diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2015-09-29 11:17:21 -0400 |
---|---|---|
committer | Fraser Tweedale <ftweedal@redhat.com> | 2015-10-06 09:41:38 +1000 |
commit | 9a2f79f9fb4dce130d1495450e7a680e04648626 (patch) | |
tree | 2932e430e402f3993d5282ae003e9cc1b31af9fc /base/common/src | |
parent | dec7fe7aea653d1192bab47a503c98970f8d898f (diff) | |
download | pki-9a2f79f9fb4dce130d1495450e7a680e04648626.tar.gz pki-9a2f79f9fb4dce130d1495450e7a680e04648626.tar.xz pki-9a2f79f9fb4dce130d1495450e7a680e04648626.zip |
Lightweight CAs: implement deletion API and CLI
Implement lightweight authority deletion including CLI command. To
be deleted an authority must be disabled and have no sub-CAs.
Fixes: https://fedorahosted.org/pki/ticket/1324
Diffstat (limited to 'base/common/src')
6 files changed, 54 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/certsrv/authority/AuthorityClient.java b/base/common/src/com/netscape/certsrv/authority/AuthorityClient.java index 86de3352e..5a80877ca 100644 --- a/base/common/src/com/netscape/certsrv/authority/AuthorityClient.java +++ b/base/common/src/com/netscape/certsrv/authority/AuthorityClient.java @@ -59,4 +59,9 @@ public class AuthorityClient extends Client { return client.getEntity(response, AuthorityData.class); } + public void deleteCA(String aidString) { + Response response = proxy.deleteCA(aidString); + client.getEntity(response, Void.class); + } + } diff --git a/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java b/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java index eaef903db..c6dc69624 100644 --- a/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java +++ b/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java @@ -1,5 +1,6 @@ package com.netscape.certsrv.authority; +import javax.ws.rs.DELETE; import javax.ws.rs.GET; import javax.ws.rs.POST; import javax.ws.rs.PUT; @@ -93,4 +94,11 @@ public interface AuthorityResource { @ACLMapping("authorities.modify") public Response disableCA(@PathParam("id") String caIDString); + @DELETE + @Path("{id}") + @ClientResponseType(entityType=Void.class) + @AuthMethodMapping("authorities") + @ACLMapping("authorities.delete") + public Response deleteCA(@PathParam("id") String caIDString); + } diff --git a/base/common/src/com/netscape/certsrv/ca/AuthorityID.java b/base/common/src/com/netscape/certsrv/ca/AuthorityID.java index daac587b7..9816f87ad 100644 --- a/base/common/src/com/netscape/certsrv/ca/AuthorityID.java +++ b/base/common/src/com/netscape/certsrv/ca/AuthorityID.java @@ -29,6 +29,10 @@ public class AuthorityID implements Comparable<AuthorityID> { return uuid.toString(); } + public boolean equals(AuthorityID aid) { + return this.compareTo(aid) == 0; + } + public int compareTo(AuthorityID aid) { return uuid.compareTo(aid.uuid); } diff --git a/base/common/src/com/netscape/certsrv/ca/CAEnabledException.java b/base/common/src/com/netscape/certsrv/ca/CAEnabledException.java new file mode 100644 index 000000000..4c85276f3 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/ca/CAEnabledException.java @@ -0,0 +1,15 @@ +package com.netscape.certsrv.ca; + +/** + * Exception to throw when an operation cannot be performed because + * the CA to which the operation pertains is enabled. + */ +public class CAEnabledException extends ECAException { + + private static final long serialVersionUID = 1056602856006912665L; + + public CAEnabledException(String msgFormat) { + super(msgFormat); + } + +} diff --git a/base/common/src/com/netscape/certsrv/ca/CANotLeafException.java b/base/common/src/com/netscape/certsrv/ca/CANotLeafException.java new file mode 100644 index 000000000..eabca7364 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/ca/CANotLeafException.java @@ -0,0 +1,16 @@ +package com.netscape.certsrv.ca; + +/** + * Exception to throw when an operation cannot be performed because + * the CA to which the operation pertains is not a leaf CA (ie, has + * sub-CAs). + */ +public class CANotLeafException extends ECAException { + + private static final long serialVersionUID = -2729093578678941399L; + + public CANotLeafException(String msgFormat) { + super(msgFormat); + } + +} diff --git a/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java b/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java index 31d5c9277..96bc39229 100644 --- a/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java +++ b/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java @@ -583,4 +583,10 @@ public interface ICertificateAuthority extends ISubsystem { */ public void modifyAuthority(Boolean enabled, String desc) throws EBaseException; + + /** + * Delete this lightweight CA. + */ + public void deleteAuthority() + throws EBaseException; } |