Make recovery methods more consistent

The async recovery request mechanism was implemented differently from other requests. This makes it difficult to add tings like authorization consisitently. We move the required methods to the KeyRequestDAO to be more consistent. Part of Ticket #2041
author: Ade Lee <alee@redhat.com> 2016-04-16 16:13:58 -0400
committer: Ade Lee <alee@redhat.com> 2016-04-20 17:30:24 -0400
commit: c198f02b53b4a702e5ca8e3477f89f2b72a7b467 (patch)
tree: 6a56ec625791100a9fb191d377e4bf0ba08096b0
parent: 2f730b62e589cd829c5fcb021a2a92d436073eac (diff)
download: pki-c198f02b53b4a702e5ca8e3477f89f2b72a7b467.tar.gz
pki-c198f02b53b4a702e5ca8e3477f89f2b72a7b467.tar.xz
pki-c198f02b53b4a702e5ca8e3477f89f2b72a7b467.zip
2 files changed, 52 insertions, 52 deletions
diff --git a/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java b/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java
index 81ebe3e88..39f2d33a3 100644
--- a/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java
+++ b/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java
@@ -19,10 +19,8 @@
 package org.dogtagpki.server.kra.rest;
 
 import java.lang.reflect.InvocationTargetException;
-import java.math.BigInteger;
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.security.cert.CertificateException;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -51,19 +49,12 @@ import com.netscape.certsrv.key.KeyRequestInfoCollection;
 import com.netscape.certsrv.key.KeyRequestResource;
 import com.netscape.certsrv.key.KeyRequestResponse;
 import com.netscape.certsrv.key.SymKeyGenerationRequest;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.kra.IKeyService;
 import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.certsrv.request.RequestId;
 import com.netscape.certsrv.request.RequestNotFoundException;
 import com.netscape.cms.servlet.base.PKIService;
 import com.netscape.cms.servlet.key.KeyRequestDAO;
 import com.netscape.cmsutil.ldap.LDAPUtil;
-import com.netscape.cmsutil.util.Utils;
-
-import netscape.security.x509.X509CertImpl;
 
 /**
  * @author alee
@@ -103,10 +94,6 @@ public class KeyRequestService extends PKIService implements KeyRequestResource
     public static final int DEFAULT_MAXRESULTS = 100;
     public static final int DEFAULT_MAXTIME = 10;
 
-    private IKeyRecoveryAuthority kra;
-    private IRequestQueue queue;
-    private IKeyService service;
-
     public static final Map<String, SymmetricKey.Type> SYMKEY_TYPES;
     static {
         SYMKEY_TYPES = new HashMap<String, SymmetricKey.Type>();
@@ -118,12 +105,6 @@ public class KeyRequestService extends PKIService implements KeyRequestResource
         SYMKEY_TYPES.put(KeyRequestResource.AES_ALGORITHM, SymmetricKey.AES);
     }
 
-    public KeyRequestService() {
-        kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( "kra" );
-        queue = kra.getRequestQueue();
-        service = (IKeyService) kra;
-    }
-
     /**
      * Used to retrieve key request info for a specific request
      */
@@ -221,7 +202,9 @@ public class KeyRequestService extends PKIService implements KeyRequestResource
                 throw new UnauthorizedException("Recovery must be initiated by an agent");
             }
             response = (data.getCertificate() != null)?
-                    requestKeyRecovery(data): dao.submitRequest(data, uriInfo, requestor);
+                    dao.submitAsyncKeyRecoveryRequest(data, uriInfo, requestor):
+                    dao.submitRequest(data, uriInfo, requestor);
+
             auditRecoveryRequestMade(response.getRequestInfo().getRequestId(),
                     ILogger.SUCCESS, data.getKeyId());
 
@@ -234,40 +217,18 @@ public class KeyRequestService extends PKIService implements KeyRequestResource
         }
     }
 
-    private KeyRequestResponse requestKeyRecovery(KeyRecoveryRequest data) {
-        KeyRequestResponse response = null;
-        if (data == null) {
-            throw new BadRequestException("Invalid request.");
-        }
-        String keyId = data.getKeyId().toString();
-        String b64Certificate = data.getCertificate();
-        byte[] certData = Utils.base64decode(b64Certificate);
-        String agentID = servletRequest.getUserPrincipal().getName();
-        String requestId = null;
-        try {
-            requestId = service.initAsyncKeyRecovery(new BigInteger(keyId), new X509CertImpl(certData), agentID);
-        } catch (EBaseException | CertificateException e) {
-            e.printStackTrace();
-            throw new PKIException(e.toString());
-        }
-        IRequest request = null;
-        try {
-            request = queue.findRequest(new RequestId(requestId));
-        } catch (EBaseException e) {
-        }
-        KeyRequestDAO dao = new KeyRequestDAO();
-        response = dao.createCMSRequestResponse(request, uriInfo);
-
-        return response;
-    }
-
     @Override
     public Response approveRequest(RequestId id) {
         if (id == null) {
             throw new BadRequestException("Invalid request id.");
         }
+        KeyRequestDAO dao = new KeyRequestDAO();
+        String requestor = servletRequest.getUserPrincipal().getName();
+        if (requestor == null) {
+            throw new UnauthorizedException("Request approval must be initiated by an agent");
+        }
         try {
-            service.addAgentAsyncKeyRecovery(id.toString(), servletRequest.getUserPrincipal().getName());
+            dao.approveRequest(id, requestor);
             auditRecoveryRequestChange(id, ILogger.SUCCESS, "approve");
         } catch (EBaseException e) {
             e.printStackTrace();
diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
index 3d5300370..bdb1269a8 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
@@ -17,6 +17,8 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
+import java.math.BigInteger;
+import java.security.cert.CertificateException;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Enumeration;
@@ -53,6 +55,7 @@ import com.netscape.certsrv.key.KeyRequestResponse;
 import com.netscape.certsrv.key.KeyResource;
 import com.netscape.certsrv.key.SymKeyGenerationRequest;
 import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
+import com.netscape.certsrv.kra.IKeyService;
 import com.netscape.certsrv.profile.IEnrollProfile;
 import com.netscape.certsrv.request.CMSRequestInfo;
 import com.netscape.certsrv.request.CMSRequestInfos;
@@ -60,6 +63,9 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.RequestId;
 import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cms.servlet.request.CMSRequestDAO;
+import com.netscape.cmsutil.util.Utils;
+
+import netscape.security.x509.X509CertImpl;
 
 /**
  * @author alee
@@ -94,11 +100,13 @@ public class KeyRequestDAO extends CMSRequestDAO {
 
     private IKeyRepository repo;
     private IKeyRecoveryAuthority kra;
+    private IKeyService service;
 
     public KeyRequestDAO() {
         super("kra");
         kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( "kra" );
         repo = kra.getKeyRepository();
+        service = (IKeyService) kra;
     }
 
     /**
@@ -277,6 +285,39 @@ public class KeyRequestDAO extends CMSRequestDAO {
         return createKeyRequestResponse(request, uriInfo);
     }
 
+    public KeyRequestResponse submitAsyncKeyRecoveryRequest(KeyRecoveryRequest data, UriInfo uriInfo,
+            String requestor) throws EBaseException {
+        if (data == null) {
+            throw new BadRequestException("Invalid request.");
+        }
+
+        KeyId keyId = data.getKeyId();
+        IKeyRecord rec = null;
+        try {
+            rec = repo.readKeyRecord(keyId.toBigInteger());
+        } catch (EDBRecordNotFoundException e) {
+            throw new KeyNotFoundException(keyId);
+        }
+
+        String b64Certificate = data.getCertificate();
+        byte[] certData = Utils.base64decode(b64Certificate);
+        String requestId = null;
+        try {
+            requestId = service.initAsyncKeyRecovery(new BigInteger(keyId.toString()), new X509CertImpl(certData), requestor);
+            // TODO - update request with realm
+        } catch (EBaseException | CertificateException e) {
+            e.printStackTrace();
+            throw new PKIException(e.toString());
+        }
+        IRequest request = null;
+        try {
+            request = queue.findRequest(new RequestId(requestId));
+        } catch (EBaseException e) {
+        }
+        return createCMSRequestResponse(request, uriInfo);
+    }
+
+
     public KeyRequestResponse submitRequest(SymKeyGenerationRequest data, UriInfo uriInfo, String owner)
             throws EBaseException {
         String clientKeyId = data.getClientKeyId();
@@ -429,10 +470,8 @@ public class KeyRequestDAO extends CMSRequestDAO {
         return createKeyRequestResponse(request, uriInfo);
     }
 
-    public void approveRequest(RequestId id) throws EBaseException {
-        IRequest request = queue.findRequest(id);
-        request.setRequestStatus(RequestStatus.APPROVED);
-        queue.updateRequest(request);
+    public void approveRequest(RequestId id, String requestor) throws EBaseException {
+        service.addAgentAsyncKeyRecovery(id.toString(), requestor);
     }
 
     public void rejectRequest(RequestId id) throws EBaseException {
author	Ade Lee <alee@redhat.com>	2016-04-16 16:13:58 -0400
committer	Ade Lee <alee@redhat.com>	2016-04-20 17:30:24 -0400
commit	c198f02b53b4a702e5ca8e3477f89f2b72a7b467 (patch)
tree	6a56ec625791100a9fb191d377e4bf0ba08096b0
parent	2f730b62e589cd829c5fcb021a2a92d436073eac (diff)
download	pki-c198f02b53b4a702e5ca8e3477f89f2b72a7b467.tar.gz pki-c198f02b53b4a702e5ca8e3477f89f2b72a7b467.tar.xz pki-c198f02b53b4a702e5ca8e3477f89f2b72a7b467.zip