diff options
author | Ade Lee <alee@redhat.com> | 2012-01-18 23:28:11 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2012-02-08 16:02:24 -0500 |
commit | 0e038046bfdb2cf174450dcb80e2f0b2887947e2 (patch) | |
tree | ed274bba39abacd4d6da87a57415efda43e49811 | |
parent | d1247e1a404426c9ca2ceeffc52f2b73a0fb6d06 (diff) | |
download | pki-0e038046bfdb2cf174450dcb80e2f0b2887947e2.tar.gz pki-0e038046bfdb2cf174450dcb80e2f0b2887947e2.tar.xz pki-0e038046bfdb2cf174450dcb80e2f0b2887947e2.zip |
New DRM proxy client and tests
Added new interfaces for each Resource, and renamed old Resource service classes.
15 files changed, 1148 insertions, 503 deletions
diff --git a/pki/.classpath b/pki/.classpath index 07ba2826b..c4d60d871 100644 --- a/pki/.classpath +++ b/pki/.classpath @@ -13,6 +13,7 @@ <classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/tks/src"/> <classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/util/src"/> <classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/silent/src"/> + <classpathentry kind="src" path="base/kra/functional/src"/> <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/> <classpathentry kind="lib" path="/usr/share/java/idm-console-mcc.jar"/> <classpathentry kind="lib" path="/usr/share/java/idm-console-base.jar"/> @@ -25,5 +26,7 @@ <classpathentry kind="lib" path="/usr/share/java/xerces-j2.jar"/> <classpathentry kind="lib" path="/usr/share/java/junit4.jar"/> <classpathentry kind="lib" path="/usr/share/candlepin/lib/jaxrs-api-2.2.1.GA.jar"/> + <classpathentry kind="lib" path="/usr/share/candlepin/lib/resteasy-jaxrs-2.2.1.GA.jar"/> + <classpathentry kind="lib" path="/usr/share/java/apache-commons-cli.jar"/> <classpathentry kind="output" path="build/classes"/> </classpath> diff --git a/pki/base/common/src/CMakeLists.txt b/pki/base/common/src/CMakeLists.txt index 4666a2d11..067321dac 100644 --- a/pki/base/common/src/CMakeLists.txt +++ b/pki/base/common/src/CMakeLists.txt @@ -538,6 +538,7 @@ set(pki-cms_java_SRCS com/netscape/cms/servlet/admin/RAAdminServlet.java com/netscape/cms/servlet/admin/AdminResources.java com/netscape/cms/servlet/admin/SystemCertificateResource.java + com/netscape/cms/servlet/admin/SystemCertificateResourceService.java com/netscape/cms/servlet/key/DisplayBySerial.java com/netscape/cms/servlet/key/SrchKey.java com/netscape/cms/servlet/key/DisplayTransport.java @@ -553,7 +554,9 @@ set(pki-cms_java_SRCS com/netscape/cms/servlet/key/KeyRecordParser.java com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java com/netscape/cms/servlet/key/KeyResource.java + com/netscape/cms/servlet/key/KeyResourceService.java com/netscape/cms/servlet/key/KeysResource.java + com/netscape/cms/servlet/key/KeysResourceService.java com/netscape/cms/servlet/key/model/KeyDAO.java com/netscape/cms/servlet/key/model/KeyDataInfo.java com/netscape/cms/servlet/key/model/KeyDataInfos.java @@ -561,7 +564,7 @@ set(pki-cms_java_SRCS com/netscape/cms/servlet/base/IndexServlet.java com/netscape/cms/servlet/base/UserInfo.java com/netscape/cms/servlet/base/PortsServlet.java - com/netscape/cms/servlet/base/CMSResource.java + com/netscape/cms/servlet/base/CMSResourceService.java com/netscape/cms/servlet/base/CMSServlet.java com/netscape/cms/servlet/base/CMSStartServlet.java com/netscape/cms/servlet/base/ProxyServlet.java @@ -651,7 +654,9 @@ set(pki-cms_java_SRCS com/netscape/cms/servlet/request/CertReqParser.java com/netscape/cms/servlet/request/KeyReqParser.java com/netscape/cms/servlet/request/KeyRequestResource.java + com/netscape/cms/servlet/request/KeyRequestResourceService.java com/netscape/cms/servlet/request/KeyRequestsResource.java + com/netscape/cms/servlet/request/KeyRequestsResourceService.java com/netscape/cms/servlet/request/model/ArchivalRequestData.java com/netscape/cms/servlet/request/model/KeyRequestDAO.java com/netscape/cms/servlet/request/model/KeyRequestInfo.java diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResource.java b/pki/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResource.java index b1e47ec3a..6c4c0bc54 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResource.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResource.java @@ -1,88 +1,21 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2012 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - package com.netscape.cms.servlet.admin; -import java.security.cert.CertificateEncodingException; - import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.Produces; -import javax.ws.rs.WebApplicationException; -import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.Request; import javax.ws.rs.core.Response; -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.security.ITransportKeyUnit; -import com.netscape.cms.servlet.base.CMSResource; -import com.netscape.cms.servlet.cert.model.CertificateData; - -/** - * This is the class used to list, retrieve and modify system certificates for all Java subsystems. - * - * @author alee - * - */ @Path("/config/cert") -public class SystemCertificateResource extends CMSResource { - - @Context - Request request; +public interface SystemCertificateResource { /** * Used to retrieve the transport certificate */ @GET @Path("/transport") + //@ClientResponseType(CertificateData.class) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) - public Response getTransportCert() { - CertificateData cert = null; - IKeyRecoveryAuthority kra = null; - - // auth and authz - - kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra"); - if (kra == null) { - // no KRA - throw new WebApplicationException(Response.Status.NOT_FOUND); - } - - ITransportKeyUnit tu = kra.getTransportKeyUnit(); - if (tu == null) { - CMS.debug("getTransportCert: transport key unit is null"); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); - } - org.mozilla.jss.crypto.X509Certificate transportCert = tu.getCertificate(); - if (transportCert == null) { - CMS.debug("getTransportCert: transport cert is null"); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); - } - try { - cert = createCertificateData(transportCert); - } catch (CertificateEncodingException e) { - CMS.debug("getTransportCert: certificate encoding exception with transport cert"); - e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); - } - return sendConditionalGetResponse(DEFAULT_LONG_CACHE_LIFETIME, cert, request); - } + public Response getTransportCert(); -} +}
\ No newline at end of file diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResourceService.java b/pki/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResourceService.java new file mode 100644 index 000000000..48f410c73 --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResourceService.java @@ -0,0 +1,80 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cms.servlet.admin; + +import java.security.cert.CertificateEncodingException; + +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.Request; +import javax.ws.rs.core.Response; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.kra.IKeyRecoveryAuthority; +import com.netscape.certsrv.security.ITransportKeyUnit; +import com.netscape.cms.servlet.base.CMSResourceService; +import com.netscape.cms.servlet.cert.model.CertificateData; + +/** + * This is the class used to list, retrieve and modify system certificates for all Java subsystems. + * + * @author alee + * + */ +public class SystemCertificateResourceService extends CMSResourceService implements SystemCertificateResource { + + @Context + Request request; + + /** + * Used to retrieve the transport certificate + */ + public Response getTransportCert() { + CertificateData cert = null; + IKeyRecoveryAuthority kra = null; + + // auth and authz + + kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra"); + if (kra == null) { + // no KRA + throw new WebApplicationException(Response.Status.NOT_FOUND); + } + + ITransportKeyUnit tu = kra.getTransportKeyUnit(); + if (tu == null) { + CMS.debug("getTransportCert: transport key unit is null"); + throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + } + org.mozilla.jss.crypto.X509Certificate transportCert = tu.getCertificate(); + if (transportCert == null) { + CMS.debug("getTransportCert: transport cert is null"); + throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + } + try { + cert = createCertificateData(transportCert); + } catch (CertificateEncodingException e) { + CMS.debug("getTransportCert: certificate encoding exception with transport cert"); + e.printStackTrace(); + throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + } + return sendConditionalGetResponse(DEFAULT_LONG_CACHE_LIFETIME, cert, request); + } + +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSResource.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSResourceService.java index 48b04859b..74d847d0a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSResource.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSResourceService.java @@ -34,7 +34,7 @@ import com.netscape.cms.servlet.cert.model.CertificateData; * @author alee * */ -public class CMSResource { +public class CMSResourceService { protected static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----"; protected static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----"; diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeyResource.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeyResource.java index 3f8e8b2cf..c6ddda698 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/KeyResource.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/KeyResource.java @@ -1,53 +1,18 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2011 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - package com.netscape.cms.servlet.key; import javax.ws.rs.Consumes; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.Produces; -import javax.ws.rs.WebApplicationException; -import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MultivaluedMap; -import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; -import com.netscape.cms.servlet.base.CMSResource; -import com.netscape.cms.servlet.key.model.KeyDAO; import com.netscape.cms.servlet.key.model.KeyData; -import com.netscape.cms.servlet.request.model.KeyRequestDAO; -import com.netscape.cms.servlet.request.model.KeyRequestInfo; import com.netscape.cms.servlet.request.model.RecoveryRequestData; -import com.netscape.certsrv.request.IRequest; -import com.netscape.certsrv.request.RequestStatus; -import com.netscape.certsrv.base.EBaseException; -/** - * @author alee - * - */ + @Path("/key") -public class KeyResource extends CMSResource { - - @Context - UriInfo uriInfo; - +public interface KeyResource { + /** * Used to retrieve a key * @param data @@ -57,80 +22,11 @@ public class KeyResource extends CMSResource { @Path("retrieve") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - public KeyData retrieveKey(RecoveryRequestData data) { - // auth and authz - String keyId = validateRequest(data); - KeyDAO dao = new KeyDAO(); - KeyData keyData; - try { - keyData = dao.getKey(keyId, data); - } catch (EBaseException e) { - // log error - e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); - } - if (keyData == null) { - // no key record - throw new WebApplicationException(Response.Status.GONE); - } - return keyData; - } + public KeyData retrieveKey(RecoveryRequestData data); // retrieval - used to test integration with a browser @POST @Path("retrieve") @Produces(MediaType.TEXT_XML) - public KeyData retrieveKey(MultivaluedMap<String, String> form) { - RecoveryRequestData data = new RecoveryRequestData(form); - return retrieveKey(data); - } - - private String validateRequest(RecoveryRequestData data) { - // confirm that at least one wrapping method exists - if ((data.getTransWrappedSessionKey() == null) && (data.getTransWrappedSessionKey() == null)) { - // log error - throw new WebApplicationException(Response.Status.BAD_REQUEST); - } - - // confirm request exists - String reqId = data.getRequestId(); - if (reqId == null) { - // log error - throw new WebApplicationException(Response.Status.BAD_REQUEST); - } - KeyRequestDAO reqDAO = new KeyRequestDAO(); - KeyRequestInfo reqInfo; - try { - reqInfo = reqDAO.getRequest(reqId, uriInfo); - } catch (EBaseException e1) { - // failed to get request - e1.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); - } - if (reqInfo == null) { - // request not found - throw new WebApplicationException(Response.Status.GONE); - } - - //confirm request is of the right type - String type = reqInfo.getRequestType(); - if (!type.equals(IRequest.SECURITY_DATA_RECOVERY_REQUEST)) { - // log error - throw new WebApplicationException(Response.Status.BAD_REQUEST); - } - - //confirm that agent is originator of request, else throw 401 - // TO-DO - - // confirm request is in approved state - String status = reqInfo.getRequestStatus(); - if (!status.equals(RequestStatus.APPROVED.toString())) { - // log error - throw new WebApplicationException(Response.Status.UNAUTHORIZED); - } - - String keyURL = reqInfo.getKeyURL(); - return keyURL.substring(keyURL.lastIndexOf("/")); - } - + public KeyData retrieveKey(MultivaluedMap<String, String> form); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java new file mode 100644 index 000000000..887820c3f --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java @@ -0,0 +1,123 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cms.servlet.key; + +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.MultivaluedMap; +import javax.ws.rs.core.Response; +import javax.ws.rs.core.UriInfo; + +import com.netscape.cms.servlet.base.CMSResourceService; +import com.netscape.cms.servlet.key.model.KeyDAO; +import com.netscape.cms.servlet.key.model.KeyData; +import com.netscape.cms.servlet.request.model.KeyRequestDAO; +import com.netscape.cms.servlet.request.model.KeyRequestInfo; +import com.netscape.cms.servlet.request.model.RecoveryRequestData; +import com.netscape.certsrv.request.IRequest; +import com.netscape.certsrv.request.RequestStatus; +import com.netscape.certsrv.base.EBaseException; +/** + * @author alee + * + */ +public class KeyResourceService extends CMSResourceService implements KeyResource{ + + @Context + UriInfo uriInfo; + + /** + * Used to retrieve a key + * @param data + * @return + */ + public KeyData retrieveKey(RecoveryRequestData data) { + // auth and authz + String keyId = validateRequest(data); + KeyDAO dao = new KeyDAO(); + KeyData keyData; + try { + keyData = dao.getKey(keyId, data); + } catch (EBaseException e) { + // log error + e.printStackTrace(); + throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + } + if (keyData == null) { + // no key record + throw new WebApplicationException(Response.Status.GONE); + } + return keyData; + } + + // retrieval - used to test integration with a browser + public KeyData retrieveKey(MultivaluedMap<String, String> form) { + RecoveryRequestData data = new RecoveryRequestData(form); + return retrieveKey(data); + } + + private String validateRequest(RecoveryRequestData data) { + // confirm that at least one wrapping method exists + if ((data.getTransWrappedSessionKey() == null) && (data.getTransWrappedSessionKey() == null)) { + // log error + throw new WebApplicationException(Response.Status.BAD_REQUEST); + } + + // confirm request exists + String reqId = data.getRequestId(); + if (reqId == null) { + // log error + throw new WebApplicationException(Response.Status.BAD_REQUEST); + } + KeyRequestDAO reqDAO = new KeyRequestDAO(); + KeyRequestInfo reqInfo; + try { + reqInfo = reqDAO.getRequest(reqId, uriInfo); + } catch (EBaseException e1) { + // failed to get request + e1.printStackTrace(); + throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + } + if (reqInfo == null) { + // request not found + throw new WebApplicationException(Response.Status.GONE); + } + + //confirm request is of the right type + String type = reqInfo.getRequestType(); + if (!type.equals(IRequest.SECURITY_DATA_RECOVERY_REQUEST)) { + // log error + throw new WebApplicationException(Response.Status.BAD_REQUEST); + } + + //confirm that agent is originator of request, else throw 401 + // TO-DO + + // confirm request is in approved state + String status = reqInfo.getRequestStatus(); + if (!status.equals(RequestStatus.APPROVED.toString())) { + // log error + throw new WebApplicationException(Response.Status.UNAUTHORIZED); + } + + String keyURL = reqInfo.getKeyURL(); + return keyURL.substring(keyURL.lastIndexOf("/")); + } + +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeysResource.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeysResource.java index 4cf5db3f4..35cd5ccbe 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/KeysResource.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/KeysResource.java @@ -1,23 +1,3 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2011 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -/** - * - */ package com.netscape.cms.servlet.key; import javax.ws.rs.DefaultValue; @@ -25,81 +5,19 @@ import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; -import javax.ws.rs.WebApplicationException; -import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.cms.servlet.base.CMSResource; -import com.netscape.cms.servlet.key.model.KeyDAO; import com.netscape.cms.servlet.key.model.KeyDataInfos; - -/** - * @author alee - * - */ + @Path("/keys") -public class KeysResource extends CMSResource { - - private static final String DEFAULT_MAXTIME = "10"; - private static final String DEFAULT_MAXRESULTS = "100"; - - @Context - UriInfo uriInfo; - - /** - * Used to generate list of key infos based on the search parameters - */ +public interface KeysResource { + public static final String DEFAULT_MAXTIME = "10"; + public static final String DEFAULT_MAXRESULTS = "100"; + @GET @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) public KeyDataInfos listKeys(@QueryParam("clientID") String clientID, @QueryParam("status") String status, @DefaultValue(DEFAULT_MAXRESULTS) @QueryParam("maxResults") int maxResults, - @DefaultValue(DEFAULT_MAXTIME) @QueryParam("maxTime") int maxTime) { - // auth and authz - - // get ldap filter - String filter = createSearchFilter(status, clientID); - CMS.debug("listKeys: filter is " + filter); - - KeyDAO dao = new KeyDAO(); - KeyDataInfos infos; - try { - infos = dao.listKeys(filter, maxResults, maxTime, uriInfo); - } catch (EBaseException e) { - e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); - } - return infos; - } + @DefaultValue(DEFAULT_MAXTIME) @QueryParam("maxTime") int maxTime); - private String createSearchFilter(String status, String clientID) { - String filter = ""; - int matches = 0; - - if ((status == null) && (clientID == null)) { - filter = "(serialno=*)"; - return filter; - } - - if (status != null) { - filter += "(status=" + status + ")"; - matches ++; - } - - if (clientID != null) { - filter += "(clientID=" + clientID + ")"; - matches ++; - } - - if (matches > 1) { - filter = "(&" + filter + ")"; - } - - return filter; - } - } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeysResourceService.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeysResourceService.java new file mode 100644 index 000000000..b5032fa86 --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/servlet/key/KeysResourceService.java @@ -0,0 +1,90 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +/** + * + */ +package com.netscape.cms.servlet.key; + +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.Response; +import javax.ws.rs.core.UriInfo; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.cms.servlet.base.CMSResourceService; +import com.netscape.cms.servlet.key.model.KeyDAO; +import com.netscape.cms.servlet.key.model.KeyDataInfos; + +/** + * @author alee + * + */ +public class KeysResourceService extends CMSResourceService implements KeysResource { + + @Context + UriInfo uriInfo; + + /** + * Used to generate list of key infos based on the search parameters + */ + public KeyDataInfos listKeys(String clientID, String status, int maxResults, int maxTime) { + // auth and authz + + // get ldap filter + String filter = createSearchFilter(status, clientID); + CMS.debug("listKeys: filter is " + filter); + + KeyDAO dao = new KeyDAO(); + KeyDataInfos infos; + try { + infos = dao.listKeys(filter, maxResults, maxTime, uriInfo); + } catch (EBaseException e) { + e.printStackTrace(); + throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + } + return infos; + } + + private String createSearchFilter(String status, String clientID) { + String filter = ""; + int matches = 0; + + if ((status == null) && (clientID == null)) { + filter = "(serialno=*)"; + return filter; + } + + if (status != null) { + filter += "(status=" + status + ")"; + matches ++; + } + + if (clientID != null) { + filter += "(clientID=" + clientID + ")"; + matches ++; + } + + if (matches > 1) { + filter = "(&" + filter + ")"; + } + + return filter; + } + +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestResource.java b/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestResource.java index 154986624..0a476c49c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestResource.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestResource.java @@ -1,21 +1,3 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2011 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - package com.netscape.cms.servlet.request; import javax.ws.rs.GET; @@ -24,146 +6,57 @@ import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.Consumes; -import javax.ws.rs.WebApplicationException; -import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MultivaluedMap; -import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.cms.servlet.base.CMSResource; import com.netscape.cms.servlet.request.model.ArchivalRequestData; -import com.netscape.cms.servlet.request.model.KeyRequestDAO; import com.netscape.cms.servlet.request.model.KeyRequestInfo; import com.netscape.cms.servlet.request.model.RecoveryRequestData; - -/** - * @author alee - * - */ + @Path("/keyrequest") -public class KeyRequestResource extends CMSResource { +public interface KeyRequestResource { - @Context - UriInfo uriInfo; - /** * Used to retrieve key request info for a specific request */ @GET @Path("{id}") - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) - public KeyRequestInfo getRequestInfo(@PathParam("id") String id) { - // auth and authz - KeyRequestDAO dao = new KeyRequestDAO(); - KeyRequestInfo info; - try { - info = dao.getRequest(id, uriInfo); - } catch (EBaseException e) { - // log error - e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); - } - if (info == null) { - // request does not exist - throw new WebApplicationException(Response.Status.NOT_FOUND); - } - return info; - } - + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + public KeyRequestInfo getRequestInfo(@PathParam("id") String id); + // Archiving - used to test integration with a browser @POST @Path("archive") @Produces({ MediaType.TEXT_XML }) - public KeyRequestInfo archiveKey(MultivaluedMap<String, String> form) { - ArchivalRequestData data = new ArchivalRequestData(form); - return archiveKey(data); - } + public KeyRequestInfo archiveKey(MultivaluedMap<String, String> form); @POST @Path("archive") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - public KeyRequestInfo archiveKey(ArchivalRequestData data) { - // auth and authz - KeyRequestDAO dao = new KeyRequestDAO(); - KeyRequestInfo info; - try { - info = dao.submitRequest(data, uriInfo); - } catch (EBaseException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); - } - return info; - } - + public KeyRequestInfo archiveKey(ArchivalRequestData data); + //Recovery - used to test integration with a browser @POST @Path("recover") @Produces({ MediaType.TEXT_XML }) - public KeyRequestInfo recoverKey(MultivaluedMap<String, String> form) { - RecoveryRequestData data = new RecoveryRequestData(form); - return recoverKey(data); - } + public KeyRequestInfo recoverKey(MultivaluedMap<String, String> form); @POST @Path("recover") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - public KeyRequestInfo recoverKey(RecoveryRequestData data) { - // auth and authz - KeyRequestDAO dao = new KeyRequestDAO(); - KeyRequestInfo info; - try { - info = dao.submitRequest(data, uriInfo); - } catch (EBaseException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); - } - return info; - } - + public KeyRequestInfo recoverKey(RecoveryRequestData data); + @POST @Path("approve/{id}") - public void approveRequest(@PathParam("id") String id) { - // auth and authz - KeyRequestDAO dao = new KeyRequestDAO(); - try { - dao.approveRequest(id); - } catch (EBaseException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); - } - } - + public void approveRequest(@PathParam("id") String id); + @POST @Path("reject/{id}") - public void rejectRequest(@PathParam("id") String id) { - // auth and authz - KeyRequestDAO dao = new KeyRequestDAO(); - try { - dao.rejectRequest(id); - } catch (EBaseException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); - } - } - + public void rejectRequest(@PathParam("id") String id); + @POST @Path("cancel/{id}") - public void cancelRequest(@PathParam("id") String id) { - // auth and authz - KeyRequestDAO dao = new KeyRequestDAO(); - try { - dao.cancelRequest(id); - } catch (EBaseException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); - } - } + public void cancelRequest(@PathParam("id") String id); + } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestResourceService.java b/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestResourceService.java new file mode 100644 index 000000000..da08c4d69 --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestResourceService.java @@ -0,0 +1,139 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cms.servlet.request; + +import javax.ws.rs.PathParam; +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.MultivaluedMap; +import javax.ws.rs.core.Response; +import javax.ws.rs.core.UriInfo; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.cms.servlet.base.CMSResourceService; +import com.netscape.cms.servlet.request.model.ArchivalRequestData; +import com.netscape.cms.servlet.request.model.KeyRequestDAO; +import com.netscape.cms.servlet.request.model.KeyRequestInfo; +import com.netscape.cms.servlet.request.model.RecoveryRequestData; + +/** + * @author alee + * + */ +public class KeyRequestResourceService extends CMSResourceService implements KeyRequestResource { + + @Context + UriInfo uriInfo; + + /** + * Used to retrieve key request info for a specific request + */ + public KeyRequestInfo getRequestInfo(String id) { + // auth and authz + KeyRequestDAO dao = new KeyRequestDAO(); + KeyRequestInfo info; + try { + info = dao.getRequest(id, uriInfo); + } catch (EBaseException e) { + // log error + e.printStackTrace(); + throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + } + if (info == null) { + // request does not exist + throw new WebApplicationException(Response.Status.NOT_FOUND); + } + return info; + } + + // Archiving - used to test integration with a browser + public KeyRequestInfo archiveKey(MultivaluedMap<String, String> form) { + ArchivalRequestData data = new ArchivalRequestData(form); + return archiveKey(data); + } + + public KeyRequestInfo archiveKey(ArchivalRequestData data) { + // auth and authz + KeyRequestDAO dao = new KeyRequestDAO(); + KeyRequestInfo info; + try { + info = dao.submitRequest(data, uriInfo); + } catch (EBaseException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + } + return info; + } + + //Recovery - used to test integration with a browser + public KeyRequestInfo recoverKey(MultivaluedMap<String, String> form) { + RecoveryRequestData data = new RecoveryRequestData(form); + return recoverKey(data); + } + + public KeyRequestInfo recoverKey(RecoveryRequestData data) { + // auth and authz + KeyRequestDAO dao = new KeyRequestDAO(); + KeyRequestInfo info; + try { + info = dao.submitRequest(data, uriInfo); + } catch (EBaseException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + } + return info; + } + + public void approveRequest(@PathParam("id") String id) { + // auth and authz + KeyRequestDAO dao = new KeyRequestDAO(); + try { + dao.approveRequest(id); + } catch (EBaseException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + } + } + + public void rejectRequest(@PathParam("id") String id) { + // auth and authz + KeyRequestDAO dao = new KeyRequestDAO(); + try { + dao.rejectRequest(id); + } catch (EBaseException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + } + } + + public void cancelRequest(@PathParam("id") String id) { + // auth and authz + KeyRequestDAO dao = new KeyRequestDAO(); + try { + dao.cancelRequest(id); + } catch (EBaseException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + } + } +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResource.java b/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResource.java index ce53053d4..0f8fbc78f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResource.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResource.java @@ -1,21 +1,3 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2011 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - package com.netscape.cms.servlet.request; import javax.ws.rs.DefaultValue; @@ -23,32 +5,16 @@ import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; -import javax.ws.rs.WebApplicationException; -import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.cms.servlet.base.CMSResource; -import com.netscape.cms.servlet.request.model.KeyRequestDAO; import com.netscape.cms.servlet.request.model.KeyRequestInfos; - -/** - * @author alee - * - */ -@Path("/keyrequests") -public class KeyRequestsResource extends CMSResource { - private static final int DEFAULT_START = 0; - private static final String DEFAULT_PAGESIZE = "20"; - private static final String DEFAULT_MAXRESULTS = "100"; - private static final String DEFAULT_MAXTIME = "10"; +@Path("/keyrequests") +public interface KeyRequestsResource { - @Context - UriInfo uriInfo; + public static final String DEFAULT_START = "0"; + public static final String DEFAULT_PAGESIZE = "20"; + public static final String DEFAULT_MAXRESULTS = "100"; + public static final String DEFAULT_MAXTIME = "10"; /** * Used to generate list of key requests based on the search parameters @@ -56,74 +22,11 @@ public class KeyRequestsResource extends CMSResource { @GET @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) public KeyRequestInfos listRequests(@QueryParam("requestState") String requestState, - @QueryParam("requestType") String requestType, - @QueryParam("clientID") String clientID, - @QueryParam("start") String start_s, - @DefaultValue(DEFAULT_PAGESIZE) @QueryParam("pageSize") int pageSize, - @DefaultValue(DEFAULT_MAXRESULTS) @QueryParam("maxResults") int maxResults, - @DefaultValue(DEFAULT_MAXTIME) @QueryParam("maxTime") int maxTime) { - // auth and authz - - // get ldap filter - String filter = createSearchFilter(requestState, requestType, clientID); - CMS.debug("listRequests: filter is " + filter); - - - // get start marker - int start = DEFAULT_START; - if (start_s != null) { - try { - if (start_s.trim().startsWith("0x")) { - start = Integer.parseInt(start_s.trim().substring(2), 16); - } else { - start = Integer.parseInt(start_s.trim()); - } - } catch (NumberFormatException e) { - CMS.debug("listRequests: NumberformatException: Invalid value for start " + start_s); - throw new WebApplicationException(Response.Status.NOT_FOUND); - } - } - - KeyRequestDAO reqDAO = new KeyRequestDAO(); - KeyRequestInfos requests; - try { - requests = reqDAO.listRequests(filter, start, pageSize, maxResults, maxTime, uriInfo); - } catch (EBaseException e) { - CMS.debug("listRequests: error in obtaining request results" + e); - e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); - } - return requests; - } + @QueryParam("requestType") String requestType, + @QueryParam("clientID") String clientID, + @DefaultValue(DEFAULT_START) @QueryParam("start") String start_s, + @DefaultValue(DEFAULT_PAGESIZE) @QueryParam("pageSize") int pageSize, + @DefaultValue(DEFAULT_MAXRESULTS) @QueryParam("maxResults") int maxResults, + @DefaultValue(DEFAULT_MAXTIME) @QueryParam("maxTime") int maxTime); - private String createSearchFilter(String requestState, String requestType, String clientID) { - String filter = ""; - int matches = 0; - - if ((requestState == null) && (requestType == null) && (clientID == null)) { - filter = "(requeststate=*)"; - return filter; - } - - if (requestState != null) { - filter += "(requeststate=" + requestState + ")"; - matches ++; - } - - if (requestType != null) { - filter += "(requesttype=" + requestType + ")"; - matches ++; - } - - if (clientID != null) { - filter += "(clientID=" + clientID + ")"; - matches ++; - } - - if (matches > 1) { - filter = "(&" + filter + ")"; - } - - return filter; - } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResourceService.java b/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResourceService.java new file mode 100644 index 000000000..290868ab5 --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResourceService.java @@ -0,0 +1,111 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cms.servlet.request; + +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.Response; +import javax.ws.rs.core.UriInfo; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.cms.servlet.base.CMSResourceService; +import com.netscape.cms.servlet.request.model.KeyRequestDAO; +import com.netscape.cms.servlet.request.model.KeyRequestInfos; + +/** + * @author alee + * + */ +public class KeyRequestsResourceService extends CMSResourceService implements KeyRequestsResource{ + + @Context + UriInfo uriInfo; + + /** + * Used to generate list of key requests based on the search parameters + */ + public KeyRequestInfos listRequests(String requestState, String requestType, String clientID, + String start_s, int pageSize, int maxResults, + int maxTime) { + // auth and authz + + // get ldap filter + String filter = createSearchFilter(requestState, requestType, clientID); + CMS.debug("listRequests: filter is " + filter); + + + // get start marker + int start = Integer.parseInt(KeyRequestsResource.DEFAULT_START); + if (start_s != null) { + try { + if (start_s.trim().startsWith("0x")) { + start = Integer.parseInt(start_s.trim().substring(2), 16); + } else { + start = Integer.parseInt(start_s.trim()); + } + } catch (NumberFormatException e) { + CMS.debug("listRequests: NumberformatException: Invalid value for start " + start_s); + throw new WebApplicationException(Response.Status.NOT_FOUND); + } + } + + KeyRequestDAO reqDAO = new KeyRequestDAO(); + KeyRequestInfos requests; + try { + requests = reqDAO.listRequests(filter, start, pageSize, maxResults, maxTime, uriInfo); + } catch (EBaseException e) { + CMS.debug("listRequests: error in obtaining request results" + e); + e.printStackTrace(); + throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + } + return requests; + } + + private String createSearchFilter(String requestState, String requestType, String clientID) { + String filter = ""; + int matches = 0; + + if ((requestState == null) && (requestType == null) && (clientID == null)) { + filter = "(requeststate=*)"; + return filter; + } + + if (requestState != null) { + filter += "(requeststate=" + requestState + ")"; + matches ++; + } + + if (requestType != null) { + filter += "(requesttype=" + requestType + ")"; + matches ++; + } + + if (clientID != null) { + filter += "(clientID=" + clientID + ")"; + matches ++; + } + + if (matches > 1) { + filter = "(&" + filter + ")"; + } + + return filter; + } +} diff --git a/pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java b/pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java new file mode 100644 index 000000000..8447faaec --- /dev/null +++ b/pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java @@ -0,0 +1,114 @@ +package com.netscape.cms.servlet.test; + +import java.util.Collection; +import java.util.Iterator; + +import javax.ws.rs.core.Response; + +import org.jboss.resteasy.client.ProxyFactory; + +import com.netscape.cms.servlet.admin.SystemCertificateResource; +import com.netscape.cms.servlet.cert.model.CertificateData; +import com.netscape.cms.servlet.key.KeyResource; +import com.netscape.cms.servlet.key.KeysResource; +import com.netscape.cms.servlet.key.model.KeyData; +import com.netscape.cms.servlet.key.model.KeyDataInfo; +import com.netscape.cms.servlet.key.model.KeyDataInfos; +import com.netscape.cms.servlet.request.KeyRequestResource; +import com.netscape.cms.servlet.request.KeyRequestsResource; +import com.netscape.cms.servlet.request.model.ArchivalRequestData; +import com.netscape.cms.servlet.request.model.KeyRequestInfo; +import com.netscape.cms.servlet.request.model.KeyRequestInfos; +import com.netscape.cms.servlet.request.model.RecoveryRequestData; + +public class DRMRestClient { + + private KeyResource keyClient; + private KeysResource keysClient; + private KeyRequestsResource keyRequestsClient; + private KeyRequestResource keyRequestClient; + private SystemCertificateResource systemCertClient; + + public DRMRestClient(String baseUri) { + systemCertClient = ProxyFactory.create(SystemCertificateResource.class, baseUri); + keyRequestsClient = ProxyFactory.create(KeyRequestsResource.class, baseUri); + keyRequestClient = ProxyFactory.create(KeyRequestResource.class, baseUri); + keysClient = ProxyFactory.create(KeysResource.class, baseUri); + keyClient = ProxyFactory.create(KeyResource.class, baseUri); + } + + public String getTransportCert() { + Response response = systemCertClient.getTransportCert(); + CertificateData certData = (CertificateData) response.getEntity(); + String transportCert = certData.getB64(); + return transportCert; + } + + public Collection<KeyRequestInfo> listRequests(String requestState, String requestType) { + KeyRequestInfos infos = keyRequestsClient.listRequests(requestState, requestType, null, "0", 100, 100, 10); + Collection<KeyRequestInfo> list = infos.getRequests(); + return list; + } + + public KeyRequestInfo archiveSecurityData(byte[] encoded, String clientId) { + // create archival request + ArchivalRequestData data = new ArchivalRequestData(); + String req1 = com.netscape.osutil.OSUtil.BtoA(encoded); + data.setWrappedPrivateData(req1); + data.setClientId(clientId); + + KeyRequestInfo info = keyRequestClient.archiveKey(data); + return info; + } + + public KeyDataInfo getKeyData(String clientId, String status) { + KeyDataInfos infos = keysClient.listKeys(clientId, status, 100, 10); + Collection<KeyDataInfo> list = infos.getKeyInfos(); + Iterator<KeyDataInfo> iter = list.iterator(); + + while (iter.hasNext()) { + KeyDataInfo info = iter.next(); + if (info != null) { + // return the first one + return info; + } + } + return null; + } + + public KeyRequestInfo requestRecovery(String keyId, byte[] rpwd, byte[] rkey) { + // create recovery request + RecoveryRequestData data = new RecoveryRequestData(); + data.setKeyId(keyId); + if (rpwd != null) { + data.setTransWrappedPassphrase(com.netscape.osutil.OSUtil.BtoA(rpwd)); + } + if (rkey != null) { + data.setTransWrappedSessionKey(com.netscape.osutil.OSUtil.BtoA(rkey)); + } + + KeyRequestInfo info = keyRequestClient.recoverKey(data); + return info; + } + + public void approveRecovery(String recoveryId) { + keyRequestClient.approveRequest(recoveryId); + } + + public KeyData retrieveKey(String keyId, String requestId, byte[] rpwd, byte[] rkey) { + // create recovery request + RecoveryRequestData data = new RecoveryRequestData(); + data.setKeyId(keyId); + data.setRequestId(requestId); + if (rkey != null) { + data.setTransWrappedSessionKey(com.netscape.osutil.OSUtil.BtoA(rkey)); + } else { + data.setTransWrappedPassphrase(com.netscape.osutil.OSUtil.BtoA(rpwd)); + } + KeyData key = keyClient.retrieveKey(data); + return key; + } + + + +}
\ No newline at end of file diff --git a/pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java b/pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java new file mode 100644 index 000000000..f222e5413 --- /dev/null +++ b/pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java @@ -0,0 +1,437 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.test; + +import java.io.ByteArrayOutputStream; +import java.io.CharConversionException; +import java.io.IOException; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateEncodingException; +import java.util.Calendar; +import java.util.Collection; +import java.util.Iterator; +import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.asn1.BIT_STRING; +import org.mozilla.jss.asn1.OBJECT_IDENTIFIER; +import org.mozilla.jss.asn1.OCTET_STRING; +import org.mozilla.jss.asn1.SEQUENCE; +import org.mozilla.jss.crypto.AlreadyInitializedException; +import org.mozilla.jss.crypto.BadPaddingException; +import org.mozilla.jss.crypto.Cipher; +import org.mozilla.jss.crypto.CryptoToken; +import org.mozilla.jss.crypto.EncryptionAlgorithm; +import org.mozilla.jss.crypto.IVParameterSpec; +import org.mozilla.jss.crypto.IllegalBlockSizeException; +import org.mozilla.jss.crypto.KeyGenAlgorithm; +import org.mozilla.jss.crypto.KeyGenerator; +import org.mozilla.jss.crypto.KeyWrapAlgorithm; +import org.mozilla.jss.crypto.KeyWrapper; +import org.mozilla.jss.crypto.SymmetricKey; +import org.mozilla.jss.crypto.TokenException; +import org.mozilla.jss.crypto.X509Certificate; +import org.mozilla.jss.pkix.crmf.EncryptedKey; +import org.mozilla.jss.pkix.crmf.EncryptedValue; +import org.mozilla.jss.pkix.crmf.PKIArchiveOptions; +import org.mozilla.jss.pkix.primitive.AVA; +import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; +import org.mozilla.jss.util.Password; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.CommandLineParser; +import org.apache.commons.cli.HelpFormatter; +import org.apache.commons.cli.Options; +import org.apache.commons.cli.ParseException; +import org.apache.commons.cli.PosixParser; +import com.netscape.cms.servlet.key.model.KeyData; +import com.netscape.cms.servlet.key.model.KeyDataInfo; +import com.netscape.cms.servlet.request.model.KeyRequestInfo; + +@SuppressWarnings("deprecation") +public class DRMTest { + + public static void usage(Options options) { + HelpFormatter formatter = new HelpFormatter(); + formatter.printHelp("DRMTest", options); + System.exit(1); + } + + public static void main(String args[]) { + String host = null; + String port = null; + String token_pwd = null; + + // parse command line arguments + Options options = new Options(); + options.addOption("h", true, "Hostname of the DRM"); + options.addOption("p", true, "Port of the DRM"); + options.addOption("w", true, "Token password"); + + try { + CommandLineParser parser = new PosixParser(); + CommandLine cmd = parser.parse(options, args); + + if (cmd.hasOption("h")) { + host = cmd.getOptionValue("h"); + } else { + System.err.println("Error: no hostname provided."); + usage(options); + } + + if (cmd.hasOption("p")) { + port = cmd.getOptionValue("p"); + } else { + System.err.println("Error: no port provided"); + usage(options); + } + + if (cmd.hasOption("w")) { + token_pwd = cmd.getOptionValue("w"); + } else { + System.err.println("Error: no token password provided"); + usage(options); + } + + } catch (ParseException e) { + System.err.println("Error in parsing command line options: " + e.getMessage()); + usage(options); + } + + // Initialize token + String db_dir = "./"; + try { + CryptoManager.initialize(db_dir); + } catch (AlreadyInitializedException e) { + // it is ok if it is already initialized + } catch (Exception e) { + log("INITIALIZATION ERROR: " + e.toString()); + System.exit(1); + } + + // log into token + CryptoManager manager = null; + CryptoToken token = null; + try { + manager = CryptoManager.getInstance(); + token = manager.getInternalKeyStorageToken(); + Password password = new Password(token_pwd.toCharArray()); + try { + token.login(password); + } catch (Exception e) { + log("login Exception: " + e.toString()); + if (!token.isLoggedIn()) { + token.initPassword(password, password); + } + } + } catch (Exception e) { + log("Exception in logging into token:" + e.toString()); + } + + // Set base URI + String baseUri = "http://" + host + ":" + port + "/pki"; + + DRMRestClient client = new DRMRestClient(baseUri); + + // Test 1: Get transport certificate from DRM + String transportCert = client.getTransportCert(); + log("Transport Cert retrieved from DRM: " + transportCert); + + // Test 2: Get list of completed key archival requests + log("\n\nList of completed archival requests"); + Collection<KeyRequestInfo> list = client.listRequests("complete", "enrolment"); + Iterator<KeyRequestInfo> iter = list.iterator(); + while (iter.hasNext()) { + KeyRequestInfo info = iter.next(); + printRequestInfo(info); + } + + // Test 3: Get list of key recovery requests + log("\n\nList of completed recovery requests"); + Collection<KeyRequestInfo> list2 = client.listRequests("complete", "recovery"); + Iterator<KeyRequestInfo> iter2 = list2.iterator(); + while (iter2.hasNext()) { + KeyRequestInfo info = iter2.next(); + printRequestInfo(info); + } + + // Test 4: Generate and archive a symmetric key + log("Archiving symmetric key"); + SymmetricKey vek = null; + String keyId = null; + KeyGenerator kg1 = null; + String clientId = "UUID: 123-45-6789 VEK " + Calendar.getInstance().getTime().toString(); + try { + kg1 = token.getKeyGenerator(KeyGenAlgorithm.DES3); + vek = kg1.generate(); + byte[] encoded = createPKIArchiveOptions(manager, token, transportCert, vek, null, kg1); + + KeyRequestInfo info = client.archiveSecurityData(encoded, clientId); + log("Archival Results:"); + printRequestInfo(info); + keyId = getId(info.getKeyURL()); + } catch (Exception e) { + log("Exception in archiving symmetric key:" + e.getMessage()); + e.printStackTrace(); + } + + //Test 5: Get keyId for active key with client ID + log("Getting key ID for symmetric key"); + KeyDataInfo keyInfo = client.getKeyData(clientId, "active"); + String keyId2 = getId(keyInfo.getKeyURL()); + if (keyId2 == null) { + log("No archived key found"); + } else { + log("Archived Key found: " + keyId); + } + + if (!keyId.equals(keyId2)) { + log("Error: key ids from search and archival do not match"); + } + + // Test 6: Submit a recovery request for the symmetric key using a session key + log("Submitting a recovery request for the symmetric key using session key"); + SymmetricKey recoveryKey = null; + String recoveryRequestId = null; + byte[] wrappedRecoveryKey = null; + try { + recoveryKey = kg1.generate(); + wrappedRecoveryKey = wrapSymmetricKey(manager, token, transportCert, recoveryKey); + KeyRequestInfo info = client.requestRecovery(keyId, null, wrappedRecoveryKey); + recoveryRequestId = getId(info.getRequestURL()); + } catch (Exception e) { + log("Exception in recovering symmetric key using session key: " + e.getMessage()); + } + + // Test 7: Approve recovery + log("Approving recovery request: " + recoveryRequestId); + client.approveRecovery(recoveryRequestId); + + // Test 8: Get key + log("Getting key: " + keyId); + + KeyData keyData = client.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey); + String recoveredWrappedKey = keyData.getWrappedPrivateData(); + String recoveredKey = unwrap(recoveredWrappedKey, recoveryKey); + + if (!recoveredKey.equals(com.netscape.osutil.OSUtil.BtoA(vek.getEncoded()))) { + log("Error: recovered and archived keys do not match!"); + } + + // Test 9: Submit a recovery request for the symmetric key using a passphrase + log("Submitting a recovery request for the symmetric key using session key"); + String recoveryPassphrase = "Gimme me keys please"; + byte[] wrappedRecoveryPassphrase = wrapPassphrase(recoveryPassphrase, transportCert); + KeyRequestInfo info = client.requestRecovery(keyId, wrappedRecoveryPassphrase, null); + recoveryRequestId = getId(info.getRequestURL()); + + //Test 10: Approve recovery + log("Approving recovery request: " + recoveryRequestId); + client.approveRecovery(recoveryRequestId); + + // Test 11: Get key + log("Getting key: " + keyId); + keyData = client.retrieveKey(keyId, recoveryRequestId, wrappedRecoveryPassphrase, null); + recoveredWrappedKey = keyData.getWrappedPrivateData(); + recoveredKey = unwrap(recoveredWrappedKey, recoveryKey); + + if (!recoveredKey.equals(com.netscape.osutil.OSUtil.BtoA(vek.getEncoded()))) { + log("Error: recovered and archived keys do not match!"); + } + + // Test 12: Generate and archive a passphrase + String passphrase = "Green Eggs and Ham 123"; + clientId = "UUID: 123-45-6789 RKEK " + Calendar.getInstance().getTime().toString(); + try { + byte[] encoded = createPKIArchiveOptions(manager, token, transportCert, null, passphrase, kg1); + info = client.archiveSecurityData(encoded, clientId); + log("Archival Results:"); + printRequestInfo(info); + keyId = getId(info.getKeyURL()); + } catch (Exception e) { + log("Exception in archiving symmetric key:" + e.toString()); + e.printStackTrace(); + } + + //Test 13: Get keyId for active passphrase with client ID + log("Getting key ID for passphrase"); + keyInfo = client.getKeyData(clientId, "active"); + keyId2 = getId(keyInfo.getKeyURL()); + if (keyId2 == null) { + log("No archived key found"); + } else { + log("Archived Key found: " + keyId); + } + + if (!keyId.equals(keyId2)) { + log("Error: key ids from search and archival do not match"); + } + + // Test 14: Submit a recovery request for the passphrase using a session key + log("Submitting a recovery request for the passphrase using session key"); + recoveryKey = null; + recoveryRequestId = null; + wrappedRecoveryKey = null; + try { + recoveryKey = kg1.generate(); + wrappedRecoveryKey = wrapSymmetricKey(manager, token, transportCert, recoveryKey); + info = client.requestRecovery(keyId, null, wrappedRecoveryKey); + recoveryRequestId = getId(info.getRequestURL()); + } catch (Exception e) { + log("Exception in recovering passphrase using session key: " + e.getMessage()); + } + + // Test 15: Approve recovery + log("Approving recovery request: " + recoveryRequestId); + client.approveRecovery(recoveryRequestId); + + // Test 16: Get key + log("Getting passphrase: " + keyId); + + keyData = client.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey); + recoveredWrappedKey = keyData.getWrappedPrivateData(); + recoveredKey = unwrap(recoveredWrappedKey, recoveryKey); + + if (!unwrap(recoveredKey).equals(passphrase)) { + log("Error: recovered and archived passphrases do not match!"); + } + + // Test 17: Submit a recovery request for the passphrase using a passphrase + log("Submitting a recovery request for the passphrase using a passphrase"); + info = client.requestRecovery(keyId, wrappedRecoveryPassphrase, null); + recoveryRequestId = getId(info.getRequestURL()); + + //Test 18: Approve recovery + log("Approving recovery request: " + recoveryRequestId); + client.approveRecovery(recoveryRequestId); + + // Test 19: Get key + log("Getting passphrase: " + keyId); + keyData = client.retrieveKey(keyId, recoveryRequestId, wrappedRecoveryPassphrase, null); + recoveredWrappedKey = keyData.getWrappedPrivateData(); + recoveredKey = unwrap(recoveredWrappedKey, recoveryKey); + + if (!unwrap(recoveredKey).equals(passphrase)) { + log("Error: recovered and archived passphrases do not match!"); + } + + } + + private static String unwrap(String recoveredKey) { + // TODO Auto-generated method stub + return null; + } + + private static byte[] wrapPassphrase(String recoveryPassphrase, String transportCert) { + // TODO Auto-generated method stub + return null; + } + + private static void log(String string) { + // TODO Auto-generated method stub + System.out.println(string); + } + + private static String unwrap(String recoveredWrappedKey, SymmetricKey recoveryKey) { + // TODO Auto-generated method stub + return null; + } + + private static String getId(String link) { + return link.substring(link.lastIndexOf("/")); + } + + private static byte[] createPKIArchiveOptions(CryptoManager manager, CryptoToken token, String transportCert, + SymmetricKey vek, String passphrase, KeyGenerator kg1) throws TokenException, CharConversionException, + NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException, + CertificateEncodingException, IOException, IllegalStateException, IllegalBlockSizeException, + BadPaddingException { + EncryptionAlgorithm encryptionAlgorithm = null; + byte[] key_data = null; + byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; + IVParameterSpec IV = null; + IV = new IVParameterSpec(iv); + + //generate session key + SymmetricKey sk = kg1.generate(); + + if (passphrase != null) { + Cipher cipher = null; + encryptionAlgorithm = EncryptionAlgorithm.DES3_CBC_PAD; + cipher = token.getCipherContext(encryptionAlgorithm); + log("cipher " + cipher); + + if (cipher != null) { + cipher.initEncrypt(sk, IV); + key_data = cipher.doFinal(passphrase.getBytes()); + log("Pass phrase mode key_data: " + key_data); + + // Try to decrypt + cipher.initDecrypt(sk, IV); + byte[] decrypted = cipher.doFinal(key_data); + String s = new String(decrypted); + log("Re decrypted pass phrase " + s); + + } else { + throw new IOException("Failed to create cipher"); + } + } else { + // wrap payload using session key + KeyWrapper wrapper1 = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); + wrapper1.initWrap(sk, new IVParameterSpec(iv)); + key_data = wrapper1.wrap(vek); + } + + // wrap session key using transport key + byte[] session_data = wrapSymmetricKey(manager, token, transportCert, sk); + + // create PKIArchiveOptions structure + AlgorithmIdentifier algS = new AlgorithmIdentifier(new OBJECT_IDENTIFIER("1.2.840.113549.3.7"), + new OCTET_STRING(iv)); + EncryptedValue encValue = new EncryptedValue(null, algS, new BIT_STRING(session_data, 0), null, null, + new BIT_STRING(key_data, 0)); + EncryptedKey key = new EncryptedKey(encValue); + PKIArchiveOptions opt = new PKIArchiveOptions(key); + SEQUENCE seq = new SEQUENCE(); + seq.addElement(new AVA(new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.5.1.4"), opt)); + + ByteArrayOutputStream bo = new ByteArrayOutputStream(); + seq.encode(bo); + byte[] encoded = bo.toByteArray(); + return encoded; + } + + private static byte[] wrapSymmetricKey(CryptoManager manager, CryptoToken token, String transportCert, + SymmetricKey sk) throws CertificateEncodingException, TokenException, NoSuchAlgorithmException, + InvalidKeyException, InvalidAlgorithmParameterException { + byte transport[] = com.netscape.osutil.OSUtil.AtoB(transportCert); + X509Certificate tcert = manager.importCACertPackage(transport); + KeyWrapper rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA); + rsaWrap.initWrap(tcert.getPublicKey(), null); + byte session_data[] = rsaWrap.wrap(sk); + return session_data; + } + + private static void printRequestInfo(KeyRequestInfo info) { + log("KeyRequestURL: " + info.getRequestURL()); + log("Key URL: " + info.getKeyURL()); + log("Status: " + info.getRequestStatus()); + log("Type: " + info.getRequestType()); + } + +} |