Added method to modify connector

Also changed permissions to allow admin users to delete a connector
and its associated shared secret.

5 files changed, 123 insertions, 3 deletions

diff --git a/base/common/src/com/netscape/certsrv/system/TPSConnectorClient.java b/base/common/src/com/netscape/certsrv/system/TPSConnectorClient.java
index fa5ae4f2d..d2009d6cf 100644
--- a/base/common/src/com/netscape/certsrv/system/TPSConnectorClient.java
+++ b/base/common/src/com/netscape/certsrv/system/TPSConnectorClient.java
@@ -44,6 +44,13 @@ public class TPSConnectorClient extends Client {
         return client.getEntity(response);
     }
 
+    public TPSConnectorData modifyConnector(String id, TPSConnectorData data) {
+        @SuppressWarnings("unchecked")
+        ClientResponse<TPSConnectorData> response = (ClientResponse<TPSConnectorData>)
+                tpsConnectorClient.modifyConnector(id, data);
+        return client.getEntity(response);
+    }
+
     public void deleteConnector(String id) {
         tpsConnectorClient.deleteConnector(id);
     }
diff --git a/base/common/src/com/netscape/certsrv/system/TPSConnectorResource.java b/base/common/src/com/netscape/certsrv/system/TPSConnectorResource.java
index 54519f0ff..e10e132da 100644
--- a/base/common/src/com/netscape/certsrv/system/TPSConnectorResource.java
+++ b/base/common/src/com/netscape/certsrv/system/TPSConnectorResource.java
@@ -17,6 +17,7 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.system;
 
+import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
@@ -61,6 +62,13 @@ public interface TPSConnectorResource {
     public Response createConnector(@QueryParam("host") String host,
             @QueryParam("port") String port);
 
+    @POST
+    @Path("{id}")
+    @ClientResponseType(entityType=TPSConnectorData.class)
+    @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+    @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+    public Response modifyConnector(@PathParam("id") String id, TPSConnectorData data);
+
     @DELETE
     @Path("{id}")
     public void deleteConnector(@PathParam("id") String id);
diff --git a/base/common/src/com/netscape/cms/servlet/tks/TPSConnectorService.java b/base/common/src/com/netscape/cms/servlet/tks/TPSConnectorService.java
index 765973e3f..ad00b050a 100644
--- a/base/common/src/com/netscape/cms/servlet/tks/TPSConnectorService.java
+++ b/base/common/src/com/netscape/cms/servlet/tks/TPSConnectorService.java
@@ -137,8 +137,45 @@ public class TPSConnectorService implements TPSConnectorResource {
                     .build();
 
         } catch (EBaseException e) {
+            CMS.debug("Unable to create new TPS Connector: " + e);
             e.printStackTrace();
-            throw new PKIException("Unable to create  new TPS connection data" + e);
+            throw new PKIException("Unable to create  new TPS connector: " + e);
+        }
+    }
+
+    @Override
+    public Response modifyConnector(String id, TPSConnectorData data) {
+        try {
+            if (id == null) {
+                throw new BadRequestException("Invalid connector ID");
+            }
+
+            if (!connectorExists(id)) {
+                throw new ResourceNotFoundException("TPS connection does not exist");
+            }
+
+            // Note: we are deliberately NOT allowing the userid to be modified by the
+            // admin here, because this is what maps to a user cert to retrieve the shared
+            // secret
+            if ((data.getUserID() != null) || (data.getNickname() != null)) {
+                throw new UnauthorizedException("Cannot change userid or nickname using this interface");
+            }
+            TPSConnectorData curData = getConnector(id);
+            curData.setHost(data.getHost());
+            curData.setPort(data.getPort());
+
+            saveClientData(curData);
+            cs.commit(true);
+
+            return Response
+                    .ok(curData.getLink().getHref())
+                    .entity(curData)
+                    .type(MediaType.APPLICATION_XML)
+                    .build();
+        } catch (EBaseException e) {
+            CMS.debug("Unable to modify TPS Connector: " + e);
+            e.printStackTrace();
+            throw new PKIException("Unable to modify TPS Connector: " + e);
         }
     }
 
@@ -287,8 +324,11 @@ public class TPSConnectorService implements TPSConnectorResource {
                 return;
             }
 
-            // get and validate user
-            String userid = validateUser(id);
+            // get user
+            String userid = cs.getString("tps." + id + ".userid", "");
+            if (userid.isEmpty()) {
+                throw new PKIException("Bad TPS connection configuration: userid not defined");
+            }
 
             String nickname = userid + " sharedSecret";
             if (!CryptoUtil.sharedSecretExists(nickname)) {
diff --git a/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorCLI.java b/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorCLI.java
index 609c08379..093e5203a 100644
--- a/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorCLI.java
@@ -37,6 +37,7 @@ public class TPSConnectorCLI extends CLI {
 
         addModule(new TPSConnectorAddCLI(this));
         addModule(new TPSConnectorFindCLI(this));
+        addModule(new TPSConnectorModCLI(this));
         addModule(new TPSConnectorRemoveCLI(this));
     }
 
diff --git a/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorModCLI.java b/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorModCLI.java
new file mode 100644
index 000000000..339c66b45
--- /dev/null
+++ b/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorModCLI.java
@@ -0,0 +1,64 @@
+package com.netscape.cmstools.system;
+
+import org.apache.commons.cli.CommandLine;
+import org.apache.commons.cli.Option;
+
+import com.netscape.certsrv.system.TPSConnectorData;
+import com.netscape.cmstools.cli.CLI;
+import com.netscape.cmstools.cli.MainCLI;
+
+public class TPSConnectorModCLI extends CLI {
+    public TPSConnectorCLI tpsConnectorCLI;
+
+    public TPSConnectorModCLI(TPSConnectorCLI tpsConnectorCLI) {
+        super("mod", "Modify TPS connector on TKS", tpsConnectorCLI);
+        this.tpsConnectorCLI = tpsConnectorCLI;
+    }
+
+    public void printHelp() {
+        formatter.printHelp(getFullName() + " <Connector ID> [OPTIONS...]", options);
+    }
+
+    public void execute(String[] args) throws Exception {
+        Option option = new Option(null, "host", true, "TPS host");
+        option.setArgName("host");
+        options.addOption(option);
+
+        option = new Option(null, "port", true, "TPS port");
+        option.setArgName("port");
+        options.addOption(option);
+
+        CommandLine cmd = null;
+
+        try {
+            cmd = parser.parse(options, args);
+
+        } catch (Exception e) {
+            System.err.println("Error: " + e.getMessage());
+            printHelp();
+            System.exit(1);
+        }
+
+        String[] cmdArgs = cmd.getArgs();
+        if (cmdArgs.length != 1) {
+            printHelp();
+            System.exit(1);
+        }
+
+        String connID = cmdArgs[0];
+
+        TPSConnectorData data = new TPSConnectorData();
+        data.setID(connID);
+
+        // NOTE: neither nickname nor userid can be set using this interface
+        data.setHost(cmd.getOptionValue("host"));
+        data.setPort(cmd.getOptionValue("port"));
+
+        data = tpsConnectorCLI.tpsConnectorClient.modifyConnector(connID, data);
+
+        MainCLI.printMessage("Modified TPS connector \""+connID +"\"");
+
+        TPSConnectorCLI.printConnectorInfo(data);
+    }
+
+}