diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2015-01-28 02:41:10 -0500 |
---|---|---|
committer | Fraser Tweedale <ftweedal@redhat.com> | 2015-09-26 14:11:51 +1000 |
commit | 2a9f56d02b4a284cda6f8b61b250e1494f19a83e (patch) | |
tree | 9b12125932ed41a5dbe06f8dafb66656e78c7ad8 /base/common/src/com/netscape/certsrv/authority | |
parent | a5a50e95a691587e22335018538b4f578dfee6d1 (diff) | |
download | pki-2a9f56d02b4a284cda6f8b61b250e1494f19a83e.tar.gz pki-2a9f56d02b4a284cda6f8b61b250e1494f19a83e.tar.xz pki-2a9f56d02b4a284cda6f8b61b250e1494f19a83e.zip |
Lightweight CAs: initial support
This commit adds initial support for "lightweight CAs" - CAs that
inhabit an existing CA instance and share the request queue and
certificate database of the "top-level CA".
We initially support only sub-CAs under the top-level CA - either
direct sub-CAs or nested. The general design will support hosting
unrelated CAs but creation or import of unrelated CAs is not yet
implemented.
Part of: https://fedorahosted.org/pki/ticket/1213
Diffstat (limited to 'base/common/src/com/netscape/certsrv/authority')
-rw-r--r-- | base/common/src/com/netscape/certsrv/authority/AuthorityData.java | 123 | ||||
-rw-r--r-- | base/common/src/com/netscape/certsrv/authority/AuthorityResource.java | 96 |
2 files changed, 219 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/certsrv/authority/AuthorityData.java b/base/common/src/com/netscape/certsrv/authority/AuthorityData.java new file mode 100644 index 000000000..2312c3989 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authority/AuthorityData.java @@ -0,0 +1,123 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2015 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +/** + * @author ftweedal + */ +package com.netscape.certsrv.authority; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.Marshaller; +import javax.xml.bind.Unmarshaller; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlRootElement; +import org.jboss.resteasy.plugins.providers.atom.Link; + +@XmlRootElement(name = "authority") +@XmlAccessorType(XmlAccessType.FIELD) +public class AuthorityData { + + public static Marshaller marshaller; + public static Unmarshaller unmarshaller; + + static { + try { + marshaller = JAXBContext.newInstance(AuthorityData.class).createMarshaller(); + marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); + unmarshaller = JAXBContext.newInstance(AuthorityData.class).createUnmarshaller(); + } catch (Exception e) { + e.printStackTrace(); + } + } + + @XmlAttribute + protected Boolean isHostAuthority; + + public Boolean getIsHostAuthority() { + return isHostAuthority; + } + + + @XmlAttribute + protected String id; + + public String getID() { + return id; + } + + + @XmlAttribute + protected String parentID; + + public String getParentID() { + return parentID; + } + + + @XmlAttribute + protected String dn; + + public String getDN() { + return dn; + } + + + @XmlAttribute + protected Boolean enabled; + + public Boolean getEnabled() { + return enabled; + } + + + @XmlAttribute + protected String description; + + public String getDescription() { + return description; + } + + + protected Link link; + + public Link getLink() { + return link; + } + + public void setLink(Link link) { + this.link = link; + } + + protected AuthorityData() { + } + + public AuthorityData( + Boolean isHostAuthority, + String dn, String id, String parentID, + Boolean enabled, String description) { + this.isHostAuthority = isHostAuthority; + this.dn = dn; + this.id = id; + this.parentID = parentID; + this.enabled = enabled; + this.description = description; + } + +} diff --git a/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java b/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java new file mode 100644 index 000000000..eaef903db --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java @@ -0,0 +1,96 @@ +package com.netscape.certsrv.authority; + +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.PUT; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.core.Response; + +import org.jboss.resteasy.annotations.ClientResponseType; + +import com.netscape.certsrv.acls.ACLMapping; +import com.netscape.certsrv.authentication.AuthMethodMapping; + +@Path("authorities") +public interface AuthorityResource { + + public static final String HOST_AUTHORITY = "host-authority"; + + @GET + public Response listCAs(); + /* + @QueryParam("start") Integer start, + @QueryParam("size") Integer size); + */ + + @GET + @Path("{id}") + @ClientResponseType(entityType=AuthorityData.class) + public Response getCA(@PathParam("id") String caIDString); + + @GET + @Path("{id}/cert") + @Produces("application/pkix-cert") + @ClientResponseType(entityType=byte[].class) + public Response getCert(@PathParam("id") String caIDString); + + @GET + @Path("{id}/cert") + @Produces("application/x-pem-file") + @ClientResponseType(entityType=String.class) + public Response getCertPEM(@PathParam("id") String caIDString); + + @GET + @Path("{id}/chain") + @Produces("application/pkcs7-mime") + @ClientResponseType(entityType=byte[].class) + public Response getChain(@PathParam("id") String caIDString); + + @GET + @Path("{id}/chain") + @Produces("application/x-pem-file") + @ClientResponseType(entityType=String.class) + public Response getChainPEM(@PathParam("id") String caIDString); + + @POST + @ClientResponseType(entityType=AuthorityData.class) + @AuthMethodMapping("authorities") + @ACLMapping("authorities.create") + public Response createCA(AuthorityData data); + + /** + * Modify a CA (supports partial updates). + * + * isHostEnabled, authorityID, authorityParentID and DN are + * immutable; differences in these values are ignored. + * + * Other values, if null, are ignored, otherwise they are + * set to the new value. To remove the description, use an + * empty string. + */ + @PUT + @Path("{id}") + @ClientResponseType(entityType=AuthorityData.class) + @AuthMethodMapping("authorities") + @ACLMapping("authorities.modify") + public Response modifyCA( + @PathParam("id") String caIDString, + AuthorityData data); + + @POST + @Path("{id}/enable") + @ClientResponseType(entityType=AuthorityData.class) + @AuthMethodMapping("authorities") + @ACLMapping("authorities.modify") + public Response enableCA(@PathParam("id") String caIDString); + + @POST + @Path("{id}/disable") + @ClientResponseType(entityType=AuthorityData.class) + @AuthMethodMapping("authorities") + @ACLMapping("authorities.modify") + public Response disableCA(@PathParam("id") String caIDString); + +} |