Add service to generate and retrieve a shared secret

A new REST service has been added to the TKS to manage shared secrets. The shared secret is tied to the TKS-TPS connector, and is created at the end of the TPS configuration. At this point, the TPS contacts the TKS and requests that the shared secret be generated. The secret is returned to the TPS, wrapped using the subsystem certificate of the TPS. The TPS should then decrypt the shared secret and store it in its certificate database. This operations requires JSS changes, though, and so will be deferred to a later patch. For now, though, if the TPS and TKS share the same certdb, then it is sufficient to generate the shared secret. Clients and CLI are also provided. The CLI in particular is used to remove the TPSConnector entries and the shared secret when the TPS is pkidestroyed.
author: Ade Lee <alee@redhat.com> 2013-09-25 22:09:10 -0400
committer: Ade Lee <alee@redhat.com> 2013-09-30 11:52:05 -0400
commit: 6eaf2c01c211cf06053c82b1e296909ce8d874b6 (patch)
tree: 878a2f962d49686706d78d353aac61d839deb2ec /base/java-tools/src/com
parent: 5874cad1abe832a4a74cb37a4c22f0e18cf9bd8e (diff)
download: pki-6eaf2c01c211cf06053c82b1e296909ce8d874b6.tar.gz
pki-6eaf2c01c211cf06053c82b1e296909ce8d874b6.tar.xz
pki-6eaf2c01c211cf06053c82b1e296909ce8d874b6.zip
5 files changed, 289 insertions, 0 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/cli/TKSCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/TKSCLI.java
index df7050189..b8c90ed47 100644
--- a/base/java-tools/src/com/netscape/cmstools/cli/TKSCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cli/TKSCLI.java
@@ -21,6 +21,7 @@ package com.netscape.cmstools.cli;
 import com.netscape.certsrv.client.Client;
 import com.netscape.certsrv.tks.TKSClient;
 import com.netscape.cmstools.group.GroupCLI;
+import com.netscape.cmstools.system.TPSConnectorCLI;
 import com.netscape.cmstools.user.UserCLI;
 
 /**
@@ -34,6 +35,7 @@ public class TKSCLI extends SubsystemCLI {
         super("tks", "TKS management commands", parent);
 
         addModule(new GroupCLI(this));
+        addModule(new TPSConnectorCLI(this));
         addModule(new UserCLI(this));
     }
 
diff --git a/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorAddCLI.java b/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorAddCLI.java
new file mode 100644
index 000000000..c9e1df985
--- /dev/null
+++ b/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorAddCLI.java
@@ -0,0 +1,52 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2013 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cmstools.system;
+
+import com.netscape.cmstools.cli.CLI;
+import com.netscape.cmstools.cli.MainCLI;
+
+/**
+ * @author Ade Lee
+ */
+public class TPSConnectorAddCLI extends CLI {
+    public TPSConnectorCLI tpsConnectorCLI;
+
+    public TPSConnectorAddCLI(TPSConnectorCLI tpsConnectorCLI) {
+        super("add", "Add TPS Connector to TKS", tpsConnectorCLI);
+        this.tpsConnectorCLI = tpsConnectorCLI;
+    }
+
+    public void printHelp() {
+        formatter.printHelp(getFullName() + " <TPS Host> <TPS Port>", options);
+    }
+
+    public void execute(String[] args) throws Exception {
+        if (args.length != 2) {
+            printHelp();
+            System.exit(1);
+        }
+
+        String tpsHost = args[0];
+        String tpsPort = args[1];
+
+        tpsConnectorCLI.tpsConnectorClient.createConnector(tpsHost, tpsPort);
+
+        MainCLI.printMessage("Added TPS connector \""+tpsHost + ":" + tpsPort +"\"");
+    }
+
+}
diff --git a/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorCLI.java b/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorCLI.java
new file mode 100644
index 000000000..7a87c3428
--- /dev/null
+++ b/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorCLI.java
@@ -0,0 +1,94 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2013 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cmstools.system;
+
+import java.util.Arrays;
+
+import org.jboss.resteasy.plugins.providers.atom.Link;
+
+import com.netscape.certsrv.system.TPSConnectorClient;
+import com.netscape.certsrv.system.TPSConnectorData;
+import com.netscape.cmstools.cli.CLI;
+
+/**
+ * @author Ade Lee
+ */
+public class TPSConnectorCLI extends CLI {
+
+    public TPSConnectorClient tpsConnectorClient;
+
+    public TPSConnectorCLI(CLI parent) {
+        super("tpsconnector", "TPS Connector management commands", parent);
+
+        addModule(new TPSConnectorAddCLI(this));
+        addModule(new TPSConnectorFindCLI(this));
+        addModule(new TPSConnectorRemoveCLI(this));
+    }
+
+    public String getFullName() {
+        return parent.getFullName() + "-" + name;
+    }
+
+    public void execute(String[] args) throws Exception {
+
+        client = parent.getClient();
+        tpsConnectorClient = (TPSConnectorClient)parent.getClient("tpsconnector");
+
+        if (tpsConnectorClient == null) {
+            // if parent doesn't have user client then create a new one
+            tpsConnectorClient = new TPSConnectorClient(client);
+        }
+
+        if (args.length == 0) {
+            printHelp();
+            System.exit(1);
+        }
+
+        String command = args[0];
+        String[] commandArgs = Arrays.copyOfRange(args, 1, args.length);
+
+        if (command == null) {
+            printHelp();
+            System.exit(1);
+        }
+
+        CLI module = getModule(command);
+        if (module != null) {
+            module.execute(commandArgs);
+
+        } else {
+            System.err.println("Error: Invalid command \""+command+"\"");
+            printHelp();
+            System.exit(1);
+        }
+    }
+
+    public static void printConnectorInfo(TPSConnectorData data) {
+        System.out.println("  Connector ID: " + data.getID());
+        if (data.getHost() != null) System.out.println("  Host: " + data.getHost());
+        if (data.getPort() != null) System.out.println("  Port: " + data.getPort());
+        if (data.getUserID() != null) System.out.println("  User ID: " + data.getUserID());
+        if (data.getNickname() != null) System.out.println("  Nickname: " + data.getNickname());
+
+        Link link = data.getLink();
+        if (verbose && link != null) {
+            System.out.println("  Link: " + link.getHref());
+        }
+    }
+
+}
diff --git a/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorFindCLI.java b/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorFindCLI.java
new file mode 100644
index 000000000..0a42b7d3f
--- /dev/null
+++ b/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorFindCLI.java
@@ -0,0 +1,88 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2013 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cmstools.system;
+
+import java.util.Collection;
+
+import org.apache.commons.cli.CommandLine;
+import org.apache.commons.cli.Option;
+
+import com.netscape.certsrv.system.TPSConnectorCollection;
+import com.netscape.certsrv.system.TPSConnectorData;
+import com.netscape.cmstools.cli.CLI;
+
+/**
+ * @author Ade Lee
+ */
+public class TPSConnectorFindCLI extends CLI {
+    public TPSConnectorCLI tpsConnectorCLI;
+
+    public TPSConnectorFindCLI(TPSConnectorCLI tpsConnectorCLI) {
+        super("find", "Find TPS connector details on TKS", tpsConnectorCLI);
+        this.tpsConnectorCLI = tpsConnectorCLI;
+    }
+
+    public void printHelp() {
+        formatter.printHelp(getFullName() + " [OPTIONS...]", options);
+    }
+
+    public void execute(String[] args) throws Exception {
+        Option option = new Option(null, "host", true, "TPS host");
+        option.setArgName("host");
+        options.addOption(option);
+
+        option = new Option(null, "port", true, "TPS port");
+        option.setArgName("port");
+        options.addOption(option);
+
+        CommandLine cmd = null;
+
+        try {
+            cmd = parser.parse(options, args);
+
+        } catch (Exception e) {
+            System.err.println("Error: " + e.getMessage());
+            printHelp();
+            System.exit(1);
+        }
+
+        String tpsHost = cmd.getOptionValue("host");
+        String tpsPort = cmd.getOptionValue("port");
+
+        if (tpsHost != null) {
+            if (tpsPort == null) tpsPort = "443";
+            TPSConnectorData data = tpsConnectorCLI.tpsConnectorClient.getConnector(
+                    tpsHost, tpsPort);
+            TPSConnectorCLI.printConnectorInfo(data);
+        } else {
+            TPSConnectorCollection result = tpsConnectorCLI.tpsConnectorClient.listConnectors();
+            Collection<TPSConnectorData> conns = result.getEntries();
+
+            boolean first = true;
+            for (TPSConnectorData data: conns) {
+                if (first) {
+                    first = false;
+                } else {
+                    System.out.println();
+                }
+
+                TPSConnectorCLI.printConnectorInfo(data);
+            }
+        }
+    }
+}
diff --git a/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorRemoveCLI.java b/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorRemoveCLI.java
new file mode 100644
index 000000000..f721fe28f
--- /dev/null
+++ b/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorRemoveCLI.java
@@ -0,0 +1,53 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2013 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cmstools.system;
+
+import com.netscape.cmstools.cli.CLI;
+import com.netscape.cmstools.cli.MainCLI;
+
+/**
+ * @author Ade Lee
+ */
+public class TPSConnectorRemoveCLI extends CLI {
+    public TPSConnectorCLI tpsConnectorCLI;
+
+    public TPSConnectorRemoveCLI(TPSConnectorCLI tpsConnectorCLI) {
+        super("del", "Remove TPS connector from TKS", tpsConnectorCLI);
+        this.tpsConnectorCLI = tpsConnectorCLI;
+    }
+
+    public void printHelp() {
+        formatter.printHelp(getFullName() + " <TPS Host> <TPS Port>", options);
+    }
+
+    public void execute(String[] args) throws Exception {
+
+        if (args.length != 2) {
+            printHelp();
+            System.exit(1);
+        }
+
+        String tpsHost = args[0];
+        String tpsPort = args[1];
+
+        tpsConnectorCLI.tpsConnectorClient.deleteConnector(tpsHost, tpsPort);
+
+        MainCLI.printMessage("Removed TPS connector \""+tpsHost + ":" + tpsPort +"\"");
+    }
+
+}
author	Ade Lee <alee@redhat.com>	2013-09-25 22:09:10 -0400
committer	Ade Lee <alee@redhat.com>	2013-09-30 11:52:05 -0400
commit	6eaf2c01c211cf06053c82b1e296909ce8d874b6 (patch)
tree	878a2f962d49686706d78d353aac61d839deb2ec /base/java-tools/src/com
parent	5874cad1abe832a4a74cb37a4c22f0e18cf9bd8e (diff)
download	pki-6eaf2c01c211cf06053c82b1e296909ce8d874b6.tar.gz pki-6eaf2c01c211cf06053c82b1e296909ce8d874b6.tar.xz pki-6eaf2c01c211cf06053c82b1e296909ce8d874b6.zip