Chapter 4   Deploying Applications


Developing the iPlanet Portal Server Plug-in for the Identrus System involves understanding how to perform a Certificate Status check using the Identrus enabled four corner model. The objectives of this chapter are to cover:

• Installing the Development Environment

• Certificate Status Check

• Performing a CSC Check

• Mapping the Certificate Store

• Compiling the sample program

• Running the sample program

Introduction

---

iPlanet Portal Server Plug-in for the Identrus System comes with an API and a Sample Java Source code designed to help you integrate your own applications within the Portal Server that are Identrus enabled.

Figure 4-1    Portal Server Hardware Overview

Normally the portal is deployed over a server and gateway and as such Java needs to be installed on both these machines. In order to assimilate this environment the following procedure must be adopted.

Installing the Development Environment

---

Sample Source code and API

The source code, that illustrates how Identrus enabled applications might be deployed, can be found in the following directory:

<portal_install_directory>/SUNWpin/sample/src/com/iplanet/sample/S ampleCSC.java

The API suitable for deploying applications that are Identrus enabled can be found in the following directory:

<portal_install_directory>/SUNWpin/apidocs/helper/index.html <portal_install_directory>/SUNWpin/apidocs/plugin/index.html

The API covering Java Security can be found within the Java 2 documentation at the following websites

http://java.sun.com/j2se/1.3/docs/api/ http://java.sun.com/security/JCE1.2/spec/apidoc/

The HTML source screens can be found on:

<portal_install_directory>SUNWips/public_html

The API package com.iplanet.portalserver can be found in

<portal_install_directory>/SUNWips/public_html/docs/en_US/javadocs /com/iplanet/portalserver

Information about how to deploy the Portal API package com.iplanet.portalserver can be found in

http://docs.iplanet.com/docs/manuals/portal/30/progref/

Creating two Java virtual machines

Download JDK from the website and put in a temporary directory in for instance /app

http://java.sun.com

Copy into an appropriate directory as follows:

cd/app mkdir java1.2.2_06 cp -r java1.2/* java1.2.2_06/

Starting the Portal Server

The following Script illustrates how to start the portal server

#!/bin/sh LD_LIBRARY_PATH=/app/SUNWips/lib export LD_LIBRARY_PATH /app/SUNWips/bin/ipsserver start debug > ipsserver.out JAVA_HOME=/app/java1.2.2_06 export JAVA_HOME /app/SUNWips/bin/ipsgateway start tail -f ipsserver.out

Stopping the Portal Server

The following Script illustrates how to stop the Portal Server:

/app/SUNWips/bin/ipsserver stop /app/SUNWips/bin/ipsgateway stop

Certificate Status Check

---

Performing a Certificate Status Check involves the following interface packages

Figure 4-2    Performing a CSC using the interface packages

Performing a CSC Check

---

The CertStatusChecker provides the means to get the status for a given CertID. This is deployed using checkStatus(CertID). From the properties object returned you can retrieve: The Request Time, Certificate Status, Response Status and Transaction ID. Calling .checkStatus(CertID) will cause a certificate status check using the certificate id presented. For this to be successful the responder URL, and the signing certificate will need to have been correctly set-up, within portal server. This is done via the admin server typically on http://127.0.0.1:8080/console. The following configuration settings must be made

• CSC Configuration Request Signing Certificate, Response Signing Certificate and Trusted Response Verification Certificates

• RC Host

• RC Settings: The Responder Type, The URL of the Responder and The OCSP Requestor Name

• Organisation Details: Organisation ID, Legal Name, Short Name, The URL of the logo, Postal Address and Contact Informtaion

The following code fragment illustrates this:

CertStatusChecker statusChecker = SingletonCertStatusChecker.getChecker( mySessionID ); Properties certProps = statusChecker.checkStatus( myCertID ); //Get the Certificate Status String certStatus = certProps.getProperty( CertStatusChecker.CERT_STATUS ); if (certStatus.equals ( CertStatusChecker.GOOD ) ) {System.out.println("Certificate is trusted.");} else if (certStatus.equals ( CertStatusChecker.REVOKED ) ) {System.out.println("Certificate has been revoked.");} else if (certStatus.equals ( CertStatusChecker.UNKNOWN ) ) {System.out.println("The certificate status is not known by the CSC.");} else if (certStatus.equals ( CertStatusChecker.ERROR ) ) {System.out.println("There was an error getting the certificate status.");} //Get request time String requestTime = certProps.getProperty( CertStatusChecker.REQUEST_TIME ); System.out.println("The request was made at" + requestTime); //Get response status // The response code is used to provide more detail of an error if the cert status was ERROR. String requestStatus = certProps.getProperty( CertStatusChecker.RESPONSE_STATUS ); System.out.println("The request status is " + requestStatus); //Get Transaction ID String transID = certProps.getProperty( CertStatusChecker.TX_ID ); System.out.println("The transaction ID is " + transID);

---

Note	Developers should consult: <portal_install_directory>/SUNWpin/apidocs/com/iplanet/portalserver/identrus/statuscheck/CertStatusChecker.html Configuration settings are described in the Administrator Chapter 3

---

Mapping the Certificate Store

---

CertMapStore's are used to access Certificates and CertIDs. CertIDs are used by the Portal Server CSC libraries to identify certificates which are present within the CertMapStore. The following fragment illustrates how it might typically be used:

CertMapStore certStore = SingletonStatusStoreRegistry.getCertMapStore( mySessionID ); //Example 1 : a single certificate, may-be presented as base64 X509Certificate aPKCS7Cert = convertSomePKCS7DataFromSomeSource ( pkcs7data ) ; CertID certID = certStore.getCertID ( aPKCS7Cert ) ; performCSCCode ( certID ); //see CertStatusChecker for more details

---

Note	Details of how to access X509Certificate can be found at: http://java.sun.com/j2se/1.3/docs/api/java/security/cert/X509Certificate.html Details about the interface CertMapStore can be found at <portal_install_directory>/SUNWpin/apidocs/com/iplanet/portalserver/identrus/statuscheck/CertMapStore.html

---

Compiling the sample program

---

All the libraries needed to develop CSC applications can be found in:

<Portal_install_directory>/SUNWips/lib

This directory includes all portal server libraries as well as all the Plugin libraries. The following script illustrates how to run and compile the sample program, from MSDOS:

cd <Portal_install_directory>/SUNWips/lib set CLASSPATH=sample.jar:activation.jar:asn1.jar:config.jar:ipspin.jar :dsms.jar:jndi.jar:jaas.jar:jss21.jar:ldapbp.jar:jsskeystore.jar:l dapfilt.jar:ldap.jar:ocsp.jar:ldapjdk_debug.jar:mail.jar:servlet.j ar:pkcs.jar:tbmail.jar:providerutil.jar:tbutil.jar:ssl.jar:x509v1. jar:tokenkeystore.jar:country.zip:xml.jar:identrus_update.zip:xml4 j.jar:utiloverride.zip:identrus.zip:oracle-jdbc-815.zip: tbextlibrary.zip: tblibrary.zip: ips_services.jar: trustbase.zip export CLASSPATH javac <Portal_install_directory>/SUNWpin/sample/src/com/iplanet/sample/S ampleCSC.java cd <Portal_install_directory>/SUNWpin/sample/src jar cvf <Portal_install_directory>/SUNWpin/sample/src /com/iplanet/sample/sample.jar com/iplanet/sample/SampleCSC.class

Once the program has been compiled and loaded into the jar file sample.jar it must be copied into the jar directory where the portal server was installed:

<portal_install_directory>/SUNWips/lib/sample.jar

Running the sample program

---

In order to run the program the following conditions must be met

• The CSC must be setup, see earlier Chapter 2 Administration

• The user must be logged in either as a SmartCard User or from the Administration console.

To run the sample program, type the following:

http://hailstorm.uk.sun.com:8080/SampleCSC

The following screen should appear:

Figure 4-3    Sample Certificate Status Check Main Screen

Select <Perform CSC> and the following output should appear:

Figure 4-4    Sample Certificate Status Check Output