Lightweight CAs: implement deletion API and CLI

Implement lightweight authority deletion including CLI command. To be deleted an authority must be disabled and have no sub-CAs. Fixes: https://fedorahosted.org/pki/ticket/1324
author: Fraser Tweedale <ftweedal@redhat.com> 2015-09-29 11:17:21 -0400
committer: Fraser Tweedale <ftweedal@redhat.com> 2015-10-06 09:41:38 +1000
commit: 9a2f79f9fb4dce130d1495450e7a680e04648626 (patch)
tree: 2932e430e402f3993d5282ae003e9cc1b31af9fc /base/common/src
parent: dec7fe7aea653d1192bab47a503c98970f8d898f (diff)
download: pki-9a2f79f9fb4dce130d1495450e7a680e04648626.tar.gz
pki-9a2f79f9fb4dce130d1495450e7a680e04648626.tar.xz
pki-9a2f79f9fb4dce130d1495450e7a680e04648626.zip
6 files changed, 54 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/certsrv/authority/AuthorityClient.java b/base/common/src/com/netscape/certsrv/authority/AuthorityClient.java
index 86de3352e..5a80877ca 100644
--- a/base/common/src/com/netscape/certsrv/authority/AuthorityClient.java
+++ b/base/common/src/com/netscape/certsrv/authority/AuthorityClient.java
@@ -59,4 +59,9 @@ public class AuthorityClient extends Client {
         return client.getEntity(response, AuthorityData.class);
     }
 
+    public void deleteCA(String aidString) {
+        Response response = proxy.deleteCA(aidString);
+        client.getEntity(response, Void.class);
+    }
+
 }
diff --git a/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java b/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java
index eaef903db..c6dc69624 100644
--- a/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java
+++ b/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java
@@ -1,5 +1,6 @@
 package com.netscape.certsrv.authority;
 
+import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.PUT;
@@ -93,4 +94,11 @@ public interface AuthorityResource {
     @ACLMapping("authorities.modify")
     public Response disableCA(@PathParam("id") String caIDString);
 
+    @DELETE
+    @Path("{id}")
+    @ClientResponseType(entityType=Void.class)
+    @AuthMethodMapping("authorities")
+    @ACLMapping("authorities.delete")
+    public Response deleteCA(@PathParam("id") String caIDString);
+
 }
diff --git a/base/common/src/com/netscape/certsrv/ca/AuthorityID.java b/base/common/src/com/netscape/certsrv/ca/AuthorityID.java
index daac587b7..9816f87ad 100644
--- a/base/common/src/com/netscape/certsrv/ca/AuthorityID.java
+++ b/base/common/src/com/netscape/certsrv/ca/AuthorityID.java
@@ -29,6 +29,10 @@ public class AuthorityID implements Comparable<AuthorityID> {
         return uuid.toString();
     }
 
+    public boolean equals(AuthorityID aid) {
+        return this.compareTo(aid) == 0;
+    }
+
     public int compareTo(AuthorityID aid) {
         return uuid.compareTo(aid.uuid);
     }
diff --git a/base/common/src/com/netscape/certsrv/ca/CAEnabledException.java b/base/common/src/com/netscape/certsrv/ca/CAEnabledException.java
new file mode 100644
index 000000000..4c85276f3
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/ca/CAEnabledException.java
@@ -0,0 +1,15 @@
+package com.netscape.certsrv.ca;
+
+/**
+ * Exception to throw when an operation cannot be performed because
+ * the CA to which the operation pertains is enabled.
+ */
+public class CAEnabledException extends ECAException {
+
+    private static final long serialVersionUID = 1056602856006912665L;
+
+    public CAEnabledException(String msgFormat) {
+        super(msgFormat);
+    }
+
+}
diff --git a/base/common/src/com/netscape/certsrv/ca/CANotLeafException.java b/base/common/src/com/netscape/certsrv/ca/CANotLeafException.java
new file mode 100644
index 000000000..eabca7364
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/ca/CANotLeafException.java
@@ -0,0 +1,16 @@
+package com.netscape.certsrv.ca;
+
+/**
+ * Exception to throw when an operation cannot be performed because
+ * the CA to which the operation pertains is not a leaf CA (ie, has
+ * sub-CAs).
+ */
+public class CANotLeafException extends ECAException {
+
+    private static final long serialVersionUID = -2729093578678941399L;
+
+    public CANotLeafException(String msgFormat) {
+        super(msgFormat);
+    }
+
+}
diff --git a/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java b/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java
index 31d5c9277..96bc39229 100644
--- a/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java
+++ b/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java
@@ -583,4 +583,10 @@ public interface ICertificateAuthority extends ISubsystem {
      */
     public void modifyAuthority(Boolean enabled, String desc)
         throws EBaseException;
+
+    /**
+     * Delete this lightweight CA.
+     */
+    public void deleteAuthority()
+        throws EBaseException;
 }
author	Fraser Tweedale <ftweedal@redhat.com>	2015-09-29 11:17:21 -0400
committer	Fraser Tweedale <ftweedal@redhat.com>	2015-10-06 09:41:38 +1000
commit	9a2f79f9fb4dce130d1495450e7a680e04648626 (patch)
tree	2932e430e402f3993d5282ae003e9cc1b31af9fc /base/common/src
parent	dec7fe7aea653d1192bab47a503c98970f8d898f (diff)
download	pki-9a2f79f9fb4dce130d1495450e7a680e04648626.tar.gz pki-9a2f79f9fb4dce130d1495450e7a680e04648626.tar.xz pki-9a2f79f9fb4dce130d1495450e7a680e04648626.zip