diff options
| author | Fraser Tweedale <ftweedal@redhat.com> | 2015-06-10 03:02:35 -0400 |
|---|---|---|
| committer | Fraser Tweedale <ftweedal@redhat.com> | 2015-09-26 14:11:51 +1000 |
| commit | 5cdad30b99d8c115f6b50c63bb2ecceefdd33937 (patch) | |
| tree | 46525eeadf64a22b5b0070176716d08ce5df36b9 | |
| parent | 2a9f56d02b4a284cda6f8b61b250e1494f19a83e (diff) | |
| download | pki-5cdad30b99d8c115f6b50c63bb2ecceefdd33937.tar.gz pki-5cdad30b99d8c115f6b50c63bb2ecceefdd33937.tar.xz pki-5cdad30b99d8c115f6b50c63bb2ecceefdd33937.zip | |
Lightweight CAs: add ca-authority CLI
Add CLI commands for creating, listing and showing lightweight CAs.
Part of: https://fedorahosted.org/pki/ticket/1213
9 files changed, 459 insertions, 1 deletions
diff --git a/base/common/src/com/netscape/certsrv/authority/AuthorityClient.java b/base/common/src/com/netscape/certsrv/authority/AuthorityClient.java new file mode 100644 index 000000000..86de3352e --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authority/AuthorityClient.java @@ -0,0 +1,62 @@ +//--- BEGIN COPYRIGHT BLOCK --- +//This program is free software; you can redistribute it and/or modify +//it under the terms of the GNU General Public License as published by +//the Free Software Foundation; version 2 of the License. +// +//This program is distributed in the hope that it will be useful, +//but WITHOUT ANY WARRANTY; without even the implied warranty of +//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +//GNU General Public License for more details. +// +//You should have received a copy of the GNU General Public License along +//with this program; if not, write to the Free Software Foundation, Inc., +//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +//(C) 2015 Red Hat, Inc. +//All rights reserved. +//--- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authority; + +import java.net.URISyntaxException; +import java.util.List; + +import javax.ws.rs.core.GenericType; +import javax.ws.rs.core.Response; + +import com.netscape.certsrv.client.Client; +import com.netscape.certsrv.client.PKIClient; + +/** + * @author Fraser Tweedale <ftweedal@redhat.com> + */ +public class AuthorityClient extends Client { + + public AuthorityResource proxy; + + public AuthorityClient(PKIClient client, String subsystem) throws URISyntaxException { + super(client, subsystem, "authority"); + proxy = createProxy(AuthorityResource.class); + } + + public List<AuthorityData> listCAs() { + Response response = proxy.listCAs(); + GenericType<List<AuthorityData>> type = new GenericType<List<AuthorityData>>() {}; + return client.getEntity(response, type); + } + + public AuthorityData getCA(String caIDString) { + Response response = proxy.getCA(caIDString); + return client.getEntity(response, AuthorityData.class); + } + + public AuthorityData createCA(AuthorityData data) { + Response response = proxy.createCA(data); + return client.getEntity(response, AuthorityData.class); + } + + public AuthorityData modifyCA(AuthorityData data) { + Response response = proxy.modifyCA(data.getID(), data); + return client.getEntity(response, AuthorityData.class); + } + +} diff --git a/base/common/src/com/netscape/certsrv/ca/CAClient.java b/base/common/src/com/netscape/certsrv/ca/CAClient.java index e1a0a8c02..1fbd2a0b2 100644 --- a/base/common/src/com/netscape/certsrv/ca/CAClient.java +++ b/base/common/src/com/netscape/certsrv/ca/CAClient.java @@ -26,6 +26,7 @@ import com.netscape.certsrv.group.GroupClient; import com.netscape.certsrv.profile.ProfileClient; import com.netscape.certsrv.selftests.SelfTestClient; import com.netscape.certsrv.user.UserClient; +import com.netscape.certsrv.authority.AuthorityClient; public class CAClient extends SubsystemClient { @@ -35,7 +36,7 @@ public class CAClient extends SubsystemClient { } public void init() throws URISyntaxException { - + addClient(new AuthorityClient(client, name)); addClient(new CertClient(client, name)); addClient(new GroupClient(client, name)); addClient(new ProfileClient(client, name)); diff --git a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityCLI.java b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityCLI.java new file mode 100644 index 000000000..99d38ad1b --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityCLI.java @@ -0,0 +1,52 @@ +package com.netscape.cmstools.authority; + +import com.netscape.certsrv.authority.AuthorityClient; +import com.netscape.certsrv.authority.AuthorityData; +import com.netscape.cmstools.cli.CLI; +import com.netscape.cmstools.cli.MainCLI; + +public class AuthorityCLI extends CLI { + + public AuthorityClient authorityClient; + + public AuthorityCLI(CLI parent) { + super("authority", "CA management commands", parent); + + addModule(new AuthorityFindCLI(this)); + addModule(new AuthorityShowCLI(this)); + addModule(new AuthorityCreateCLI(this)); + addModule(new AuthorityDisableCLI(this)); + addModule(new AuthorityEnableCLI(this)); + } + + public String getFullName() { + if (parent instanceof MainCLI) { + // do not include MainCLI's name + return name; + } else { + return parent.getFullName() + "-" + name; + } + } + + public void execute(String[] args) throws Exception { + client = parent.getClient(); + authorityClient = new AuthorityClient(client, "ca"); + super.execute(args); + } + + protected static void printAuthorityData(AuthorityData data) { + Boolean isHostAuthority = data.getIsHostAuthority(); + if (isHostAuthority != null && isHostAuthority) + System.out.println(" Host authority: true"); + System.out.println(" Authority DN: " + data.getDN()); + System.out.println(" ID: " + data.getID()); + String parentAID = data.getParentID(); + if (parentAID != null) + System.out.println(" Parent ID: " + data.getParentID()); + System.out.println(" Enabled: " + data.getEnabled()); + String desc = data.getDescription(); + if (desc != null) + System.out.println(" Description: " + desc); + } + +} diff --git a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityCreateCLI.java b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityCreateCLI.java new file mode 100644 index 000000000..d1688fbd1 --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityCreateCLI.java @@ -0,0 +1,89 @@ +package com.netscape.cmstools.authority; + +import java.util.Arrays; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.Option; +import org.apache.commons.cli.ParseException; + +import com.netscape.certsrv.authority.AuthorityData; +import com.netscape.certsrv.ca.AuthorityID; +import com.netscape.cmstools.cli.CLI; + +public class AuthorityCreateCLI extends CLI { + + public AuthorityCLI authorityCLI; + + public AuthorityCreateCLI(AuthorityCLI authorityCLI) { + super("create", "Create CAs", authorityCLI); + this.authorityCLI = authorityCLI; + + Option optParent = new Option(null, "parent", true, "ID of parent CA"); + optParent.setArgName("id"); + options.addOption(optParent); + + Option optDesc = new Option(null, "desc", true, "Optional description"); + optDesc.setArgName("string"); + options.addOption(optDesc); + } + + public void printHelp() { + formatter.printHelp(getFullName() + " <dn>", options); + } + + public void execute(String[] args) throws Exception { + // Always check for "--help" prior to parsing + if (Arrays.asList(args).contains("--help")) { + // Display usage + printHelp(); + System.exit(0); + } + + CommandLine cmd = null; + + try { + cmd = parser.parse(options, args); + } catch (ParseException e) { + System.err.println("Error: " + e.getMessage()); + printHelp(); + System.exit(-1); + } + + String[] cmdArgs = cmd.getArgs(); + if (cmdArgs.length != 1) { + if (cmdArgs.length < 1) + System.err.println("No DN specified."); + else + System.err.println("Too many arguments."); + printHelp(); + System.exit(-1); + } + + String parentAIDString = null; + if (cmd.hasOption("parent")) { + parentAIDString = cmd.getOptionValue("parent"); + try { + new AuthorityID(parentAIDString); + } catch (IllegalArgumentException e) { + System.err.println("Bad CA ID: " + parentAIDString); + printHelp(); + System.exit(-1); + } + } else { + System.err.println("Must specify parent authority"); + printHelp(); + System.exit(-1); + } + + String desc = null; + if (cmd.hasOption("desc")) + desc = cmd.getOptionValue("desc"); + + String dn = cmdArgs[0]; + AuthorityData data = new AuthorityData( + null, dn, null, parentAIDString, true /* enabled */, desc); + AuthorityData newData = authorityCLI.authorityClient.createCA(data); + AuthorityCLI.printAuthorityData(newData); + } + +} diff --git a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityDisableCLI.java b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityDisableCLI.java new file mode 100644 index 000000000..fc4cbf30b --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityDisableCLI.java @@ -0,0 +1,56 @@ +package com.netscape.cmstools.authority; + +import java.util.Arrays; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.ParseException; + +import com.netscape.certsrv.authority.AuthorityData; +import com.netscape.cmstools.cli.CLI; + +public class AuthorityDisableCLI extends CLI { + + public AuthorityCLI authorityCLI; + + public AuthorityDisableCLI(AuthorityCLI authorityCLI) { + super("disable", "Disable CAs", authorityCLI); + this.authorityCLI = authorityCLI; + } + + public void printHelp() { + formatter.printHelp(getFullName() + " <ID>", options); + } + + public void execute(String[] args) throws Exception { + // Always check for "--help" prior to parsing + if (Arrays.asList(args).contains("--help")) { + // Display usage + printHelp(); + System.exit(0); + } + + CommandLine cmd = null; + + try { + cmd = parser.parse(options, args); + } catch (ParseException e) { + System.err.println("Error: " + e.getMessage()); + printHelp(); + System.exit(-1); + } + + String[] cmdArgs = cmd.getArgs(); + + if (cmdArgs.length < 1) { + System.err.println("Error: No ID specified."); + printHelp(); + System.exit(-1); + } + + AuthorityData data = new AuthorityData( + null, null, cmdArgs[0], null, false, null); + data = authorityCLI.authorityClient.modifyCA(data); + AuthorityCLI.printAuthorityData(data); + } + +} diff --git a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityEnableCLI.java b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityEnableCLI.java new file mode 100644 index 000000000..f6fdab12f --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityEnableCLI.java @@ -0,0 +1,56 @@ +package com.netscape.cmstools.authority; + +import java.util.Arrays; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.ParseException; + +import com.netscape.certsrv.authority.AuthorityData; +import com.netscape.cmstools.cli.CLI; + +public class AuthorityEnableCLI extends CLI { + + public AuthorityCLI authorityCLI; + + public AuthorityEnableCLI(AuthorityCLI authorityCLI) { + super("enable", "Enable CAs", authorityCLI); + this.authorityCLI = authorityCLI; + } + + public void printHelp() { + formatter.printHelp(getFullName() + " <ID>", options); + } + + public void execute(String[] args) throws Exception { + // Always check for "--help" prior to parsing + if (Arrays.asList(args).contains("--help")) { + // Display usage + printHelp(); + System.exit(0); + } + + CommandLine cmd = null; + + try { + cmd = parser.parse(options, args); + } catch (ParseException e) { + System.err.println("Error: " + e.getMessage()); + printHelp(); + System.exit(-1); + } + + String[] cmdArgs = cmd.getArgs(); + + if (cmdArgs.length < 1) { + System.err.println("Error: No ID specified."); + printHelp(); + System.exit(-1); + } + + AuthorityData data = new AuthorityData( + null, null, cmdArgs[0], null, true, null); + data = authorityCLI.authorityClient.modifyCA(data); + AuthorityCLI.printAuthorityData(data); + } + +} diff --git a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityFindCLI.java b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityFindCLI.java new file mode 100644 index 000000000..c1aa99fc6 --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityFindCLI.java @@ -0,0 +1,62 @@ +package com.netscape.cmstools.authority; + +import java.util.Arrays; +import java.util.List; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.ParseException; + +import com.netscape.certsrv.authority.AuthorityData; +import com.netscape.cmstools.cli.CLI; +import com.netscape.cmstools.cli.MainCLI; + +public class AuthorityFindCLI extends CLI { + + public AuthorityCLI authorityCLI; + + public AuthorityFindCLI(AuthorityCLI authorityCLI) { + super("find", "Find CAs", authorityCLI); + this.authorityCLI = authorityCLI; + } + + public void printHelp() { + formatter.printHelp(getFullName(), options); + } + + public void execute(String[] args) throws Exception { + // Always check for "--help" prior to parsing + if (Arrays.asList(args).contains("--help")) { + // Display usage + printHelp(); + System.exit(0); + } + + @SuppressWarnings("unused") + CommandLine cmd = null; + + try { + cmd = parser.parse(options, args); + } catch (ParseException e) { + System.err.println("Error: " + e.getMessage()); + printHelp(); + System.exit(-1); + } + + List<AuthorityData> datas = authorityCLI.authorityClient.listCAs(); + + MainCLI.printMessage(datas.size() + " entries matched"); + if (datas.size() == 0) return; + + boolean first = true; + for (AuthorityData data : datas) { + if (first) + first = false; + else + System.out.println(); + AuthorityCLI.printAuthorityData(data); + } + + MainCLI.printMessage("Number of entries returned " + datas.size()); + } + +} diff --git a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityShowCLI.java b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityShowCLI.java new file mode 100644 index 000000000..c95660248 --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityShowCLI.java @@ -0,0 +1,78 @@ +package com.netscape.cmstools.authority; + +import java.util.Arrays; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.Option; +import org.apache.commons.cli.ParseException; + +import com.netscape.certsrv.authority.AuthorityData; +import com.netscape.certsrv.authority.AuthorityResource; +import com.netscape.cmstools.cli.CLI; + +public class AuthorityShowCLI extends CLI { + + public AuthorityCLI authorityCLI; + + public AuthorityShowCLI(AuthorityCLI authorityCLI) { + super("show", "Show CAs", authorityCLI); + this.authorityCLI = authorityCLI; + + Option optParent = new Option( + null, "host-authority", false, "Show host authority"); + options.addOption(optParent); + } + + public void printHelp() { + formatter.printHelp(getFullName() + " <ID>", options); + } + + public void execute(String[] args) throws Exception { + // Always check for "--help" prior to parsing + if (Arrays.asList(args).contains("--help")) { + // Display usage + printHelp(); + System.exit(0); + } + + CommandLine cmd = null; + + try { + cmd = parser.parse(options, args); + } catch (ParseException e) { + System.err.println("Error: " + e.getMessage()); + printHelp(); + System.exit(-1); + } + + String[] cmdArgs = cmd.getArgs(); + + String caIDString = null; + if (cmdArgs.length > 1) { + System.err.println("Error: too many arguments."); + printHelp(); + System.exit(-1); + } else if (cmdArgs.length == 1) { + caIDString = cmdArgs[0]; + } + + if (cmd.hasOption("host-authority")) { + if (caIDString != null) { + System.err.println("Error: authority ID and --host-authority are mutually exclusive."); + printHelp(); + System.exit(-1); + } + caIDString = AuthorityResource.HOST_AUTHORITY; + } + + if (caIDString == null) { + System.err.println("Error: No ID specified."); + printHelp(); + System.exit(-1); + } + + AuthorityData data = authorityCLI.authorityClient.getCA(caIDString); + AuthorityCLI.printAuthorityData(data); + } + +} diff --git a/base/java-tools/src/com/netscape/cmstools/cli/CACLI.java b/base/java-tools/src/com/netscape/cmstools/cli/CACLI.java index 17fb4866f..5c41f00c2 100644 --- a/base/java-tools/src/com/netscape/cmstools/cli/CACLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cli/CACLI.java @@ -20,6 +20,7 @@ package com.netscape.cmstools.cli; import com.netscape.certsrv.ca.CAClient; import com.netscape.certsrv.client.Client; +import com.netscape.cmstools.authority.AuthorityCLI; import com.netscape.cmstools.cert.CertCLI; import com.netscape.cmstools.group.GroupCLI; import com.netscape.cmstools.profile.ProfileCLI; @@ -37,6 +38,7 @@ public class CACLI extends SubsystemCLI { public CACLI(CLI parent) { super("ca", "CA management commands", parent); + addModule(new AuthorityCLI(this)); addModule(new CertCLI(this)); addModule(new GroupCLI(this)); addModule(new KRAConnectorCLI(this)); |