diff options
| author | Ade Lee <alee@redhat.com> | 2017-04-07 12:23:47 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2017-04-11 16:48:33 -0400 |
| commit | 77d2064858e4623fa25f4986647f318d8bf8a6f7 (patch) | |
| tree | a2d3690572a51c2a09bbe86af8090e768f762d2f /base/server/cms/src/org | |
| parent | a29888e42c14c9c7e642769b747bb288d39a0809 (diff) | |
| download | pki-77d2064858e4623fa25f4986647f318d8bf8a6f7.tar.gz pki-77d2064858e4623fa25f4986647f318d8bf8a6f7.tar.xz pki-77d2064858e4623fa25f4986647f318d8bf8a6f7.zip | |
Add KRAInfo resource
This resource (which will be accessed at /kra/rest/info)
will initially return the mechanism for archival or retrieval.
This is needed by clients to know how to package secrets when
archiving.
Change-Id: I6990ebb9c9dafc4158e51ba61a30e773d1d953ec
Diffstat (limited to 'base/server/cms/src/org')
| -rw-r--r-- | base/server/cms/src/org/dogtagpki/server/rest/KRAInfoService.java | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/KRAInfoService.java b/base/server/cms/src/org/dogtagpki/server/rest/KRAInfoService.java new file mode 100644 index 000000000..c4b3252b2 --- /dev/null +++ b/base/server/cms/src/org/dogtagpki/server/rest/KRAInfoService.java @@ -0,0 +1,67 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2017 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package org.dogtagpki.server.rest; + +import javax.servlet.http.HttpSession; +import javax.ws.rs.core.Response; + +import org.dogtagpki.common.KRAInfo; +import org.dogtagpki.common.KRAInfoResource; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.cms.servlet.base.PKIService; + +/** + * @author Ade Lee + */ +public class KRAInfoService extends PKIService implements KRAInfoResource { + + private static Logger logger = LoggerFactory.getLogger(InfoService.class); + + @Override + public Response getInfo() throws Exception { + + HttpSession session = servletRequest.getSession(); + logger.debug("KRAInfoService.getInfo(): session: " + session.getId()); + + KRAInfo info = new KRAInfo(); + info.setArchivalMechanism(getArchivalMechanism()); + info.setRecoveryMechanism(getRecoveryMechanism()); + + + return createOKResponse(info); + } + + String getArchivalMechanism() throws EBaseException { + IConfigStore cs = CMS.getConfigStore(); + boolean encrypt_archival = cs.getBoolean("kra.allowEncDecrypt.archival", false); + return encrypt_archival ? KRAInfoResource.ENCRYPT_MECHANISM : KRAInfoResource.KEYWRAP_MECHANISM; + } + + String getRecoveryMechanism() throws EBaseException { + IConfigStore cs = CMS.getConfigStore(); + boolean encrypt_recovery = cs.getBoolean("kra.allowEncDecrypt.recovery", false); + return encrypt_recovery ? KRAInfoResource.ENCRYPT_MECHANISM : KRAInfoResource.KEYWRAP_MECHANISM; + } +} + |