alt=""/></td>
        <% } %>
        <td><fmt:message key="ports.connection_manager" /></td>
        <td><fmt:message key="ports.connection_manager.desc">
@@ -510,7 +514,7 @@
    <tr>
        <td><%= interfaceName == null ? LocaleUtils.getLocalizedString("ports.all_ports") : componentPort.getIPAddress() %></td>
        <td><%= componentPort.getPort() %></td>
-        <td><img src="images/blank.gif" width="1" height="1"></td>
+        <td><img src="images/blank.gif" width="1" height="1" alt=""></td>
        <td><fmt:message key="ports.external_components" /></td>
        <td><fmt:message key="ports.external_components.desc">
            <fmt:param value="<a href='external-components-settings.jsp'>" />
@@ -522,14 +526,14 @@
    <tr>
        <td><%= interfaceName == null ? LocaleUtils.getLocalizedString("ports.all_ports") : interfaceName %></td>
        <td><%= adminConsolePlugin.getAdminUnsecurePort() %></td>
-        <td><img src="images/blank.gif" width="1" height="1"></td>
+        <td><img src="images/blank.gif" width="1" height="1" alt=""></td>
        <td><fmt:message key="ports.admin_console" /></td>
        <td><fmt:message key="ports.admin_console.desc_unsecured" /></td>
    </tr>
    <tr>
        <td><%= interfaceName == null ? LocaleUtils.getLocalizedString("ports.all_ports") : interfaceName %></td>
        <td><%= adminConsolePlugin.getAdminSecurePort() %></td>
-        <td><img src="images/lock.gif" width="16" height="16" border="0"/></td>
+        <td><img src="images/lock.gif" width="16" height="16" border="0" alt=""/></td>
        <td><fmt:message key="ports.admin_console" /></td>
        <td><fmt:message key="ports.admin_console.desc_secured" /></td>
    </tr>
@@ -539,7 +543,7 @@
    <tr>
        <td><%= interfaceName == null ? LocaleUtils.getLocalizedString("ports.all_ports") : interfaceName %></td>
        <td><%= fileTransferProxy.getProxyPort() %></td>
-        <td><img src="images/blank.gif" width="1" height="1"></td>
+        <td><img src="images/blank.gif" width="1" height="1" alt=""></td>
        <td><fmt:message key="ports.file_proxy" /></td>
        <td><fmt:message key="ports.file_proxy.desc" /></td>
    </tr>
@@ -553,7 +557,7 @@
        <tr>
            <td><%= interfaceName == null ? LocaleUtils.getLocalizedString("ports.all_ports") : interfaceName %></td>
            <td><%= httpBindManager.getHttpBindUnsecurePort() %></td>
-            <td><img src="images/blank.gif" width="1" height="1"></td>
+            <td><img src="images/blank.gif" width="1" height="1" alt=""></td>
            <td><fmt:message key="ports.http_bind" /></td>
            <td><fmt:message key="ports.http_bind.desc_unsecured" /></td>
        </tr>
@@ -564,7 +568,7 @@
        <tr>
            <td><%= interfaceName == null ? LocaleUtils.getLocalizedString("ports.all_ports") : interfaceName %></td>
            <td><%= httpBindManager.getHttpBindSecurePort() %></td>
-            <td><img src="images/lock.gif" width="16" height="16" border="0"/></td>
+            <td><img src="images/lock.gif" width="16" height="16" border="0" alt=""/></td>
            <td><fmt:message key="ports.http_bind" /></td>
            <td><fmt:message key="ports.http_bind.desc_secured" /></td>
        </tr>
@@ -576,7 +580,7 @@
    <tr>
        <td><%= interfaceName == null ? LocaleUtils.getLocalizedString("ports.all_ports") : interfaceName %></td>
        <td><%= mediaProxyService.getMinPort() %> - <%= mediaProxyService.getMaxPort() %></td>
-        <td><img src="images/blank.gif" width="1" height="1"></td>
+        <td><img src="images/blank.gif" width="1" height="1" alt=""></td>
        <td><fmt:message key="ports.media_proxy" /></td>
        <td><fmt:message key="ports.media_proxy.desc" /></td>
    </tr>
@@ -587,7 +591,7 @@
    <tr>
        <td><%= interfaceName == null ? LocaleUtils.getLocalizedString("ports.all_ports") : interfaceName %></td>
        <td><%= stunService.getPrimaryPort() %> & <%= stunService.getSecondaryPort() %></td>
-        <td><img src="images/blank.gif" width="1" height="1"></td>
+        <td><img src="images/blank.gif" width="1" height="1" alt=""></td>
        <td><fmt:message key="ports.stun" /></td>
        <td><fmt:message key="ports.stun.desc" /></td>
    </tr>
@@ -595,7 +599,7 @@
    <tr>
        <td><%= interfaceName == null ? LocaleUtils.getLocalizedString("ports.all_ports") : interfaceName %></td>
        <td><%= flashCrossDomainHandler.getPort() %></td>
-        <td><img src="images/blank.gif" width="1" height="1"></td>
+        <td><img src="images/blank.gif" width="1" height="1" alt=""></td>
        <td><fmt:message key="ports.flash_cross_domain" /></td>
        <td><fmt:message key="ports.flash_cross_domain.desc" /></td>
    </tr>
@@ -609,4 +613,4 @@
 </form>

    </body>
-</html>
\ No newline at end of file
+</html>
--- a/src/web/ssl-certificates.jsp
+++ b/src/web/ssl-certificates.jsp
--- a/src/web/ssl-settings.jsp
+++ b/src/web/ssl-settings.jsp
@@ -296,8 +296,7 @@
 						</table>
 					</td>
 				</tr>
-			</tr>
-		</tbody>
+		    </tbody>
 		</table>


@@ -376,8 +375,7 @@
 						</table>
 					</td>
 				</tr>
-			</tr>
-		</tbody>
+		    </tbody>
 		</table>
 	</div>


--- a/src/web/ssl-signing-request.jsp
+++ b/src/web/ssl-signing-request.jsp
@@ -28,10 +28,17 @@
    String state = ParamUtils.getParameter(request, "state");
    String countryCode = ParamUtils.getParameter(request, "country");

-    KeyStore keyStore = SSLConfig.getKeyStore();
    Map<String, Object> errors = new HashMap<String, Object>();

    if (save) {
+        KeyStore keyStore;
+        try {
+            keyStore = SSLConfig.getKeyStore();
+        }
+        catch (Exception e) {
+            keyStore = SSLConfig.initializeKeyStore();
+        }
+
        // Verify that fields were completed
        if (name == null) {
            errors.put("name", "");