OF-892: basic certificate management support in admin panel.

Mutual authentication support depends on certificates being available in the client
truststore. Openfire does not ship with any by default, and does not provide any tools
to manage certificates in any of the truststores. This commit adds basic support, which
allows a user to add, remove and review certificates in any of the keystores that are
available in Openfire.

src/java/org/jivesoftware/admin/ASN1DERTag.java

+package org.jivesoftware.admin;
+
+import org.bouncycastle.asn1.*;
+
+import javax.servlet.jsp.JspException;
+import javax.servlet.jsp.tagext.BodyTagSupport;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Creates a table that represents an ASN.1 encoded DER value.
+ *
+ * This tag creates a HTML table, that consists of one or two columns and an unspecified number of rows. Each cell
+ * can contain a nested table (of similar format).
+ */
+public class ASN1DERTag extends BodyTagSupport {
+
+    private byte[] value; // ASN.1 DER-encoded value
+
+    public byte[] getValue() {
+        return value;
+    }
+
+    public void setValue(byte[] value) {
+        this.value = value;
+    }
+
+    @Override
+    public int doEndTag() throws JspException {
+
+        try {
+            final ASN1InputStream decoder = new ASN1InputStream(value);
+            ASN1Primitive primitive = decoder.readObject();
+            while (primitive != null && !(primitive instanceof ASN1Null)) {
+                pageContext.getOut().write(doPrimitive(primitive));
+                primitive = decoder.readObject();
+            }
+        } catch (Exception ex) {
+            throw new JspException(ex.getMessage());
+        }
+
+        return super.doEndTag();
+    }
+
+    private String doPrimitive(ASN1Primitive primitive) throws IOException {
+        if (primitive == null || primitive instanceof ASN1Null) {
+            return "";
+        } else if (primitive instanceof ASN1Sequence) {
+            return doCollection(((ASN1Sequence) primitive).toArray());
+        } else if (primitive instanceof ASN1Set) {
+            return doCollection(((ASN1Set) primitive).toArray());
+        } else if (primitive instanceof DERTaggedObject) {
+            final DERTaggedObject tagged = ((DERTaggedObject) primitive);
+            return "<table><tr><td>" + /* tagged.getTagNo() + */ "</td><td>" + doPrimitive(tagged.getObject()) + "</td></tr></table>";
+        } else {
+            return "<table><tr><td colspan='2'>" + asString(primitive) + "</td></tr></table>";
+        }
+    }
+
+    private String doCollection(ASN1Encodable[] asn1Encodables) throws IOException {
+        switch (asn1Encodables.length) {
+            case 1:
+                // one row, one column
+                return "<table><tr><td colspan='2'>" + doPrimitive(asn1Encodables[0].toASN1Primitive()) + "</td></tr></table>";
+
+            case 2:
+                // one row, two columns
+                return "<table><tr><td>" + doPrimitive(asn1Encodables[0].toASN1Primitive()) + "</td>"
+                        + "<td>" + doPrimitive(asn1Encodables[1].toASN1Primitive()) + "</td></tr></table>";
+
+            default:
+                // a row per per item
+                final StringBuilder sb = new StringBuilder();
+                for (ASN1Encodable asn1Encodable : asn1Encodables) {
+                    sb.append("<table><tr><td colspan='2'>").append(doPrimitive(asn1Encodable.toASN1Primitive())).append("</td></tr></table>");
+                }
+                return sb.toString();
+        }
+    }
+
+    private String asString(ASN1Primitive primitive) {
+        if (primitive == null || primitive instanceof ASN1Null) {
+            return "";
+        }
+        if (primitive instanceof ASN1String) {
+            return ((ASN1String) primitive).getString();
+        }
+        if (primitive instanceof DERUTCTime) {
+            return ((DERUTCTime) primitive).getAdjustedTime();
+        }
+        if (primitive instanceof DERGeneralizedTime) {
+            return ((DERGeneralizedTime) primitive).getTime();
+        }
+        if (primitive instanceof ASN1ObjectIdentifier) {
+            switch (((ASN1ObjectIdentifier) primitive).getId()) {
+                case "1.3.6.1.5.5.7.8.5":
+                    return "xmppAddr";
+                default:
+                    return primitive.toString();
+            }
+        }
+        return primitive.toString();
+    }
+}

src/java/org/jivesoftware/admin/InfoboxTag.java

+package org.jivesoftware.admin;
+
+import javax.servlet.jsp.JspException;
+import javax.servlet.jsp.tagext.BodyTagSupport;
+import java.io.IOException;
+
+public class InfoboxTag extends BodyTagSupport {
+
+    private String type; // success, error, warning
+
+    public String getType() {
+        return type;
+    }
+
+    public void setType(String type) {
+        this.type = type;
+    }
+
+    @Override
+    public int doEndTag() throws JspException {
+
+        String body = "<div class=\"jive-"+type+"\">\n" +
+        "    <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\">\n" +
+        "        <tbody>\n" +
+        "        <tr><td class=\"jive-icon\"><img src=\"images/"+type+"-16x16.gif\" width=\"16\" height=\"16\" border=\"0\" alt=\"\"/></td>\n" +
+        "            <td class=\"jive-icon-label\">\n" +
+                        bodyContent.getString() +
+        "            </td></tr>\n" +
+        "        </tbody>\n" +
+        "   </table>\n" +
+        "</div><br>\n";
+
+        try {
+            pageContext.getOut().write( body );
+        }
+        catch (IOException ioe) {
+            throw new JspException(ioe.getMessage());
+        }
+
+        return super.doEndTag();
+    }
+}

src/java/org/jivesoftware/admin/JSTLFunctions.java

+package org.jivesoftware.admin;
+
+import org.bouncycastle.asn1.*;
+import org.jivesoftware.util.Log;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+/**
+ * Utility functions that are exposed through a taglib.
+ *
+ * @author Guus der Kinderen
+ */
+public class JSTLFunctions
+{
+    /**
+     * JSTL delegate for {@link String#replaceAll(String, String)}. The first argument is the value on which the
+     * replacement has to occur. The other arguments are passed to {@link String#replaceAll(String, String)} directly.
+     *
+     * @see String#replaceAll(String, String)
+     */
+    public static String replaceAll(String string, String regex, String replacement)
+    {
+        return string.replaceAll(regex, replacement);
+    }
+
+    /**
+     * JSTL delegate for {@link String#split(String)}. The first argument is the value on which the replacement has to
+     * occur. The other argument is used as the argument for the invocation of {@link String#split(String)}.
+     *
+     * @see String#split(String)
+     */
+    public static String[] split(String string, String regex)
+    {
+        return string.split(regex);
+    }
+}

src/java/org/jivesoftware/util/CertificateManager.java

@@ -687,6 +687,57 @@ public class CertificateManager {
         }
     }
 
+    /**
+     * Imports one certificate into a truststore.
+     *
+     * This method will fail when more than one certificate is being provided.
+     *
+     * @param trustStore store where certificates are stored.
+     * @param alias the name (key) under which the certificate is to be stored in the store.
+     * @param inputStream a stream containing the certificate.
+     */
+    public static void installCertsInTrustStore(KeyStore trustStore, String alias, InputStream inputStream) throws Exception
+    {
+        // Input validation
+        if (trustStore == null) {
+            throw new IllegalArgumentException("Argument 'trustStore' cannot be null.");
+        }
+        if (alias == null || alias.trim().isEmpty()) {
+            throw new IllegalArgumentException("Argument 'alias' cannot be null or an empty String.");
+        }
+        if (inputStream == null) {
+            throw new IllegalArgumentException("Argument 'inputStream' cannot be null.");
+        }
+        alias = alias.trim();
+
+        // Check that there is a certificate for the specified alias
+        if (trustStore.containsAlias(alias)) {
+            throw new IllegalArgumentException("Certificate already exists for alias: " + alias);
+        }
+
+        // Load certificate found in the PEM input stream
+        final Collection<? extends Certificate> certificates = CertificateFactory.getInstance("X509").generateCertificates(inputStream);
+        if (certificates.isEmpty()) {
+            throw new Exception("No certificate was found in the input.");
+        }
+        if (certificates.size() != 1) {
+            throw new Exception("More than one certificate was found in the input.");
+        }
+
+        final X509Certificate certificate = (X509Certificate) certificates.iterator().next();
+
+        trustStore.setCertificateEntry(alias, certificate);
+
+        // Notify listeners that a new certificate has been added.
+        for (CertificateEventListener listener : listeners) {
+            try {
+                listener.certificateCreated(trustStore, alias, certificate);
+            } catch (Throwable e) {
+                Log.warn("An exception occurred during the invocation of a CertificateEventListener.", e);
+            }
+        }
+    }
+
     /**
      * Imports a new signed certificate and its private key into the keystore. The certificate input
      * stream may contain the signed certificate as well as its CA chain.

src/resources/jar/admin-sidebar.xml

@@ -127,11 +127,6 @@
                   url="ssl-settings.jsp"
                   description="${sidebar.server-ssl.descr}"/>
 
-            <!-- SSL Certificates -->
-            <item id="ssl-certificates" name="${sidebar.ssl-certificates}"
-                  url="ssl-certificates.jsp"
-                  description="${sidebar.ssl-certificates.descr}"/>
-
             <!-- Compression Settings -->
             <item id="server-compression" name="${sidebar.server-compression}"
                   url="compression-settings.jsp"
@@ -144,6 +139,26 @@
 
         </sidebar>
 
+        <!-- TLS / SSL-->
+        <sidebar id="sidebar-certificates" name="${sidebar.sidebar-certificates}">
+
+            <!-- Server Certificates -->
+            <item id="security-keystore" name="${sidebar.security-keystore}"
+                  url="security-keystore.jsp"
+                  description="${sidebar.security-keystore.descr}"/>
+
+            <!-- C2S Certificate Truststore -->
+            <item id="security-truststore-c2s" name="${sidebar.security-truststore-c2s}"
+                  url="security-truststore.jsp?type=c2s"
+                  description="${sidebar.security-truststore-c2s.descr}"/>
+
+            <!-- S2S Certificate Truststore -->
+            <item id="security-truststore-s2s" name="${sidebar.security-truststore-s2s}"
+                  url="security-truststore.jsp?type=s2s"
+                  description="${sidebar.security-truststore-s2s.descr}"/>
+
+        </sidebar>
+
         <!-- Server Settings -->
         <sidebar id="sidebar-media-services" name="${sidebar.sidebar-media-services}">
             <!-- Media Proxy Settings -->

src/web/WEB-INF/admin.tld

@@ -123,4 +123,36 @@
             <rtexprvalue>true</rtexprvalue>
         </attribute>
 	</tag>
+    <tag>
+        <name>infobox</name>
+        <tagclass>org.jivesoftware.admin.InfoboxTag</tagclass>
+        <bodycontent>JSP</bodycontent>
+        <info />
+        <attribute>
+            <name>type</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+        </attribute>
+    </tag>
+    <tag>
+        <name>ASN1DER</name>
+        <tagclass>org.jivesoftware.admin.ASN1DERTag</tagclass>
+        <bodycontent>JSP</bodycontent>
+        <info />
+        <attribute>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+        </attribute>
+    </tag>
+    <function>
+        <name>replaceAll</name>
+        <function-class>org.jivesoftware.admin.JSTLFunctions</function-class>
+        <function-signature>java.lang.String replaceAll(java.lang.String, java.lang.String, java.lang.String)</function-signature>
+    </function>
+    <function>
+        <name>split</name>
+        <function-class>org.jivesoftware.admin.JSTLFunctions</function-class>
+        <function-signature>java.lang.String[] split(java.lang.String, java.lang.String)</function-signature>
+    </function>
 </taglib>
\ No newline at end of file

src/web/import-truststore-certificate.jsp

+<%@ page errorPage="error.jsp"%>
+<%@ page import="org.jivesoftware.util.CertificateManager"%>
+<%@ page import="org.jivesoftware.util.ParamUtils"%>
+<%@ page import="org.jivesoftware.openfire.net.SSLConfig"%>
+<%@ page import="java.io.ByteArrayInputStream"%>
+<%@ page import="java.util.HashMap"%>
+<%@ page import="java.util.Map"%>
+<%@ page import="java.security.KeyStore" %>
+
+<%@ taglib uri="admin" prefix="admin" %>
+<%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
+<%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
+
+<jsp:useBean id="webManager" class="org.jivesoftware.util.WebManager"/>
+<%  webManager.init(request, response, session, application, out ); %>
+
+<%  final boolean save       = ParamUtils.getParameter(request, "save") != null;
+    final String type        = ParamUtils.getParameter(request, "type");
+    final String alias       = ParamUtils.getParameter(request, "alias");
+    final String certificate = ParamUtils.getParameter(request, "certificate");
+
+    final Map<String, String> errors = new HashMap<String, String>();
+
+    KeyStore store = null;
+
+    if (type == null)
+    {
+        errors.put("type", "The store type has not been specified.");
+    }
+    else
+    {
+        try
+        {
+            switch (type)
+            {
+                case "s2s":
+                    store = SSLConfig.gets2sTrustStore();
+                    break;
+
+                case "c2s":
+                    store = SSLConfig.getc2sTrustStore();
+                    break;
+
+                default:
+                    throw new Exception("Unknown store type: " + type);
+            }
+        }
+        catch (Exception e)
+        {
+            e.printStackTrace();
+            errors.put("type", e.getMessage());
+        }
+    }
+
+    if (save && errors.isEmpty())
+    {
+        if (alias == null || "".equals(alias))
+        {
+            errors.put("missingalias", "missingalias");
+        }
+        else if (store.containsAlias(alias))
+        {
+            // Verify that the provided alias is not already available
+            errors.put("existingalias", "existingalias");
+        }
+        if (certificate == null || "".equals(certificate))
+        {
+            errors.put("certificate", "certificate-missing");
+        }
+
+        if (errors.isEmpty())
+        {
+            try
+            {
+                // Import certificate
+                CertificateManager.installCertsInTrustStore(store, alias, new ByteArrayInputStream(certificate.getBytes()));
+
+                // Save keystore
+                SSLConfig.saveStores();
+
+                // Log the event
+                webManager.logEvent("imported SSL certificate in "+type+" truststore", "alias = "+alias);
+                response.sendRedirect("security-truststore.jsp?type="+type+"&importsuccess=true");
+                return;
+            }
+            catch (Throwable e)
+            {
+                e.printStackTrace();
+                errors.put("import", e.getMessage());
+            }
+        }
+    }
+%>
+
+<html>
+<head>
+    <title>
+        <fmt:message key="ssl.import.certificate.keystore.title"/> - <fmt:message key="ssl.certificates.truststore.${param.type}-title"/>
+    </title>
+    <meta name="pageID" content="security-truststore-${param.type}"/>
+</head>
+<body>
+
+<% pageContext.setAttribute("errors", errors); %>
+<c:forEach var="err" items="${errors}">
+    <admin:infobox type="error">
+        <c:choose>
+            <c:when test="${err.key eq 'type'}">
+                <fmt:message key="ssl.import.certificate.keystore.error.type"/>
+            </c:when>
+
+            <c:when test="${err.key eq 'missingalias'}">
+                <fmt:message key="ssl.import.certificate.keystore.error.alias-missing"/>
+            </c:when>
+
+            <c:when test="${err.key eq 'existingalias'}">
+                <fmt:message key="ssl.import.certificate.keystore.error.alias-exists"/>
+            </c:when>
+
+            <c:when test="${err.key eq 'certificate'}">
+                <fmt:message key="ssl.import.certificate.keystore.error.certificate"/>
+            </c:when>
+
+            <c:when test="${err.key eq 'import'}">
+                <fmt:message key="ssl.import.certificate.keystore.error.import"/>
+                <c:if test="${not empty err.value}">
+                    <fmt:message key="admin.error"/>: <c:out value="${err.value}"/>
+                </c:if>
+            </c:when>
+
+            <c:otherwise>
+                <c:if test="${not empty err.value}">
+                    <fmt:message key="admin.error"/>: <c:out value="${err.value}"/>
+                </c:if>
+                (<c:out value="${err.key}"/>)
+            </c:otherwise>
+        </c:choose>
+    </admin:infobox>
+</c:forEach>
+
+<c:if test="${not empty param.type}">
+    <p>
+        <fmt:message key="ssl.import.certificate.keystore.${param.type}-intro"/>
+    </p>
+
+    <!-- BEGIN 'Import Certificate' -->
+    <form action="import-truststore-certificate.jsp?type=${param.type}" method="post" name="f">
+        <div class="jive-contentBoxHeader">
+            <fmt:message key="ssl.import.certificate.keystore.boxtitle"/>
+        </div>
+        <div class="jive-contentBox">
+            <table cellpadding="3" cellspacing="0" border="0">
+                <tbody>
+                    <tr valign="top">
+                        <td width="1%" nowrap class="c1">
+                            <label for="alias"><fmt:message key="ssl.signing-request.alias"/></label>
+                        </td>
+                        <td width="99%">
+                            <input type="text" size="30" maxlength="100" name="alias" id="alias" value="${param.alias}">
+                        </td>
+                    </tr>
+                    <tr valign="top">
+                        <td width="1%" nowrap class="c1">
+                            <label for="certificate"><fmt:message key="ssl.import.certificate.keystore.certificate"/></label>
+                        </td>
+                        <td width="99%">
+                            <textarea name="certificate" id="certificate" cols="80" rows="20" wrap="virtual">${param.certificate}</textarea>
+                        </td>
+                    </tr>
+                </tbody>
+            </table>
+        </div>
+        <input type="submit" name="save" value="<fmt:message key="global.save"/>">
+    </form>
+    <!-- END 'Import Certificate' -->
+</c:if>
+
+</body>
+</html>

src/web/security-truststore.jsp

+<%@ page errorPage="error.jsp"%>
+
+<%@ page import="org.jivesoftware.openfire.net.SSLConfig"%>
+<%@ page import="org.jivesoftware.util.CertificateManager"%>
+<%@ page import="org.jivesoftware.util.ParamUtils"%>
+<%@ page import="java.security.KeyStore"%>
+<%@ page import="java.security.cert.X509Certificate"%>
+<%@ page import="java.util.Enumeration"%>
+<%@ page import="java.util.HashMap"%>
+
+<%@ page import="java.util.Map"%>
+<%@ taglib uri="admin" prefix="admin" %>
+<%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
+<%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
+
+<jsp:useBean id="webManager" class="org.jivesoftware.util.WebManager" />
+<jsp:useBean id="now" class="java.util.Date"/>
+<%  webManager.init(request, response, session, application, out );
+
+    boolean delete = ParamUtils.getBooleanParameter(request, "delete");
+    String type = ParamUtils.getParameter(request, "type");
+    String alias = ParamUtils.getParameter(request, "alias");
+    Map<String, Exception> errors = new HashMap<String, Exception>();
+
+    KeyStore store = null;
+
+    if (type == null) {
+        errors.put("type", new Exception("The store type has not been specified."));
+    } else {
+        try {
+            switch (type) {
+                case "s2s":
+                    store = SSLConfig.gets2sTrustStore();
+                    break;
+                case "c2s":
+                    store = SSLConfig.getc2sTrustStore();
+                    break;
+                default:
+                    throw new Exception("Unknown store type: " + type);
+            }
+        } catch (Exception e) {
+            errors.put("type", e);
+        }
+    }
+
+    if (delete) {
+        if (store != null && alias != null) {
+            try {
+                CertificateManager.deleteCertificate(store, alias);
+                SSLConfig.saveStores();
+
+                // Log the event
+                webManager.logEvent("deleted SSL cert from "+type+"-truststore with alias "+alias, null);
+                response.sendRedirect("security-truststore.jsp?type="+type+"&deletesuccess=true");
+                return;
+            }
+            catch (Exception e) {
+                errors.put("delete", e);
+            }
+        }
+    }
+%>
+
+<html>
+<head>
+  <title><fmt:message key="ssl.certificates.truststore.${param.type}-title"/></title>
+  <meta name="pageID" content="security-truststore-${param.type}"/>
+</head>
+<body>
+
+<% pageContext.setAttribute("errors", errors); %>
+<c:forEach var="err" items="${errors}">
+  <admin:infobox type="error">
+      <c:choose>
+          <c:when test="${err.key eq 'type'}">
+              <c:out value="${err.key}"/>
+              <c:if test="${not empty err.value}">
+                  : <c:out value="${err.value}"/>
+              </c:if>
+          </c:when>
+
+          <c:otherwise>
+              <c:out value="${err.key}"/>
+              <c:if test="${not empty err.value}">
+                  : <c:out value="${err.value}"/>
+              </c:if>
+          </c:otherwise>
+      </c:choose>
+  </admin:infobox>
+</c:forEach>
+
+  <c:if test="${param.deletesuccess}">
+      <admin:infobox type="success"><fmt:message key="ssl.certificates.deleted"/></admin:infobox>
+  </c:if>
+  <c:if test="${param.importsuccess}">
+      <admin:infobox type="success"><fmt:message key="ssl.certificates.added_updated"/></admin:infobox>
+  </c:if>
+
+  <% if (type != null && store != null) { %>
+  <p>
+      <fmt:message key="ssl.certificates.truststore.${param.type}-intro"/>
+  </p>
+  <p>
+      <fmt:message key="ssl.certificates.general-usage"/>
+  </p>
+  <p>
+      <fmt:message key="ssl.certificates.truststore.${param.type}-info">
+          <fmt:param value="<a href='ssl-settings.jsp'>"/>
+          <fmt:param value="</a>"/>
+      </fmt:message>
+  </p>
+  <p>
+      <fmt:message key="ssl.certificates.truststore.link-to-import">
+          <fmt:param value="<a href='import-truststore-certificate.jsp?type=${param.type}'>"/>
+          <fmt:param value="</a>"/>
+      </fmt:message>
+  </p>
+  <table class="jive-table" cellpadding="0" cellspacing="0" border="0" width="100%">
+      <thead>
+      <tr>
+          <th>
+              <fmt:message key="ssl.signing-request.organization"/> <small>(<fmt:message key="ssl.certificates.alias"/>)</small>
+          </th>
+          <th width="20%">
+              <fmt:message key="ssl.certificates.valid-between"/>
+          </th>
+          <th>
+              <fmt:message key="ssl.certificates.algorithm"/>
+          </th>
+          <th width="1%">
+              <fmt:message key="global.delete"/>
+          </th>
+      </tr>
+      </thead>
+      <tbody>
+      <%  if (store != null && store.aliases().hasMoreElements()) {
+              for (Enumeration aliases = store.aliases(); aliases.hasMoreElements();) {
+                  String a = (String) aliases.nextElement();
+                  X509Certificate certificate = (X509Certificate) store.getCertificate(a);
+
+                  pageContext.setAttribute("alias", a);
+                  pageContext.setAttribute("certificate", certificate);
+      %>
+      <c:set var="organization" value=""/>
+      <c:set var="commonname" value=""/>
+      <c:forEach var="subjectPart" items="${admin:split(certificate.subjectX500Principal.name, '(?<!\\\\\\\\),')}">
+          <c:set var="keyValue" value="${fn:split(subjectPart, '=')}"/>
+          <c:set var="key" value="${fn:toUpperCase(keyValue[0])}"/>
+          <c:set var="value" value="${admin:replaceAll(keyValue[1], '\\\\\\\\(.)', '$1')}"/>
+          <c:choose>
+              <c:when test="${key eq 'O'}">
+                  <c:set var="organization" value="${organization} ${value}"/>
+              </c:when>
+              <c:when test="${key eq 'CN'}">
+                  <c:set var="commonname" value="${value}"/>
+              </c:when>
+          </c:choose>
+      </c:forEach>
+
+      <tr valign="top">
+          <td>
+              <a href="security-certificate-details.jsp?type=${param.type}&alias=${alias}" title="<fmt:message key='session.row.cliked'/>">
+                  <c:choose>
+                      <c:when test="${empty fn:trim(organization)}">
+                          <c:out value="${commonname}"/>
+                      </c:when>
+                      <c:otherwise>
+                          <c:out value="${organization}"/>
+                      </c:otherwise>
+                  </c:choose>
+              </a>
+              <small>(<c:out value="${alias}"/>)</small>
+          </td>
+          <td>
+              <c:choose>
+                  <c:when test="${certificate.notAfter lt now or certificate.notBefore gt now}">
+                      <span style="color: red;">
+                          <fmt:formatDate type="DATE" dateStyle="MEDIUM" value="${certificate.notBefore}"/>
+                          -
+                          <fmt:formatDate type="DATE" dateStyle="MEDIUM" value="${certificate.notAfter}"/>
+                      </span>
+                  </c:when>
+                  <c:otherwise>
+                      <span>
+                          <fmt:formatDate type="DATE" dateStyle="MEDIUM" value="${certificate.notBefore}"/>
+                          -
+                          <fmt:formatDate type="DATE" dateStyle="MEDIUM" value="${certificate.notAfter}"/>
+                      </span>
+                  </c:otherwise>
+              </c:choose>
+          </td>
+          <td width="2%">
+              <c:out value="${certificate.publicKey.algorithm}"/>
+          </td>
+          <td width="1" align="center">
+              <a href="security-truststore.jsp?alias=${alias}&type=${param.type}&delete=true"
+                 title="<fmt:message key="global.click_delete"/>"
+                 onclick="return confirm('<fmt:message key="ssl.certificates.confirm_delete"/>');"
+                      ><img src="images/delete-16x16.gif" width="16" height="16" border="0" alt=""></a>
+          </td>
+      </tr>
+      <%
+              }
+          } else {
+      %>
+      <tr valign="top">
+          <td colspan="5"><em>(<fmt:message key="global.none"/>)</em></td>
+      </tr>
+      <% } %>
+      </tbody>
+  </table>
+
+  <% } %>
+
+  </body>
+</html>

src/web/ssl-settings.jsp

@@ -28,6 +28,7 @@
 <%@ page import="org.jivesoftware.util.ParamUtils" %>
 <%@ page import="org.jivesoftware.openfire.session.ConnectionSettings" %>
 
+<%@ taglib uri="admin" prefix="admin" %>
 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
 <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
 <jsp:useBean id="webManager" class="org.jivesoftware.util.WebManager"  />
@@ -210,33 +211,13 @@
 <body>
 
 <%  if (success) { %>
-
-    <div class="jive-success">
-    <table cellpadding="0" cellspacing="0" border="0">
-    <tbody>
-        <tr><td class="jive-icon"><img src="images/success-16x16.gif" width="16" height="16" border="0" alt=""></td>
-        <td class="jive-icon-label">
-        <fmt:message key="ssl.settings.update" />
-        </td></tr>
-    </tbody>
-    </table>
-    </div><br>
-
-<%  } else if (ParamUtils.getBooleanParameter(request,"deletesuccess")) { %>
-
-    <div class="jive-success">
-    <table cellpadding="0" cellspacing="0" border="0">
-    <tbody>
-        <tr><td class="jive-icon"><img src="images/success-16x16.gif" width="16" height="16" border="0" alt=""></td>
-        <td class="jive-icon-label">
-        <fmt:message key="ssl.settings.uninstalled" />
-        </td></tr>
-    </tbody>
-    </table>
-    </div><br>
-
+    <admin:infobox type="success"><fmt:message key="ssl.settings.update" /></admin:infobox>
 <%  } %>
 
+<c:if test="${param.deletesuccess}">
+    <admin:infobox type="success"><fmt:message key="ssl.settings.uninstalled" /></admin:infobox>
+</c:if>
+
 <p>
 <fmt:message key="ssl.settings.client.info" />
 </p>

src/web/ssl-signing-request.jsp

@@ -9,19 +9,13 @@
 <%@ page import="java.util.HashMap" %>
 <%@ page import="java.util.Map" %>
 
+<%@ taglib uri="admin" prefix="admin" %>
 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
 <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
+
 <jsp:useBean id="webManager" class="org.jivesoftware.util.WebManager"  />
 <% webManager.init(request, response, session, application, out ); %>
 
-<%--
-  Created by IntelliJ IDEA.
-  User: gato
-  Date: Nov 6, 2006
-  Time: 3:15:13 PM
-  To change this template use File | Settings | File Templates.
---%>
-
 <% // Get parameters:
     boolean save = ParamUtils.getParameter(request, "save") != null;
     String name = ParamUtils.getParameter(request, "name");
@@ -98,7 +92,7 @@
                 SSLConfig.saveStores();
                 // Log the event
                 webManager.logEvent("generated SSL signing request", null);
-                response.sendRedirect("ssl-certificates.jsp?issuerUpdated=true");
+                response.sendRedirect("security-keystore.jsp");
                 return;
             }
             catch (Exception e) {
@@ -114,76 +108,41 @@
     <title>
         <fmt:message key="ssl.signing-request.title"/>
     </title>
-    <meta name="pageID" content="ssl-certificates"/>
+    <meta name="pageID" content="security-keystore"/>
 </head>
 <body>
-<%  if (errors.containsKey("name")) { %>
-    <div class="jive-error">
-    <table cellpadding="0" cellspacing="0" border="0">
-    <tbody>
-        <tr><td class="jive-icon"><img src="images/error-16x16.gif" width="16" height="16" border="0" alt=""></td>
-        <td class="jive-icon-label">
-        <fmt:message key="ssl.signing-request.enter_name" />
-        </td></tr>
-    </tbody>
-    </table>
-    </div><br>
-<%  } else if (errors.containsKey("organizationalUnit")) { %>
-    <div class="jive-error">
-    <table cellpadding="0" cellspacing="0" border="0">
-    <tbody>
-        <tr><td class="jive-icon"><img src="images/error-16x16.gif" width="16" height="16" border="0" alt=""></td>
-        <td class="jive-icon-label">
-        <fmt:message key="ssl.signing-request.enter_ou" />
-        </td></tr>
-    </tbody>
-    </table>
-    </div><br>
-<%  } else if (errors.containsKey("organization")) { %>
-    <div class="jive-error">
-    <table cellpadding="0" cellspacing="0" border="0">
-    <tbody>
-        <tr><td class="jive-icon"><img src="images/error-16x16.gif" width="16" height="16" border="0" alt=""></td>
-        <td class="jive-icon-label">
-        <fmt:message key="ssl.signing-request.enter_o" />
-        </td></tr>
-    </tbody>
-    </table>
-    </div><br>
-<%  } else if (errors.containsKey("city")) { %>
-    <div class="jive-error">
-    <table cellpadding="0" cellspacing="0" border="0">
-    <tbody>
-        <tr><td class="jive-icon"><img src="images/error-16x16.gif" width="16" height="16" border="0" alt=""></td>
-        <td class="jive-icon-label">
-        <fmt:message key="ssl.signing-request.enter_city" />
-        </td></tr>
-    </tbody>
-    </table>
-    </div><br>
-<%  } else if (errors.containsKey("state")) { %>
-    <div class="jive-error">
-    <table cellpadding="0" cellspacing="0" border="0">
-    <tbody>
-        <tr><td class="jive-icon"><img src="images/error-16x16.gif" width="16" height="16" border="0" alt=""></td>
-        <td class="jive-icon-label">
-        <fmt:message key="ssl.signing-request.enter_state" />
-        </td></tr>
-    </tbody>
-    </table>
-    </div><br>
-<%  } else if (errors.containsKey("countryCode")) { %>
-    <div class="jive-error">
-    <table cellpadding="0" cellspacing="0" border="0">
-    <tbody>
-        <tr><td class="jive-icon"><img src="images/error-16x16.gif" width="16" height="16" border="0" alt=""></td>
-        <td class="jive-icon-label">
-        <fmt:message key="ssl.signing-request.enter_country" />
-        </td></tr>
-    </tbody>
-    </table>
-    </div><br>
-<%  } %>
+
+<% pageContext.setAttribute("errors", errors); %>
+<c:forEach var="err" items="${errors}">
+    <admin:infobox type="error">
+        <c:choose>
+            <c:when test="${err.key eq 'name'}">
+                <fmt:message key="ssl.signing-request.enter_name" />
+            </c:when>
+            <c:when test="${err.key eq 'organizationalUnit'}">
+                <fmt:message key="ssl.signing-request.enter_ou" />
+            </c:when>
+            <c:when test="${err.key eq 'organization'}">
+                <fmt:message key="ssl.signing-request.enter_o" />
+            </c:when>
+            <c:when test="${err.key eq 'city'}">
+                <fmt:message key="ssl.signing-request.enter_city" />
+            </c:when>
+            <c:when test="${err.key eq 'state'}">
+                <fmt:message key="ssl.signing-request.enter_state" />
+            </c:when>
+            <c:when test="${err.key eq 'countryCode'}">
+                <fmt:message key="ssl.signing-request.enter_country" />
+            </c:when>
+            <c:otherwise>
+                <c:out value="${err.key}"/>
+                <c:if test="${not empty err.value}">
+                    <fmt:message key="admin.error"/>: <c:out value="${err.value}"/>
+                </c:if>
+            </c:otherwise>
+        </c:choose>
+    </admin:infobox>
+</c:forEach>
 
 <!-- BEGIN 'Issuer information form' -->
 <form action="ssl-signing-request.jsp" method="post">