diff options
author | Ade Lee <alee@redhat.com> | 2017-04-07 16:52:31 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2017-04-11 16:48:48 -0400 |
commit | 24d7e952e4f048fcb58dcd1b33009e92afde365d (patch) | |
tree | ae571f9cb0af0037ad7eeab754a1fd473705fbca /base/server/cms/src/org | |
parent | 77d2064858e4623fa25f4986647f318d8bf8a6f7 (diff) | |
download | pki-24d7e952e4f048fcb58dcd1b33009e92afde365d.tar.gz pki-24d7e952e4f048fcb58dcd1b33009e92afde365d.tar.xz pki-24d7e952e4f048fcb58dcd1b33009e92afde365d.zip |
Add CAInfo resource
This resource (which will be accessed at /ca/rest/info)
will initially return the mechanism for archival.
This is needed by clients to know how to package secrets when
archiving. We may add the transport cert later.
Change-Id: Ib13d52344e38dc9b54c0d2a1645f1211dd84069b
Diffstat (limited to 'base/server/cms/src/org')
-rw-r--r-- | base/server/cms/src/org/dogtagpki/server/rest/CAInfoService.java | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/CAInfoService.java b/base/server/cms/src/org/dogtagpki/server/rest/CAInfoService.java new file mode 100644 index 000000000..975ad61ac --- /dev/null +++ b/base/server/cms/src/org/dogtagpki/server/rest/CAInfoService.java @@ -0,0 +1,64 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2017 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package org.dogtagpki.server.rest; + +import javax.servlet.http.HttpSession; +import javax.ws.rs.core.Response; + +import org.dogtagpki.common.CAInfo; +import org.dogtagpki.common.CAInfoResource; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.cms.servlet.base.PKIService; + +/** + * @author Ade Lee + */ +public class CAInfoService extends PKIService implements CAInfoResource { + + private static Logger logger = LoggerFactory.getLogger(InfoService.class); + + @Override + public Response getInfo() throws Exception { + + HttpSession session = servletRequest.getSession(); + logger.debug("CAInfoService.getInfo(): session: " + session.getId()); + + CAInfo info = new CAInfo(); + String archivalMechanism = getArchivalMechanism(); + + if (archivalMechanism != null) + info.setArchivalMechanism(getArchivalMechanism()); + + return createOKResponse(info); + } + + String getArchivalMechanism() throws EBaseException { + IConfigStore cs = CMS.getConfigStore(); + boolean kra_present = cs.getBoolean("ca.connector.KRA.enable", false); + if (!kra_present) return null; + + boolean encrypt_archival = cs.getBoolean("kra.allowEncDecrypt.archival", false); + return encrypt_archival ? KRAInfoService.ENCRYPT_MECHANISM : KRAInfoService.KEYWRAP_MECHANISM; + } +} |