diff options
author | Ade Lee <alee@redhat.com> | 2012-05-13 23:04:36 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2012-07-03 13:58:45 -0400 |
commit | 9ce810c0b2fef9f70178dbeee8a3523755a2a260 (patch) | |
tree | a25cd9e9969898506ed2a4cb17a3cfbeb68496cf /base/ca | |
parent | 0f3451befbc14bd6ec29d9e1e3845f970f288653 (diff) | |
download | pki-9ce810c0b2fef9f70178dbeee8a3523755a2a260.tar.gz pki-9ce810c0b2fef9f70178dbeee8a3523755a2a260.tar.xz pki-9ce810c0b2fef9f70178dbeee8a3523755a2a260.zip |
Adding restful interface to create certificate requests and issue certificates.
Refactored ProfileSubmitServlet to make the flow clearer. Both the legacy servlets
and the new RESTful servlets use common ProfileProcessor objects that contain the main
business logic, so that the amount of duplicated code is minimized.
Refactored ProfileProcessServlet to use the new common classes.
Addressed review comments. Removed an unneeded class and reverted some unneeded jaxb
annotations. Added factory methods.
Diffstat (limited to 'base/ca')
3 files changed, 171 insertions, 39 deletions
diff --git a/base/ca/functional/src/com/netscape/cms/servlet/test/CARestClient.java b/base/ca/functional/src/com/netscape/cms/servlet/test/CARestClient.java index 775c3d9b6..67138e529 100644 --- a/base/ca/functional/src/com/netscape/cms/servlet/test/CARestClient.java +++ b/base/ca/functional/src/com/netscape/cms/servlet/test/CARestClient.java @@ -36,6 +36,7 @@ import com.netscape.cms.servlet.profile.model.ProfileData; import com.netscape.cms.servlet.profile.model.ProfileDataInfos; import com.netscape.cms.servlet.request.CertRequestResource; import com.netscape.cms.servlet.request.CertRequestsResource; +import com.netscape.cms.servlet.request.model.AgentEnrollmentRequestData; import com.netscape.cms.servlet.request.model.CertRequestInfo; import com.netscape.cms.servlet.request.model.CertRequestInfos; import com.netscape.cms.servlet.request.model.EnrollmentRequestData; @@ -104,7 +105,7 @@ public class CARestClient extends CMSRestClient { } - public CertRequestInfo enrollCertificate(EnrollmentRequestData data) { + public CertRequestInfos enrollCertificate(EnrollmentRequestData data) { if (data == null) { return null; @@ -113,11 +114,41 @@ public class CARestClient extends CMSRestClient { } public CertRequestInfo getRequest(RequestId id) { - if (id == null) { return null; } return certRequestClient.getRequestInfo(id); } + public AgentEnrollmentRequestData reviewRequest(RequestId id) { + if (id == null) { + return null; + } + return certRequestClient.reviewRequest(id); + } + + public void approveRequest(RequestId id, AgentEnrollmentRequestData data) { + certRequestClient.approveRequest(id, data); + } + + public void rejectRequest(RequestId id, AgentEnrollmentRequestData data) { + certRequestClient.rejectRequest(id, data); + } + + public void cancelRequest(RequestId id, AgentEnrollmentRequestData data) { + certRequestClient.cancelRequest(id, data); + } + + public void updateRequest(RequestId id, AgentEnrollmentRequestData data) { + certRequestClient.updateRequest(id, data); + } + + public void validateRequest(RequestId id, AgentEnrollmentRequestData data) { + certRequestClient.validateRequest(id, data); + } + + public void unassignRequest(RequestId id, AgentEnrollmentRequestData data) { + certRequestClient.unassignRequest(id, data); + } + } diff --git a/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java b/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java index c3d55527c..9afb1f386 100644 --- a/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java +++ b/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java @@ -45,7 +45,9 @@ import com.netscape.cms.servlet.profile.model.ProfileDataInfo; import com.netscape.cms.servlet.profile.model.ProfileDataInfos; import com.netscape.cms.servlet.profile.model.ProfileInput; import com.netscape.cms.servlet.request.RequestNotFoundException; +import com.netscape.cms.servlet.request.model.AgentEnrollmentRequestData; import com.netscape.cms.servlet.request.model.CertRequestInfo; +import com.netscape.cms.servlet.request.model.CertRequestInfos; import com.netscape.cms.servlet.request.model.EnrollmentRequestData; public class CATest { @@ -203,44 +205,20 @@ public class CATest { //Initiate a Certificate Enrollment - EnrollmentRequestData data = new EnrollmentRequestData(); - data.setProfileId("caUserCert"); - data.setIsRenewal(false); + EnrollmentRequestData data = createUserCertEnrollment(); + enrollAndApproveCertRequest(client, data); - //Simulate a "caUserCert" Profile enrollment - - ProfileInput certReq = data.addInput("Key Generation"); - certReq.setInputAttr("cert_request_type", "crmf"); - certReq.setInputAttr( - "cert_request", - "MIIBozCCAZ8wggEFAgQBMQp8MIHHgAECpQ4wDDEKMAgGA1UEAxMBeKaBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2NgaPHp0jiohcP4M+ufrJOZEqH8GV+liu5JLbT8nWpkfhC+8EUBqT6g+n3qroSxIcNVGNdcsBEqs1utvpItzyslAbpdyat3WwQep1dWMzo6RHrPDuIoxNA0Yka1n3qEX4U//08cLQtUv2bYglYgN/hOCNQemLV6vZWAv0n7zelkCAwEAAakQMA4GA1UdDwEB/wQEAwIF4DAzMBUGCSsGAQUFBwUBAQwIcmVnVG9rZW4wGgYJKwYBBQUHBQECDA1hdXRoZW50aWNhdG9yoYGTMA0GCSqGSIb3DQEBBQUAA4GBAJ1VOQcaSEhdHa94s8kifVbSZ2WZeYE5//qxL6wVlEst20vq4ybj13CetnbN3+WT49Zkwp7Fg+6lALKgSk47suTg3EbbQDm+8yOrC0nc/q4PTRoHl0alMmUxIhirYc1t3xoCMqJewmjX1bNP8lpVIZAYFZo4eZCpZaiSkM5BeHhz"); + // submit a RA authenticated user cert request + EnrollmentRequestData rdata = createRAUserCertEnrollment(); + enrollCertRequest(client, rdata); - ProfileInput subjectName = data.addInput("Subject Name"); - subjectName.setInputAttr("sn_uid", "jmagne"); - subjectName.setInputAttr("sn_e", "jmagne@redhat.com"); - subjectName.setInputAttr("sn_c", "US"); - subjectName.setInputAttr("sn_ou", "Development"); - subjectName.setInputAttr("sn_ou1", "IPA"); - subjectName.setInputAttr("sn_ou2", "Dogtag"); - subjectName.setInputAttr("sn_ou3", "CA"); - subjectName.setInputAttr("sn_cn", "Common"); - subjectName.setInputAttr("sn_o", "RedHat"); - - ProfileInput submitter = data.addInput("Requestor Information"); - submitter.setInputAttr("requestor_name", "admin"); - submitter.setInputAttr("requestor_email", "admin@redhat.com"); - submitter.setInputAttr("requestor_phone", "650-555-5555"); - - CertRequestInfo reqInfo = null; - - try { - reqInfo = client.enrollCertificate(data); - } catch (Exception e) { - e.printStackTrace(); - log(e.toString()); - } + // now try a manually approved server cert + EnrollmentRequestData serverData = createServerCertEnrollment(); + enrollAndApproveCertRequest(client,serverData); - printRequestInfo(reqInfo); + // submit using an agent approval profile + serverData.setProfileId("caAgentServerCert"); + enrollCertRequest(client, serverData); //Perform a sample certificate search with advanced search terms @@ -293,6 +271,120 @@ public class CATest { } + private static void enrollAndApproveCertRequest(CARestClient client, EnrollmentRequestData data) { + CertRequestInfos reqInfo = null; + try { + reqInfo = client.enrollCertificate(data); + } catch (Exception e) { + e.printStackTrace(); + log(e.toString()); + } + + for (CertRequestInfo info : reqInfo.getRequests()) { + printRequestInfo(info); + + AgentEnrollmentRequestData reviewData = client.reviewRequest(info.getRequestId()); + log(reviewData.toString()); + + reviewData.setRequestNotes("This is an approval message"); + client.approveRequest(reviewData.getRequestId(), reviewData); + } + } + + private static void enrollCertRequest(CARestClient client, EnrollmentRequestData data) { + CertRequestInfos reqInfo = null; + try { + reqInfo = client.enrollCertificate(data); + } catch (Exception e) { + e.printStackTrace(); + log(e.toString()); + } + + for (CertRequestInfo info : reqInfo.getRequests()) { + printRequestInfo(info); + } + } + + private static EnrollmentRequestData createUserCertEnrollment() { + EnrollmentRequestData data = new EnrollmentRequestData(); + data.setProfileId("caUserCert"); + data.setIsRenewal(false); + + //Simulate a "caUserCert" Profile enrollment + + ProfileInput certReq = data.createInput("Key Generation"); + certReq.setInputAttr("cert_request_type", "crmf"); + certReq.setInputAttr( + "cert_request", + "MIIBozCCAZ8wggEFAgQBMQp8MIHHgAECpQ4wDDEKMAgGA1UEAxMBeKaBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2NgaPHp0jiohcP4M+ufrJOZEqH8GV+liu5JLbT8nWpkfhC+8EUBqT6g+n3qroSxIcNVGNdcsBEqs1utvpItzyslAbpdyat3WwQep1dWMzo6RHrPDuIoxNA0Yka1n3qEX4U//08cLQtUv2bYglYgN/hOCNQemLV6vZWAv0n7zelkCAwEAAakQMA4GA1UdDwEB/wQEAwIF4DAzMBUGCSsGAQUFBwUBAQwIcmVnVG9rZW4wGgYJKwYBBQUHBQECDA1hdXRoZW50aWNhdG9yoYGTMA0GCSqGSIb3DQEBBQUAA4GBAJ1VOQcaSEhdHa94s8kifVbSZ2WZeYE5//qxL6wVlEst20vq4ybj13CetnbN3+WT49Zkwp7Fg+6lALKgSk47suTg3EbbQDm+8yOrC0nc/q4PTRoHl0alMmUxIhirYc1t3xoCMqJewmjX1bNP8lpVIZAYFZo4eZCpZaiSkM5BeHhz"); + + ProfileInput subjectName = data.createInput("Subject Name"); + subjectName.setInputAttr("sn_uid", "jmagne"); + subjectName.setInputAttr("sn_e", "jmagne@redhat.com"); + subjectName.setInputAttr("sn_c", "US"); + subjectName.setInputAttr("sn_ou", "Development"); + subjectName.setInputAttr("sn_ou1", "IPA"); + subjectName.setInputAttr("sn_ou2", "Dogtag"); + subjectName.setInputAttr("sn_ou3", "CA"); + subjectName.setInputAttr("sn_cn", "Common"); + subjectName.setInputAttr("sn_o", "RedHat"); + + ProfileInput submitter = data.createInput("Requestor Information"); + submitter.setInputAttr("requestor_name", "admin"); + submitter.setInputAttr("requestor_email", "admin@redhat.com"); + submitter.setInputAttr("requestor_phone", "650-555-5555"); + return data; + } + + private static EnrollmentRequestData createRAUserCertEnrollment() { + EnrollmentRequestData data = new EnrollmentRequestData(); + data.setProfileId("caDualRAuserCert"); + data.setIsRenewal(false); + + //Simulate a "caUserCert" Profile enrollment + + ProfileInput certReq = data.createInput("Key Generation"); + certReq.setInputAttr("cert_request_type", "crmf"); + certReq.setInputAttr( + "cert_request", + "MIIB5DCCAeAwggFGAgQTosnaMIIBB4ABAqVOMEwxETAPBgNVBAMTCGFsZWUgcmEzMR4wHAYJKoZIhvcNAQkBFg9hbGVlQHJlZGhhdC5jb20xFzAVBgoJkiaJk/IsZAEBEwdhbGVlcmEzpoGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkQh3k+1323YgQD+oA9yzftqxbGQlsbz0f2OEeOL5h0uhg/qPlSNMjRN3mAeuaNyF0n/Bdxv4699gRTsyEaVJu7HX+kauSCZv+J0tvHiYuHQz1/TSscU9TNLyQjgXVKQFHEdjZa2cQNdmMDUFWrftAK6BFnsP3Tu712qZPAuBH9QIDAQABqRAwDgYDVR0PAQH/BAQDAgXgMDMwFQYJKwYBBQUHBQEBDAhyZWdUb2tlbjAaBgkrBgEFBQcFAQIMDWF1dGhlbnRpY2F0b3KhgZMwDQYJKoZIhvcNAQEFBQADgYEATNi3vMxn9KMto999sR4ik851jqbb6L0GL1KKgQ/hjIAACQb2H+0OpqeZ2+DcGd+oAQn1YZe8aPoFu+HOWjHlY1E2tm7TI1B6JpCL3TMag3mYryROX7l7LFEa1P730aGOWJF874bG8UWisU190zhCBQUqUjsd9DwaP42qM0gnzas="); + + ProfileInput subjectName = data.createInput("Subject Name"); + subjectName.setInputAttr("sn_uid", "aleera3"); + subjectName.setInputAttr("sn_e", "alee@redhat.com"); + subjectName.setInputAttr("sn_cn", "alee ra3"); + + ProfileInput submitter = data.createInput("Requestor Information"); + submitter.setInputAttr("requestor_name", "admin"); + submitter.setInputAttr("requestor_email", "admin@redhat.com"); + submitter.setInputAttr("requestor_phone", "650-555-1234"); + return data; + } + + private static EnrollmentRequestData createServerCertEnrollment() { + EnrollmentRequestData data = new EnrollmentRequestData(); + data.setProfileId("caServerCert"); + data.setIsRenewal(false); + + //Simulate a "caUserCert" Profile enrollment + + ProfileInput certReq = data.createInput("Key Generation"); + certReq.setInputAttr("cert_request_type", "pkcs10"); + certReq.setInputAttr( + "cert_request", + "MIIBZjCB0AIBADAnMQ8wDQYDVQQKEwZyZWRoYXQxFDASBgNVBAMTC2FsZWUtd29ya3BjMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJtuKg9osJEBUwz8LoMQwwm1m7D97NNJEmvEhvBMet+VCtbd/erAFMoVXEgSKks/XFK2ViTeZYpp0A2pe4bm4yxowZm0b6von9BKGQ0jNtLemoOkGRWC/PP+fYP16aH62xu4z8MH1pBubdlAEp3Ppnr93aB1lzQaPVmcR3B4OWhwIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAgZhZOe0LqQD5iywAO7sY0PANVGzzdcmoLZJjjASY3kU5E3K8u3FKh24WJxcWzdC+/FysDkJixJb7xGUm697QwZvGxmAIQH4yIebWJ2KLHQQgRJytjVYySrRo2Fuo/dm2zzf3+o8WBuD2eMsEjsZfuKxhz7EahvyC2y/CuTBA08s=" + ); + ProfileInput subjectName = data.createInput("Subject Name"); + subjectName.setInputAttr("sn_cn", "alee-workpc"); + subjectName.setInputAttr("sn_o", "redhat"); + + ProfileInput submitter = data.createInput("Requestor Information"); + submitter.setInputAttr("requestor_name", "admin"); + submitter.setInputAttr("requestor_email", "admin@redhat.com"); + submitter.setInputAttr("requestor_phone", "650-555-5555"); + return data; + } + private static void printProfileInfos(ProfileDataInfos pInfos) { if (pInfos == null) { @@ -451,11 +543,11 @@ public class CATest { } log("CertRequestURL: " + info.getRequestURL()); - log("CertId: " + info.getCertId()); + log("CertId: " + ((info.getCertId() != null) ? info.getCertId() : "")); log("RequestType: " + info.getCertRequestType()); log("Status: " + info.getRequestStatus()); log("Type: " + info.getRequestType()); - log("CertURL: " + info.getCertURL() + "\n"); + log("CertURL: " + ((info.getCertURL() != null) ? info.getCertURL(): "") + "\n"); } private static void log(String string) { diff --git a/base/ca/shared/conf/CS.cfg.in b/base/ca/shared/conf/CS.cfg.in index ada97c4fa..527de831d 100644 --- a/base/ca/shared/conf/CS.cfg.in +++ b/base/ca/shared/conf/CS.cfg.in @@ -1056,6 +1056,15 @@ profile.caEncUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caEncUserCert.cfg profile.caEncECUserCert.class_id=caEnrollImpl profile.caEncECUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caEncECUserCert.cfg registry.file=[PKI_INSTANCE_PATH]/conf/registry.cfg +profile.caProfileProcess.getClientCert=true +profile.caProfileProcess.authzMgr=BasicAclAuthz +profile.caProfileProcess.authorityId=ca +profile.caProfileProcess.authzResourceName=certServer.ca.request.profile +profile.caProfileProcess.authMgr=certUserDBAuthMgr +profile.caProfileSubmit.authorityId=ca +profile.caProfileSubmit.authzMgr=BasicAclAuthz +profile.caProfileSubmit.authzResourceName=certServer.ee.profile +profile.caProfileSubmit.getClientCert=false request.assignee.enable=true selftests._000=## selftests._001=## Self Tests |