diff options
author | Ade Lee <alee@redhat.com> | 2016-04-16 16:13:58 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2016-04-20 17:30:24 -0400 |
commit | c198f02b53b4a702e5ca8e3477f89f2b72a7b467 (patch) | |
tree | 6a56ec625791100a9fb191d377e4bf0ba08096b0 /base/server/cms | |
parent | 2f730b62e589cd829c5fcb021a2a92d436073eac (diff) | |
download | pki-c198f02b53b4a702e5ca8e3477f89f2b72a7b467.tar.gz pki-c198f02b53b4a702e5ca8e3477f89f2b72a7b467.tar.xz pki-c198f02b53b4a702e5ca8e3477f89f2b72a7b467.zip |
Make recovery methods more consistent
The async recovery request mechanism was implemented differently
from other requests. This makes it difficult to add tings like
authorization consisitently.
We move the required methods to the KeyRequestDAO to be more
consistent.
Part of Ticket #2041
Diffstat (limited to 'base/server/cms')
-rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java | 47 |
1 files changed, 43 insertions, 4 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java index 3d5300370..bdb1269a8 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java +++ b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java @@ -17,6 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; +import java.math.BigInteger; +import java.security.cert.CertificateException; import java.util.Arrays; import java.util.Collection; import java.util.Enumeration; @@ -53,6 +55,7 @@ import com.netscape.certsrv.key.KeyRequestResponse; import com.netscape.certsrv.key.KeyResource; import com.netscape.certsrv.key.SymKeyGenerationRequest; import com.netscape.certsrv.kra.IKeyRecoveryAuthority; +import com.netscape.certsrv.kra.IKeyService; import com.netscape.certsrv.profile.IEnrollProfile; import com.netscape.certsrv.request.CMSRequestInfo; import com.netscape.certsrv.request.CMSRequestInfos; @@ -60,6 +63,9 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.request.CMSRequestDAO; +import com.netscape.cmsutil.util.Utils; + +import netscape.security.x509.X509CertImpl; /** * @author alee @@ -94,11 +100,13 @@ public class KeyRequestDAO extends CMSRequestDAO { private IKeyRepository repo; private IKeyRecoveryAuthority kra; + private IKeyService service; public KeyRequestDAO() { super("kra"); kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( "kra" ); repo = kra.getKeyRepository(); + service = (IKeyService) kra; } /** @@ -277,6 +285,39 @@ public class KeyRequestDAO extends CMSRequestDAO { return createKeyRequestResponse(request, uriInfo); } + public KeyRequestResponse submitAsyncKeyRecoveryRequest(KeyRecoveryRequest data, UriInfo uriInfo, + String requestor) throws EBaseException { + if (data == null) { + throw new BadRequestException("Invalid request."); + } + + KeyId keyId = data.getKeyId(); + IKeyRecord rec = null; + try { + rec = repo.readKeyRecord(keyId.toBigInteger()); + } catch (EDBRecordNotFoundException e) { + throw new KeyNotFoundException(keyId); + } + + String b64Certificate = data.getCertificate(); + byte[] certData = Utils.base64decode(b64Certificate); + String requestId = null; + try { + requestId = service.initAsyncKeyRecovery(new BigInteger(keyId.toString()), new X509CertImpl(certData), requestor); + // TODO - update request with realm + } catch (EBaseException | CertificateException e) { + e.printStackTrace(); + throw new PKIException(e.toString()); + } + IRequest request = null; + try { + request = queue.findRequest(new RequestId(requestId)); + } catch (EBaseException e) { + } + return createCMSRequestResponse(request, uriInfo); + } + + public KeyRequestResponse submitRequest(SymKeyGenerationRequest data, UriInfo uriInfo, String owner) throws EBaseException { String clientKeyId = data.getClientKeyId(); @@ -429,10 +470,8 @@ public class KeyRequestDAO extends CMSRequestDAO { return createKeyRequestResponse(request, uriInfo); } - public void approveRequest(RequestId id) throws EBaseException { - IRequest request = queue.findRequest(id); - request.setRequestStatus(RequestStatus.APPROVED); - queue.updateRequest(request); + public void approveRequest(RequestId id, String requestor) throws EBaseException { + service.addAgentAsyncKeyRecovery(id.toString(), requestor); } public void rejectRequest(RequestId id) throws EBaseException { |