diff options
author | Jack Magne <jmagne@dhcp-32-224.sjc.redhat.com> | 2012-04-29 19:44:56 -0700 |
---|---|---|
committer | Jack Magne <jmagne@dhcp-32-224.sjc.redhat.com> | 2012-05-07 18:56:46 -0700 |
commit | b0bca63ac46e079e3a21ed1c4d6fd532966568d0 (patch) | |
tree | 54c880869f40d2ec9ac30c7a201f2810dbd341a0 /base | |
parent | 391d345b5a6a1a905e3db4105a65dd4fdd0d19a9 (diff) | |
download | pki-b0bca63ac46e079e3a21ed1c4d6fd532966568d0.tar.gz pki-b0bca63ac46e079e3a21ed1c4d6fd532966568d0.tar.xz pki-b0bca63ac46e079e3a21ed1c4d6fd532966568d0.zip |
Provide CA EE Restful interface and test client.
Tickets #144 and #145
Providing the following:
1. Simple EE restful interface for certificates, printing, listing and searching.
2. Simple EE restful interface for certificate enrollment requests.
3. Simple EE restful interface for profiles and profile properties.
4. Simple Test client to exercise the functionality.
5. Created restful client base class inherited by CARestClient and DRMRestClient.
6. Provide simple restful implementations of new interfaces added.
ToDO: Need some more refactoring to base classes for some of the new classes which are similar to classes
in the DRM restful area.
ToDO: Actual certificate enrollment code that will be refactored from existing ProfileSubmitServlet.
Provide CA EE Restful interface and test client review fixes.
Diffstat (limited to 'base')
49 files changed, 4958 insertions, 349 deletions
diff --git a/base/ca/functional/src/com/netscape/cms/servlet/test/CARestClient.java b/base/ca/functional/src/com/netscape/cms/servlet/test/CARestClient.java new file mode 100644 index 000000000..775c3d9b6 --- /dev/null +++ b/base/ca/functional/src/com/netscape/cms/servlet/test/CARestClient.java @@ -0,0 +1,123 @@ +//--- BEGIN COPYRIGHT BLOCK --- +//This program is free software; you can redistribute it and/or modify +//it under the terms of the GNU General Public License as published by +//the Free Software Foundation; version 2 of the License. +// +//This program is distributed in the hope that it will be useful, +//but WITHOUT ANY WARRANTY; without even the implied warranty of +//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +//GNU General Public License for more details. +// +//You should have received a copy of the GNU General Public License along +//with this program; if not, write to the Free Software Foundation, Inc., +//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +//(C) 2012 Red Hat, Inc. +//All rights reserved. +//--- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.test; + +import java.net.URISyntaxException; +import java.util.Collection; + +import org.jboss.resteasy.client.ProxyFactory; + +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.certsrv.request.RequestId; +import com.netscape.cms.servlet.cert.CertResource; +import com.netscape.cms.servlet.cert.CertsResource; +import com.netscape.cms.servlet.cert.model.CertDataInfos; +import com.netscape.cms.servlet.cert.model.CertSearchData; +import com.netscape.cms.servlet.cert.model.CertificateData; +import com.netscape.cms.servlet.csadmin.CMSRestClient; +import com.netscape.cms.servlet.profile.ProfileResource; +import com.netscape.cms.servlet.profile.ProfilesResource; +import com.netscape.cms.servlet.profile.model.ProfileData; +import com.netscape.cms.servlet.profile.model.ProfileDataInfos; +import com.netscape.cms.servlet.request.CertRequestResource; +import com.netscape.cms.servlet.request.CertRequestsResource; +import com.netscape.cms.servlet.request.model.CertRequestInfo; +import com.netscape.cms.servlet.request.model.CertRequestInfos; +import com.netscape.cms.servlet.request.model.EnrollmentRequestData; + +public class CARestClient extends CMSRestClient { + + private CertResource certClient; + private CertsResource certsClient; + private CertRequestsResource certRequestsClient; + private CertRequestResource certRequestClient; + private ProfilesResource profilesClient; + private ProfileResource profileClient; + + public CARestClient(String baseUri, String clientCertNick) throws URISyntaxException { + + super(baseUri, clientCertNick); + + certRequestsClient = ProxyFactory.create(CertRequestsResource.class, uri, executor, providerFactory); + certRequestClient = ProxyFactory.create(CertRequestResource.class, uri, executor, providerFactory); + + certsClient = ProxyFactory.create(CertsResource.class, uri, executor, providerFactory); + certClient = ProxyFactory.create(CertResource.class, uri, executor, providerFactory); + profilesClient = ProxyFactory.create(ProfilesResource.class, uri, executor, providerFactory); + profileClient = ProxyFactory.create(ProfileResource.class, uri, executor, providerFactory); + } + + public Collection<CertRequestInfo> listRequests(String requestState, String requestType) { + + CertRequestInfos infos = null; + Collection<CertRequestInfo> list = null; + infos = certRequestsClient.listRequests( + requestState, requestType, new RequestId(0), 100, 100, 10); + list = infos.getRequests(); + + return list; + } + + public CertDataInfos listCerts(String status) { + return certsClient.listCerts(status, 100, 10); + } + + public CertDataInfos searchCerts(CertSearchData data) { + return certsClient.searchCerts(data, 100, 10); + } + + public ProfileDataInfos listProfiles() { + return profilesClient.listProfiles(); + } + + public ProfileData getProfile(String id) { + + if (id == null) { + return null; + } + + return profileClient.retrieveProfile(id); + } + + public CertificateData getCertData(CertId id) { + + if (id == null) { + return null; + } + + return certClient.retrieveCert(id); + + } + + public CertRequestInfo enrollCertificate(EnrollmentRequestData data) { + + if (data == null) { + return null; + } + return certRequestClient.enrollCert(data); + } + + public CertRequestInfo getRequest(RequestId id) { + + if (id == null) { + return null; + } + return certRequestClient.getRequestInfo(id); + } + +} diff --git a/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java b/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java new file mode 100644 index 000000000..c3d55527c --- /dev/null +++ b/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java @@ -0,0 +1,471 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.test; + +import java.util.Collection; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.CommandLineParser; +import org.apache.commons.cli.HelpFormatter; +import org.apache.commons.cli.Options; +import org.apache.commons.cli.ParseException; +import org.apache.commons.cli.PosixParser; +import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.crypto.AlreadyInitializedException; +import org.mozilla.jss.crypto.CryptoToken; +import org.mozilla.jss.util.Password; + +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.certsrv.request.RequestId; +import com.netscape.cms.servlet.cert.CertNotFoundException; +import com.netscape.cms.servlet.cert.model.CertDataInfo; +import com.netscape.cms.servlet.cert.model.CertDataInfos; +import com.netscape.cms.servlet.cert.model.CertSearchData; +import com.netscape.cms.servlet.cert.model.CertificateData; +import com.netscape.cms.servlet.profile.model.ProfileData; +import com.netscape.cms.servlet.profile.model.ProfileDataInfo; +import com.netscape.cms.servlet.profile.model.ProfileDataInfos; +import com.netscape.cms.servlet.profile.model.ProfileInput; +import com.netscape.cms.servlet.request.RequestNotFoundException; +import com.netscape.cms.servlet.request.model.CertRequestInfo; +import com.netscape.cms.servlet.request.model.EnrollmentRequestData; + +public class CATest { + + private static String clientCertNickname; + + public static void main(String args[]) { + String host = null; + String port = null; + String token_pwd = null; + String db_dir = "./"; + String protocol = "http"; + + // parse command line arguments + Options options = new Options(); + options.addOption("h", true, "Hostname of the CA"); + options.addOption("p", true, "Port of the CA"); + options.addOption("s", true, "Attempt Optional Secure SSL connection"); + options.addOption("w", true, "Token password"); + options.addOption("d", true, "Directory for tokendb"); + options.addOption("c", true, "Optional SSL Client cert Nickname"); + + try { + CommandLineParser parser = new PosixParser(); + CommandLine cmd = parser.parse(options, args); + + if (cmd.hasOption("h")) { + host = cmd.getOptionValue("h"); + } else { + System.err.println("Error: no hostname provided."); + usage(options); + } + + if (cmd.hasOption("p")) { + port = cmd.getOptionValue("p"); + } else { + System.err.println("Error: no port provided"); + usage(options); + } + + if (cmd.hasOption("w")) { + token_pwd = cmd.getOptionValue("w"); + } else { + log("Notice: no token password provided"); + } + + if (cmd.hasOption("d")) { + db_dir = cmd.getOptionValue("d"); + } + + if (cmd.hasOption("s")) { + if (cmd.getOptionValue("s") != null && cmd.getOptionValue("s").equals("true")) { + protocol = "https"; + } + } + + if (cmd.hasOption("c")) { + String nick = cmd.getOptionValue("c"); + + if (nick != null && protocol.equals("https")) { + clientCertNickname = nick; + } + } + + } catch (ParseException e) { + System.err.println("Error in parsing command line options: " + e.getMessage()); + usage(options); + } + + CryptoManager manager = null; + CryptoToken token = null; + + // Initialize token + try { + CryptoManager.initialize(db_dir); + } catch (AlreadyInitializedException e) { + // it is ok if it is already initialized + } catch (Exception e) { + log("INITIALIZATION ERROR: " + e.toString()); + System.exit(1); + } + + // log into token + try { + manager = CryptoManager.getInstance(); + token = manager.getInternalKeyStorageToken(); + Password password = new Password(token_pwd.toCharArray()); + try { + token.login(password); + } catch (Exception e) { + log("login Exception: " + e.toString()); + if (!token.isLoggedIn()) { + token.initPassword(password, password); + } + } + } catch (Exception e) { + log("Exception in logging into token:" + e.toString()); + } + + String baseUri = protocol + "://" + host + ":" + port + "/ca/pki"; + CARestClient client; + try { + client = new CARestClient(baseUri, clientCertNickname); + } catch (Exception e) { + e.printStackTrace(); + return; + } + + Collection<CertRequestInfo> list = null; + try { + list = client.listRequests("complete", null); + } catch (Exception e) { + e.printStackTrace(); + } + + printRequests(list); + + //Get a CertInfo + int certIdToPrint = 1; + CertId id = new CertId(certIdToPrint); + CertificateData certData = null; + try { + certData = client.getCertData(id); + } catch (CertNotFoundException e) { + e.printStackTrace(); + log("Cert: " + certIdToPrint + " not found. \n" + e.toString()); + } + + printCertificate(certData); + + //Try an invalid Cert to print out + //Get a CertInfo + int certIdBadToPrint = 9999999; + CertId certIdBad = new CertId(certIdBadToPrint); + CertificateData certDataBad = null; + try { + certDataBad = client.getCertData(certIdBad); + } catch (CertNotFoundException e) { + e.printStackTrace(); + log("Cert: " + certIdBadToPrint + " not found. \n" + e.toString()); + } + + printCertificate(certDataBad); + + //Get a CertInfoList + + CertDataInfos infos = null; + try { + infos = client.listCerts("VALID"); + } catch (Exception e) { + e.printStackTrace(); + } + + printCertInfos(infos, "no search filter:"); + + //Initiate a Certificate Enrollment + + EnrollmentRequestData data = new EnrollmentRequestData(); + data.setProfileId("caUserCert"); + data.setIsRenewal(false); + + //Simulate a "caUserCert" Profile enrollment + + ProfileInput certReq = data.addInput("Key Generation"); + certReq.setInputAttr("cert_request_type", "crmf"); + certReq.setInputAttr( + "cert_request", + "MIIBozCCAZ8wggEFAgQBMQp8MIHHgAECpQ4wDDEKMAgGA1UEAxMBeKaBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2NgaPHp0jiohcP4M+ufrJOZEqH8GV+liu5JLbT8nWpkfhC+8EUBqT6g+n3qroSxIcNVGNdcsBEqs1utvpItzyslAbpdyat3WwQep1dWMzo6RHrPDuIoxNA0Yka1n3qEX4U//08cLQtUv2bYglYgN/hOCNQemLV6vZWAv0n7zelkCAwEAAakQMA4GA1UdDwEB/wQEAwIF4DAzMBUGCSsGAQUFBwUBAQwIcmVnVG9rZW4wGgYJKwYBBQUHBQECDA1hdXRoZW50aWNhdG9yoYGTMA0GCSqGSIb3DQEBBQUAA4GBAJ1VOQcaSEhdHa94s8kifVbSZ2WZeYE5//qxL6wVlEst20vq4ybj13CetnbN3+WT49Zkwp7Fg+6lALKgSk47suTg3EbbQDm+8yOrC0nc/q4PTRoHl0alMmUxIhirYc1t3xoCMqJewmjX1bNP8lpVIZAYFZo4eZCpZaiSkM5BeHhz"); + + ProfileInput subjectName = data.addInput("Subject Name"); + subjectName.setInputAttr("sn_uid", "jmagne"); + subjectName.setInputAttr("sn_e", "jmagne@redhat.com"); + subjectName.setInputAttr("sn_c", "US"); + subjectName.setInputAttr("sn_ou", "Development"); + subjectName.setInputAttr("sn_ou1", "IPA"); + subjectName.setInputAttr("sn_ou2", "Dogtag"); + subjectName.setInputAttr("sn_ou3", "CA"); + subjectName.setInputAttr("sn_cn", "Common"); + subjectName.setInputAttr("sn_o", "RedHat"); + + ProfileInput submitter = data.addInput("Requestor Information"); + submitter.setInputAttr("requestor_name", "admin"); + submitter.setInputAttr("requestor_email", "admin@redhat.com"); + submitter.setInputAttr("requestor_phone", "650-555-5555"); + + CertRequestInfo reqInfo = null; + + try { + reqInfo = client.enrollCertificate(data); + } catch (Exception e) { + e.printStackTrace(); + log(e.toString()); + } + + printRequestInfo(reqInfo); + + //Perform a sample certificate search with advanced search terms + + CertSearchData searchData = new CertSearchData(); + searchData.setSerialNumberRangeInUse(true); + searchData.setSerialFrom("9999"); + searchData.setSerialTo("99990"); + + infos = client.searchCerts(searchData); + + printCertInfos(infos, searchData.buildFilter()); + + // Try to get a non existing request + + RequestId idBad = new RequestId("999999"); + + CertRequestInfo infoBad = null; + + try { + infoBad = client.getRequest(idBad); + } catch (RequestNotFoundException e) { + e.printStackTrace(); + log("Exception getting request #: " + idBad.toString() + "\n" + e.toString()); + } + + printRequestInfo(infoBad); + + //Perform another sample certificate search with advanced search terms + + searchData = new CertSearchData(); + searchData.setSubjectInUse(true); + searchData.setEmail("jmagne@redhat.com"); + searchData.setMatchExactly(true); + + infos = client.searchCerts(searchData); + + printCertInfos(infos, searchData.buildFilter()); + + //Get a list of Profiles + + ProfileDataInfos pInfos = client.listProfiles(); + + printProfileInfos(pInfos); + + // Get a specific profile + String pId = "caUserCert"; + ProfileData pData = client.getProfile(pId); + + printProfileData(pData); + + } + + private static void printProfileInfos(ProfileDataInfos pInfos) { + + if (pInfos == null) { + log("No ProfileInfos found. \n"); + return; + } + + Collection<ProfileDataInfo> listProfiles = pInfos.getProfileInfos(); + Iterator<ProfileDataInfo> iter = null; + + if (listProfiles != null) { + iter = listProfiles.iterator(); + } + + log("\nProfiles found. \n"); + + while (iter != null && iter.hasNext()) { + ProfileDataInfo info = iter.next(); + + if (info != null) { + printProfileDataInfo(info); + } + } + } + + private static void printProfileDataInfo(ProfileDataInfo info) { + if (info == null) { + log("No Profile Data Information. \n"); + } + + log(" \n Profile Information: \n"); + log("ProfileURL: " + info.getProfileURL()); + log("ProfileID: " + info.getProfileId()); + } + + private static void printProfileData(ProfileData info) { + if (info == null) { + log("\n No ProfileInformation. \n"); + } + + log("Profile Information: \n"); + log("ProfileID: " + info.getId()); + log("Name: " + info.getName()); + log("Description: " + info.getDescription()); + log("EnabledBy: " + info.getEnabledBy()); + log("IsEnabled: " + info.getIsEnabled()); + log("IsVisible: " + info.getIsVisible() + "\n\n"); + + log("Profile Input Information: \n"); + + List<ProfileInput> inputs = info.getProfileInputsList(); + + if (inputs != null) { + Iterator<ProfileInput> it = inputs.iterator(); + + ProfileInput curInput = null; + while (it.hasNext()) { + curInput = it.next(); + + if (curInput != null) { + + log("Input Name: " + curInput.getInputId()); + + Map<String, String> attrs = curInput.getAttributes(); + + if (!attrs.isEmpty()) { + for (String key : attrs.keySet()) { + String value = attrs.get(key); + + log("Input Attribute Name: " + key + "\n"); + log("Input Attribute Value: " + value + "\n"); + } + } + + } + } + + } + + } + + private static void printCertInfos(CertDataInfos infos, String filter) { + + if (infos == null) { + log("No CertInfos found. \n"); + return; + } + + Collection<CertDataInfo> listCerts = infos.getCertInfos(); + Iterator<CertDataInfo> iter = null; + + if (listCerts != null) { + iter = listCerts.iterator(); + } + + log("\nCertificates found with search filter: " + filter + "\n"); + + while (iter != null && iter.hasNext()) { + CertDataInfo info = iter.next(); + if (info != null) { + printCertInfo(info); + } + } + } + + private static void printCertInfo(CertDataInfo info) { + + if (info == null) { + log("No CertInfo: "); + return; + } + log("CertId: " + info.getCertId().toString()); + log("CertUrl: " + info.getCertURL()); + + } + + private static void printCertificate(CertificateData info) { + + if (info == null) { + log("No CertificateData: "); + return; + } + + log("CertificateInfo: " + "\n"); + log("-----------------"); + + log("CertSerialNo: \n" + info.getSerialNo() + "\n"); + log("CertSubject: \n" + info.getSubjectName() + "\n"); + log("CertIssuer: \n" + info.getIssuerName() + "\n"); + log("NotBefore: \n" + info.getNotBefore() + "\n"); + log("NotAfter: \n" + info.getNotAfter() + "\n"); + log("CertBase64: \n" + info.getB64() + "\n"); + log("CertPKCS7Chain: \n" + info.getPkcs7CertChain() + "\n"); + log("CertPrettyPrint: \n" + info.getPrettyPrint()); + + } + + private static void printRequests(Collection<CertRequestInfo> list) { + if (list == null) { + log("No requests found"); + return; + } + + Iterator<CertRequestInfo> iter = list.iterator(); + + while (iter != null && iter.hasNext()) { + CertRequestInfo info = iter.next(); + printRequestInfo(info); + } + } + + private static void printRequestInfo(CertRequestInfo info) { + if (info == null) { + log("No RequestInfo: "); + return; + } + + log("CertRequestURL: " + info.getRequestURL()); + log("CertId: " + info.getCertId()); + log("RequestType: " + info.getCertRequestType()); + log("Status: " + info.getRequestStatus()); + log("Type: " + info.getRequestType()); + log("CertURL: " + info.getCertURL() + "\n"); + } + + private static void log(String string) { + System.out.println(string); + } + + private static void usage(Options options) { + HelpFormatter formatter = new HelpFormatter(); + formatter.printHelp("CARestClient Test:", options); + System.exit(1); + } + +} diff --git a/base/common/src/CMakeLists.txt b/base/common/src/CMakeLists.txt index 2b3977dbe..50253768d 100644 --- a/base/common/src/CMakeLists.txt +++ b/base/common/src/CMakeLists.txt @@ -223,6 +223,8 @@ set(pki-certsrv_java_SRCS com/netscape/certsrv/dbs/certdb/ICertificateRepository.java com/netscape/certsrv/dbs/certdb/IRevocationInfo.java com/netscape/certsrv/dbs/certdb/ICertRecord.java + com/netscape/certsrv/dbs/certdb/CertId.java + com/netscape/certsrv/dbs/certdb/CertIdAdapter.java com/netscape/certsrv/dbs/DBResources.java com/netscape/certsrv/dbs/IDBSearchResults.java com/netscape/certsrv/dbs/IFilterConverter.java @@ -536,7 +538,16 @@ set(pki-cms_java_SRCS com/netscape/cms/servlet/cert/CMCRevReqServlet.java com/netscape/cms/servlet/cert/GetBySerial.java com/netscape/cms/servlet/cert/DisplayCRL.java + com/netscape/cms/servlet/cert/CertNotFoundException.java + com/netscape/cms/servlet/cert/CertResource.java + com/netscape/cms/servlet/cert/CertResourceService.java + com/netscape/cms/servlet/cert/CertsResource.java + com/netscape/cms/servlet/cert/CertsResourceService.java com/netscape/cms/servlet/cert/model/CertificateData.java + com/netscape/cms/servlet/cert/model/CertDAO.java + com/netscape/cms/servlet/cert/model/CertDataInfo.java + com/netscape/cms/servlet/cert/model/CertDataInfos.java + com/netscape/cms/servlet/cert/model/CertSearchData.java com/netscape/cms/servlet/admin/OCSPAdminServlet.java com/netscape/cms/servlet/admin/CMSAdminServlet.java com/netscape/cms/servlet/admin/JobsAdminServlet.java @@ -582,6 +593,7 @@ set(pki-cms_java_SRCS com/netscape/cms/servlet/base/UserInfo.java com/netscape/cms/servlet/base/PortsServlet.java com/netscape/cms/servlet/base/CMSException.java + com/netscape/cms/servlet/base/BadRequestException.java com/netscape/cms/servlet/base/CMSResourceService.java com/netscape/cms/servlet/base/CMSServlet.java com/netscape/cms/servlet/base/CMSStartServlet.java @@ -673,11 +685,24 @@ set(pki-cms_java_SRCS com/netscape/cms/servlet/request/KeyRequestResourceService.java com/netscape/cms/servlet/request/KeyRequestsResource.java com/netscape/cms/servlet/request/KeyRequestsResourceService.java + com/netscape/cms/servlet/request/CertRequestResource.java + com/netscape/cms/servlet/request/CertRequestResourceService.java + com/netscape/cms/servlet/request/CertRequestsResource.java + com/netscape/cms/servlet/request/CertRequestsResourceService.java com/netscape/cms/servlet/request/model/ArchivalRequestData.java + com/netscape/cms/servlet/request/model/CMSRequestDAO.java + com/netscape/cms/servlet/request/model/CMSRequestInfo.java + com/netscape/cms/servlet/request/model/CMSRequestInfos.java com/netscape/cms/servlet/request/model/KeyRequestDAO.java com/netscape/cms/servlet/request/model/KeyRequestInfo.java com/netscape/cms/servlet/request/model/KeyRequestInfos.java com/netscape/cms/servlet/request/model/RecoveryRequestData.java + com/netscape/cms/servlet/request/model/CertRequestDAO.java + com/netscape/cms/servlet/request/model/CertRequestInfo.java + com/netscape/cms/servlet/request/model/CertRequestInfos.java + com/netscape/cms/servlet/request/model/CertRetrievalRequestData.java + com/netscape/cms/servlet/request/model/EnrollmentRequestData.java + com/netscape/cms/servlet/request/model/ProfileRetrievalRequestData.java com/netscape/cms/servlet/tks/TokenServlet.java com/netscape/cms/servlet/connector/CloneServlet.java com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java @@ -699,6 +724,16 @@ set(pki-cms_java_SRCS com/netscape/cms/servlet/profile/ProfileReviewServlet.java com/netscape/cms/servlet/profile/SSLClientCertProvider.java com/netscape/cms/servlet/profile/ProfileServlet.java + com/netscape/cms/servlet/profile/ProfileNotFoundException.java + com/netscape/cms/servlet/profile/ProfileResource.java + com/netscape/cms/servlet/profile/ProfileResourceService.java + com/netscape/cms/servlet/profile/ProfilesResource.java + com/netscape/cms/servlet/profile/ProfilesResourceService.java + com/netscape/cms/servlet/profile/model/ProfileDAO.java + com/netscape/cms/servlet/profile/model/ProfileData.java + com/netscape/cms/servlet/profile/model/ProfileDataInfo.java + com/netscape/cms/servlet/profile/model/ProfileDataInfos.java + com/netscape/cms/servlet/profile/model/ProfileInput.java com/netscape/cms/authentication/AgentCertAuthentication.java com/netscape/cms/authentication/PortalEnroll.java com/netscape/cms/authentication/UdnPwdDirAuthentication.java diff --git a/base/common/src/com/netscape/certsrv/dbs/certdb/CertId.java b/base/common/src/com/netscape/certsrv/dbs/certdb/CertId.java new file mode 100644 index 000000000..bd7167d37 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/dbs/certdb/CertId.java @@ -0,0 +1,134 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.certdb; + +import java.math.BigInteger; + +/** + * The CertId class represents the identifier for a particular + * cert record. This identifier may be used to retrieve the cert record + * from the database. + * <p> + * + * @author Endi S. Dewata + * @version $Revision$ $Date$ + */ +// TODO: Make a common base class for cert id's and key ids +public class CertId { + + protected BigInteger value; + + /** + * Creates a new CertId from its string representation. + * <p> + * + * @param id + * a string containing the decimal or hex value for the identifier. + */ + public CertId(String id) { + if (id != null) { + id = id.trim(); + if (id.startsWith("0x")) { // hex + value = new BigInteger(id.substring(2), 16); + } else { // decimal + value = new BigInteger(id); + } + } + } + + /** + * Creates a new CertId from its BigInteger representation. + * <p> + * + * @param id + * a BigInteger containing the identifier. + */ + public CertId(BigInteger id) { + value = id; + } + + /** + * Creates a new CertId from its integer representation. + * <p> + * + * @param id + * an integer containing the identifier. + */ + public CertId(int id) { + value = BigInteger.valueOf(id); + } + + /** + * Converts the CertId into its BigInteger representation. + * <p> + * + * @return + * a BigInteger containing the identifier. + */ + public BigInteger toBigInteger() { + return value; + } + + /** + * Converts the CertId into its string representation. The string + * form can be stored in a database (such as the LDAP directory) + * <p> + * + * @return + * a string containing the decimal (base 10) value for the identifier. + */ + public String toString() { + return value.toString(); + } + + /** + * Converts the CertId into its hex string representation. The string + * form can be stored in a database (such as the LDAP directory) + * + * @return + * a string containing the hex (hex 16) value for the identifier. + */ + public String toHexString() { + return "0x" + value.toString(16); + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((value == null) ? 0 : value.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + CertId other = (CertId) obj; + if (value == null) { + if (other.value != null) + return false; + } else if (!value.equals(other.value)) + return false; + return true; + } +} diff --git a/base/common/src/com/netscape/certsrv/dbs/certdb/CertIdAdapter.java b/base/common/src/com/netscape/certsrv/dbs/certdb/CertIdAdapter.java new file mode 100644 index 000000000..cfafff064 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/dbs/certdb/CertIdAdapter.java @@ -0,0 +1,37 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.certdb; + +import javax.xml.bind.annotation.adapters.XmlAdapter; + +/** + * The CertIdAdapter class provides custom marshaling for CertId. + * + * @author Endi S. Dewata + * @version $Revision$ $Date$ + */ +public class CertIdAdapter extends XmlAdapter<String, CertId> { + + public CertId unmarshal(String value) throws Exception { + return new CertId(value); + } + + public String marshal(CertId value) throws Exception { + return value.toString(); + } +} diff --git a/base/common/src/com/netscape/cms/servlet/base/BadRequestException.java b/base/common/src/com/netscape/cms/servlet/base/BadRequestException.java new file mode 100644 index 000000000..f33baa487 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/base/BadRequestException.java @@ -0,0 +1,38 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.base; +import javax.ws.rs.core.Response; + +public class BadRequestException extends CMSException { + + private static final long serialVersionUID = -4784839378360933483L; + + public BadRequestException(String message) { + super(Response.Status.BAD_REQUEST,message); + } + + public BadRequestException(String message, Throwable cause) { + super(Response.Status.BAD_REQUEST, message, cause); + } + + public BadRequestException(Data data) { + super(data); + } + +} + diff --git a/base/common/src/com/netscape/cms/servlet/base/CMSException.java b/base/common/src/com/netscape/cms/servlet/base/CMSException.java index eda5566ac..44a9a23dc 100644 --- a/base/common/src/com/netscape/cms/servlet/base/CMSException.java +++ b/base/common/src/com/netscape/cms/servlet/base/CMSException.java @@ -1,3 +1,20 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; import java.util.ArrayList; diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertNotFoundException.java b/base/common/src/com/netscape/cms/servlet/cert/CertNotFoundException.java new file mode 100644 index 000000000..11948ee39 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/CertNotFoundException.java @@ -0,0 +1,63 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.cert; + +import javax.ws.rs.core.Response; + +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.cms.servlet.base.CMSException; + +public class CertNotFoundException extends CMSException { + + private static final long serialVersionUID = -4784839378360933483L; + + public CertId certId; + + public CertNotFoundException(CertId certId) { + this(certId, "Certificate ID " + certId.toHexString() + " not found"); + } + + public CertNotFoundException(CertId certId, String message) { + super(Response.Status.NOT_FOUND, message); + this.certId = certId; + } + + public CertNotFoundException(CertId certId, String message, Throwable cause) { + super(Response.Status.NOT_FOUND, message, cause); + this.certId = certId; + } + + public CertNotFoundException(Data data) { + super(data); + certId = new CertId(data.getAttribute("certId")); + } + + public Data getData() { + Data data = super.getData(); + data.setAttribute("certId", certId.toString()); + return data; + } + + public CertId getCertId() { + return certId; + } + + public void setRequestId(CertId certId) { + this.certId = certId; + } +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertResource.java b/base/common/src/com/netscape/cms/servlet/cert/CertResource.java new file mode 100644 index 000000000..9df06d8e8 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/CertResource.java @@ -0,0 +1,20 @@ +package com.netscape.cms.servlet.cert; + +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; + +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.cms.servlet.cert.model.CertificateData; + +@Path("/cert") +public interface CertResource { + + @GET + @Path("{id}") + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + public CertificateData retrieveCert(@PathParam("id") CertId id); + +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertResourceService.java b/base/common/src/com/netscape/cms/servlet/cert/CertResourceService.java new file mode 100644 index 000000000..c05d61b1c --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/CertResourceService.java @@ -0,0 +1,72 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cms.servlet.cert; + + +import java.security.cert.CertificateEncodingException; + +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.dbs.EDBRecordNotFoundException; +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.cms.servlet.base.BadRequestException; +import com.netscape.cms.servlet.base.CMSException; +import com.netscape.cms.servlet.base.CMSResourceService; +import com.netscape.cms.servlet.cert.model.CertDAO; +import com.netscape.cms.servlet.cert.model.CertificateData; +import com.netscape.cms.servlet.request.model.CertRetrievalRequestData; + +/** + * @author alee + * + */ +public class CertResourceService extends CMSResourceService implements CertResource{ + + private void validateRequest(CertId id) { + + if (id == null) { + throw new BadRequestException("Invalid id in CertResourceService.validateRequest."); + } + + } + + @Override + public CertificateData retrieveCert(CertId id) { + + validateRequest(id); + + CertRetrievalRequestData data = new CertRetrievalRequestData(); + data.setCertId(id); + CertDAO dao = new CertDAO(); + + CertificateData certData = null; + + try { + certData = dao.getCert(data); + } catch(EDBRecordNotFoundException e) { + throw new CertNotFoundException(id); + } catch (EBaseException e) { + throw new CMSException("Problem returning certificate: " + id); + } catch(CertificateEncodingException e) { + throw new CMSException("Problem encoding certificate searched for: " + id); + } + + return certData; + + } +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertsResource.java b/base/common/src/com/netscape/cms/servlet/cert/CertsResource.java new file mode 100644 index 000000000..dad4c6540 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/CertsResource.java @@ -0,0 +1,36 @@ +package com.netscape.cms.servlet.cert; + +import javax.ws.rs.Consumes; +import javax.ws.rs.DefaultValue; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.core.MediaType; + +import com.netscape.cms.servlet.cert.model.CertDataInfos; +import com.netscape.cms.servlet.cert.model.CertSearchData; + +@Path("/certs") +public interface CertsResource { + public static final int DEFAULT_MAXTIME = 10; + public static final int DEFAULT_MAXRESULTS = 100; + + @GET + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + public CertDataInfos listCerts( + @QueryParam("status") String status, + @DefaultValue(""+DEFAULT_MAXRESULTS) @QueryParam("maxResults") int maxResults, + @DefaultValue(""+DEFAULT_MAXTIME) @QueryParam("maxTime") int maxTime); + + @POST + @Path("search") + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + public CertDataInfos searchCerts( + CertSearchData data, + @DefaultValue(""+DEFAULT_MAXRESULTS) @QueryParam("maxResults") int maxResults, + @DefaultValue(""+DEFAULT_MAXTIME) @QueryParam("maxTime") int maxTime); + +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertsResourceService.java b/base/common/src/com/netscape/cms/servlet/cert/CertsResourceService.java new file mode 100644 index 000000000..ed503dad4 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/CertsResourceService.java @@ -0,0 +1,104 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +/** + * + */ +package com.netscape.cms.servlet.cert; + +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Response; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.cms.servlet.base.CMSException; +import com.netscape.cms.servlet.base.CMSResourceService; +import com.netscape.cms.servlet.cert.model.CertDAO; +import com.netscape.cms.servlet.cert.model.CertDataInfos; +import com.netscape.cms.servlet.cert.model.CertSearchData; +import com.netscape.cmsutil.ldap.LDAPUtil; + +/** + * @author alee + * + */ +public class CertsResourceService extends CMSResourceService implements CertsResource { + + private String createSearchFilter(String status) { + String filter = ""; + + if ((status == null)) { + filter = "(serialno=*)"; + return filter; + } + + if (status != null) { + filter += "(certStatus=" + LDAPUtil.escapeFilter(status) + ")"; + } + + return filter; + } + + private String createSearchFilter(CertSearchData data) { + + if (data == null) { + return null; + } + + return data.buildFilter(); + + } + + @Override + public CertDataInfos listCerts(String status, int maxResults, int maxTime) { + + // get ldap filter + String filter = createSearchFilter(status); + CMS.debug("listKeys: filter is " + filter); + + CertDAO dao = new CertDAO(); + CertDataInfos infos; + try { + infos = dao.listCerts(filter, maxResults, maxTime, uriInfo); + } catch (EBaseException e) { + e.printStackTrace(); + throw new CMSException("Error listing certs in CertsResourceService.listCerts!"); + } + return infos; + } + + @Override + public CertDataInfos searchCerts(CertSearchData data, int maxResults, int maxTime) { + + if (data == null) { + throw new WebApplicationException(Response.Status.BAD_REQUEST); + } + String filter = createSearchFilter(data); + CertDAO dao = new CertDAO(); + CertDataInfos infos; + + try { + infos = dao.listCerts(filter, maxResults, maxTime, uriInfo); + } catch (EBaseException e) { + e.printStackTrace(); + throw new CMSException("Error listing certs in CertsResourceService.listCerts!"); + } + + return infos; + } + +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertDAO.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertDAO.java new file mode 100644 index 000000000..e71055580 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertDAO.java @@ -0,0 +1,263 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.cert.model; + +import java.io.ByteArrayOutputStream; +import java.math.BigInteger; +import java.security.Principal; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Date; +import java.util.Enumeration; +import java.util.List; + +import javax.ws.rs.Path; +import javax.ws.rs.core.UriBuilder; +import javax.ws.rs.core.UriInfo; + +import netscape.security.pkcs.ContentInfo; +import netscape.security.pkcs.PKCS7; +import netscape.security.pkcs.SignerInfo; +import netscape.security.x509.AlgorithmId; +import netscape.security.x509.X509CertImpl; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.ca.ICertificateAuthority; +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.certsrv.dbs.certdb.ICertRecord; +import com.netscape.certsrv.dbs.certdb.ICertificateRepository; +import com.netscape.cms.servlet.cert.CertResource; +import com.netscape.cms.servlet.request.model.CertRetrievalRequestData; +import com.netscape.cmsutil.util.Utils; + +/** + * @author alee + * + */ +public class CertDAO { + + private ICertificateRepository repo; + private ICertificateAuthority ca; + + public CertDAO() { + ca = (ICertificateAuthority) CMS.getSubsystem("ca"); + repo = ca.getCertificateRepository(); + } + + /** + * Returns list of certs meeting specified search filter. + * Currently, vlv searches are not used for certs. + * + * @param filter + * @param maxResults + * @param maxTime + * @param uriInfo + * @return + * @throws EBaseException + */ + public CertDataInfos listCerts(String filter, int maxResults, int maxTime, UriInfo uriInfo) + throws EBaseException { + List<CertDataInfo> list = new ArrayList<CertDataInfo>(); + Enumeration<ICertRecord> e = null; + + e = repo.searchCertificates(filter, maxResults, maxTime); + if (e == null) { + throw new EBaseException("search results are null"); + } + + while (e.hasMoreElements()) { + ICertRecord rec = e.nextElement(); + if (rec != null) { + list.add(createCertDataInfo(rec, uriInfo)); + } + } + + CertDataInfos ret = new CertDataInfos(); + ret.setCertInfos(list); + + return ret; + } + + public CertificateData getCert(CertRetrievalRequestData data) throws EBaseException, CertificateEncodingException { + + CertificateData certData = null; + CertId certId = data.getCertId(); + + //find the cert in question + + ICertRecord rec = null; + BigInteger seq = certId.toBigInteger(); + + rec = repo.readCertificateRecord(seq); + X509CertImpl x509cert = null; + + if (rec != null) { + x509cert = rec.getCertificate(); + } + + if (x509cert != null) { + certData = new CertificateData(); + + byte[] ba = null; + String encoded64 = null; + + ba = x509cert.getEncoded(); + + encoded64 = Utils.base64encode(ba); + + String prettyPrint = x509cert.toString(); + + certData.setB64(encoded64); + certData.setPrettyPrint(prettyPrint); + + String subjectNameStr = null; + Principal subjectName = x509cert.getSubjectDN(); + + if (subjectName != null) { + subjectNameStr = subjectName.toString(); + } + + certData.setSubjectName(subjectNameStr); + + //Try to get the chain + + String p7Str = getCertChainData(x509cert); + + certData.setPkcs7CertChain(p7Str); + + certData.setSerialNo(certId); + + Date notBefore = x509cert.getNotBefore(); + Date notAfter = x509cert.getNotAfter(); + + String notBeforeStr = null; + String notAfterStr = null; + + if (notBefore != null) { + notBeforeStr = notBefore.toString(); + } + + if (notAfter != null) { + notAfterStr = notAfter.toString(); + } + + certData.setNotBefore(notBeforeStr); + certData.setNotAfter(notAfterStr); + + String issuerNameStr = null; + + Principal issuerName = x509cert.getIssuerDN(); + + if (issuerName != null) { + issuerNameStr = issuerName.toString(); + } + + certData.setIssuerName(issuerNameStr); + + } + + return certData; + } + + private CertDataInfo createCertDataInfo(ICertRecord rec, UriInfo uriInfo) throws EBaseException { + CertDataInfo ret = new CertDataInfo(); + + Path certPath = CertResource.class.getAnnotation(Path.class); + BigInteger serial = rec.getSerialNumber(); + + UriBuilder certBuilder = uriInfo.getBaseUriBuilder(); + certBuilder.path(certPath.value() + "/" + serial); + ret.setCertURL(certBuilder.build().toString()); + + return ret; + } + + private String getCertChainData(X509CertImpl x509cert) { + + X509Certificate mCACerts[]; + + if (x509cert == null) { + return null; + } + + try { + mCACerts = ca.getCACertChain().getChain(); + } catch (Exception e) { + mCACerts = null; + } + + X509CertImpl[] certsInChain = new X509CertImpl[1]; + ; + + int mCACertsLength = 0; + boolean certAlreadyInChain = false; + int certsInChainLength = 0; + if (mCACerts != null) { + mCACertsLength = mCACerts.length; + for (int i = 0; i < mCACertsLength; i++) { + if (x509cert.equals(mCACerts[i])) { + certAlreadyInChain = true; + break; + } + } + + if (certAlreadyInChain == true) { + certsInChainLength = mCACertsLength; + } else { + certsInChainLength = mCACertsLength + 1; + } + + certsInChain = new X509CertImpl[certsInChainLength]; + + } + + certsInChain[0] = x509cert; + + if (mCACerts != null) { + int curCount = 1; + for (int i = 0; i < mCACertsLength; i++) { + if (!x509cert.equals(mCACerts[i])) { + certsInChain[curCount] = (X509CertImpl) mCACerts[i]; + curCount++; + } + + } + } + + String p7Str; + + try { + PKCS7 p7 = new PKCS7(new AlgorithmId[0], + new ContentInfo(new byte[0]), + certsInChain, + new SignerInfo[0]); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + + p7.encodeSignedData(bos, false); + byte[] p7Bytes = bos.toByteArray(); + + p7Str = Utils.base64encode(p7Bytes); + } catch (Exception e) { + p7Str = null; + } + + return p7Str; + } +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfo.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfo.java new file mode 100644 index 000000000..0f8d35e05 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfo.java @@ -0,0 +1,67 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +/** + * + */ +package com.netscape.cms.servlet.cert.model; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; + +import com.netscape.certsrv.dbs.certdb.CertId; + +/** + * @author alee + * + */ +@XmlRootElement(name = "CertDataInfo") +@XmlAccessorType(XmlAccessType.FIELD) +public class CertDataInfo { + + @XmlElement + protected String certURL; + + public CertDataInfo() { + // required for JAXB (defaults) + } + + /** + * @return the CertURL + */ + public String getCertURL() { + return certURL; + } + + /** + * @param CertURL the certURL to set + */ + public void setCertURL(String certURL) { + this.certURL = certURL; + } + + /** + * @return the Cert ID in the CertURL + */ + public CertId getCertId() { + String id = certURL.substring(certURL.lastIndexOf("/") + 1); + return new CertId(id); + } + +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfos.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfos.java new file mode 100644 index 000000000..2b1ad42e8 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertDataInfos.java @@ -0,0 +1,90 @@ +//--- BEGIN COPYRIGHT BLOCK --- +//This program is free software; you can redistribute it and/or modify +//it under the terms of the GNU General Public License as published by +//the Free Software Foundation; version 2 of the License. +// +//This program is distributed in the hope that it will be useful, +//but WITHOUT ANY WARRANTY; without even the implied warranty of +//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +//GNU General Public License for more details. +// +//You should have received a copy of the GNU General Public License along +//with this program; if not, write to the Free Software Foundation, Inc., +//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +//(C) 2012 Red Hat, Inc. +//All rights reserved. +//--- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.cert.model; + +import java.util.Collection; +import java.util.List; + +import javax.xml.bind.annotation.XmlElementRef; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlTransient; + +import com.netscape.cms.servlet.base.model.Link; + +@XmlRootElement(name = "CertDataInfos") +public class CertDataInfos { + + protected Collection<CertDataInfo> certInfos; + protected List<Link> links; + + /** + * @return the CertInfos + */ + @XmlElementRef + public Collection<CertDataInfo> getCertInfos() { + return certInfos; + } + + /** + * @param certInfos the CertInfos to set + */ + public void setCertInfos(Collection<CertDataInfo> certInfos) { + this.certInfos = certInfos; + } + + /** + * @return the links + */ + @XmlElementRef + public List<Link> getLinks() { + return links; + } + + /** + * @param links the links to set + */ + public void setLinks(List<Link> links) { + this.links = links; + } + + @XmlTransient + public String getNext() { + if (links == null) { + return null; + } + for (Link link : links) { + if ("next".equals(link.getRelationship())) { + return link.getHref(); + } + } + return null; + } + + @XmlTransient + public String getPrevious() { + if (links == null) { + return null; + } + for (Link link : links) { + if ("previous".equals(link.getRelationship())) { + return link.getHref(); + } + } + return null; + } +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertSearchData.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertSearchData.java new file mode 100644 index 000000000..b474ddf79 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertSearchData.java @@ -0,0 +1,848 @@ +//--- BEGIN COPYRIGHT BLOCK --- +//This program is free software; you can redistribute it and/or modify +//it under the terms of the GNU General Public License as published by +//the Free Software Foundation; version 2 of the License. +// +//This program is distributed in the hope that it will be useful, +//but WITHOUT ANY WARRANTY; without even the implied warranty of +//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +//GNU General Public License for more details. +// +//You should have received a copy of the GNU General Public License along +//with this program; if not, write to the Free Software Foundation, Inc., +//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +//(C) 2011 Red Hat, Inc. +//All rights reserved. +//--- END COPYRIGHT BLOCK --- + +// TODO: This class is brute force. Come up with a way to divide these search filter entities into +// smaller classes +package com.netscape.cms.servlet.cert.model; + +import java.util.Calendar; +import java.util.StringTokenizer; + +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.core.MultivaluedMap; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; + +import com.netscape.cmsutil.ldap.LDAPUtil; + +/** + * @author jmagne + * + */ +@XmlRootElement(name = "CertSearchData") +@XmlAccessorType(XmlAccessType.FIELD) +public class CertSearchData { + + private final static String MATCH_EXACTLY = "exact"; + //Serial Number + @XmlElement + protected boolean serialNumberRangeInUse; + + @XmlElement + protected String serialTo; + + @XmlElement + protected String serialFrom; + + //Subject Name + @XmlElement + protected boolean subjectInUse; + + @XmlElement + protected String eMail; + + @XmlElement + protected String commonName; + + @XmlElement + protected String userID; + + @XmlElement + protected String orgUnit; + + @XmlElement + protected String org; + + @XmlElement + protected String locality; + + @XmlElement + protected String state; + + @XmlElement + protected String country; + + @XmlElement + protected boolean matchExactly; + + //Revoked By + + @XmlElement + protected String revokedBy; + + //Revoked On + + @XmlElement + protected String revokedOnFrom; + + @XmlElement + protected String revokedOnTo; + + //Revocation Reason + + @XmlElement + protected String revocationReason; + + //Issued By + + @XmlElement + protected String issuedBy; + + //Issued On + + @XmlElement + protected String issuedOnFrom; + + @XmlElement + protected String issuedOnTo; + + //Valid Not Before + + @XmlElement + protected String validNotBeforeFrom; + + @XmlElement + protected String validNotBeforeTo; + + //Valid Not After + + @XmlElement + protected String validNotAfterFrom; + + @XmlElement + protected String validNotAfterTo; + + //Validity Length + + @XmlElement + protected String validityOperation; + + @XmlElement + protected String validityCount; + + @XmlElement + protected String validityUnit; + + // Cert Type + + @XmlElement + protected String certTypeSubEmailCA; + + @XmlElement + protected String certTypeSubSSLCA; + + @XmlElement + protected String certTypeSecureEmail; + + @XmlElement + protected String certTypeSSLClient; + + @XmlElement + protected String certTypeSSLServer; + + //Revoked By + @XmlElement + protected boolean revokedByInUse; + + //Revoked On + @XmlElement + protected boolean revokedOnInUse; + + @XmlElement + protected boolean revocationReasonInUse; + + @XmlElement + protected boolean issuedByInUse; + + @XmlElement + protected boolean issuedOnInUse; + + @XmlElement + protected boolean validNotBeforeInUse; + + @XmlElement + protected boolean validNotAfterInUse; + + @XmlElement + protected boolean validityLengthInUse; + + @XmlElement + protected boolean certTypeInUse; + + //Boolean values + public boolean getSerialNumberRangeInUse() { + return serialNumberRangeInUse; + } + + public void setSerialNumberRangeInUse(boolean serialNumberRangeInUse) { + this.serialNumberRangeInUse = serialNumberRangeInUse; + } + + public boolean getSubjectInUse() { + return subjectInUse; + } + + public void setSubjectInUse(boolean subjectInUse) { + this.subjectInUse = subjectInUse; + } + + public boolean getRevokedByInUse() { + return revokedByInUse; + } + + public void setRevokedByInUse(boolean revokedByInUse) { + this.revokedByInUse = revokedByInUse; + } + + public boolean getRevokedOnInUse() { + return revokedOnInUse; + } + + public void setRevokedOnInUse(boolean revokedOnInUse) { + this.revokedOnInUse = revokedOnInUse; + } + + public void setRevocationReasonInUse(boolean revocationReasonInUse) { + this.revocationReasonInUse = revocationReasonInUse; + } + + public boolean getRevocationReasonInUse() { + return revocationReasonInUse; + } + + public void setIssuedByInUse(boolean issuedByInUse) { + this.issuedByInUse = issuedByInUse; + } + + public boolean getIssuedByInUse() { + return issuedByInUse; + } + + public void setIssuedOnInUse(boolean issuedOnInUse) { + this.issuedOnInUse = issuedOnInUse; + } + + public boolean getIssuedOnInUse() { + return issuedOnInUse; + } + + public void setValidNotBeforeInUse(boolean validNotBeforeInUse) { + this.validNotBeforeInUse = validNotBeforeInUse; + } + + public boolean getValidNotBeforeInUse() { + return validNotBeforeInUse; + } + + public void setValidNotAfterInUse(boolean validNotAfterInUse) { + this.validNotAfterInUse = validNotAfterInUse; + } + + public boolean getValidNotAfterInUse() { + return validNotAfterInUse; + } + + public void setValidityLengthInUse(boolean validityLengthInUse) { + this.validityLengthInUse = validityLengthInUse; + } + + public boolean getValidityLengthInUse() { + return validityLengthInUse; + } + + public void setCertTypeInUse(boolean certTypeInUse) { + this.certTypeInUse = certTypeInUse; + } + + public boolean getCertTypeInUse() { + return certTypeInUse; + } + + //Actual Values + + public String getSerialTo() { + return serialTo; + } + + public void setSerialTo(String serialTo) { + this.serialTo = serialTo; + } + + public String getSerialFrom() { + return serialFrom; + } + + public void setSerialFrom(String serialFrom) { + this.serialFrom = serialFrom; + } + + //Subject Name + + public String getEmail() { + return eMail; + } + + public void setEmail(String email) { + this.eMail = email; + } + + public String getCommonName() { + return commonName; + } + + public void setCommonName(String commonName) { + this.commonName = commonName; + } + + public String getUserID() { + return userID; + } + + public void setUserID(String userID) { + this.userID = userID; + } + + public String getOrgUnit() { + return orgUnit; + } + + public void setOrgUnit(String orgUnit) { + this.orgUnit = orgUnit; + } + + public String getOrg() { + return org; + } + + public void setOrg(String org) { + this.org = org; + } + + public String getLocality() { + return locality; + } + + public void setLocality(String locality) { + this.locality = locality; + } + + public String getState() { + return state; + } + + public void setState(String state) { + this.state = state; + } + + public String getCountry() { + return country; + } + + public void setCountry(String country) { + this.country = country; + } + + public boolean getMatchExactly() { + return matchExactly; + } + + public void setMatchExactly(boolean matchExactly) { + this.matchExactly = matchExactly; + } + + //Revoked On + + public String getRevokedOnTo() { + return revokedOnTo; + } + + public void setRevokedOnTo(String revokedOnTo) { + this.revokedOnTo = revokedOnTo; + } + + public String getRevokedOnFrom() { + return revokedOnFrom; + } + + public void setRevokedOnFrom(String revokedOnFrom) { + this.revokedOnFrom = revokedOnFrom; + } + + //Revoked By + + public String getRevokedBy() { + return revokedBy; + } + + public void setRevokedBy(String revokedBy) { + this.revokedBy = revokedBy; + } + + //Revocation Reason + + public String getRevocationReason() { + return revocationReason; + } + + public void setRevocationReason(String revocationReason) { + this.revocationReason = revocationReason; + } + + //Issued By + + public String getIssuedBy() { + return issuedBy; + } + + public void setIssuedBy(String issuedBy) { + this.issuedBy = issuedBy; + } + + //Issued On + + public String getIssuedOnFrom() { + return issuedOnFrom; + } + + public void setIssuedOnFrom(String issuedOnFrom) { + this.issuedOnFrom = issuedOnFrom; + } + + public String getIssuedOnTo() { + return getIssuedOnTo(); + } + + //Valid Not After + + public String getValidNotAfterFrom() { + return validNotAfterFrom; + } + + public void setValidNotAfterFrom(String validNotAfterFrom) { + this.validNotAfterFrom = validNotAfterFrom; + } + + public String getValidNotAfterTo() { + return validNotAfterTo; + } + + public void setValidNotAfterTo(String validNotAfterTo) { + this.validNotAfterTo = validNotAfterTo; + } + + //Valid Not Before + + public String getValidNotBeforeFrom() { + return validNotBeforeFrom; + } + + public void setValidNotBeforeFrom(String validNotBeforeFrom) { + this.validNotBeforeFrom = validNotBeforeFrom; + } + + public String getValidNotBeforeTo() { + return validNotBeforeTo; + } + + public void setValidNotBeforeTo(String validNotBeforeTo) { + this.validNotBeforeTo = validNotBeforeTo; + } + + //Validity Length + + public String getValidityOperation() { + return validityOperation; + } + + public void setValidityOperation(String validityOperation) { + this.validityOperation = validityOperation; + } + + public String getValidityUnit() { + return validityUnit; + } + + public void setValidityUnit(String validityUnit) { + this.validityUnit = validityUnit; + } + + public String getValidityCount() { + return validityCount; + } + + public void setValidityCount(String validityCount) { + this.validityCount = validityCount; + } + + //Cert Type + + String getCertTypeSubEmailCA() { + return certTypeSubEmailCA; + } + + void setCertTypeSubEmailCA(String certTypeSubEmailCA) { + this.certTypeSubEmailCA = certTypeSubEmailCA; + } + + public String getCertTypeSubSSLCA() { + return certTypeSubSSLCA; + } + + public void setCertTypeSubSSLCA(String certTypeSubSSLCA) { + this.certTypeSubSSLCA = certTypeSubSSLCA; + } + + public String getCertTypeSecureEmail() { + return certTypeSecureEmail; + } + + public String getCertTypeSSLClient() { + return certTypeSSLClient; + } + + public void setCertTypeSSLClient(String SSLClient) { + this.certTypeSSLClient = SSLClient; + } + + public String getCertTypeSSLServer() { + return certTypeSSLServer; + } + + public void setCertTypeSSLServer(String SSLServer) { + this.certTypeSSLServer = SSLServer; + } + + public CertSearchData() { + // required for JAXB (defaults) + } + + public void buildFromServletRequest(HttpServletRequest req) { + //Set values from the servlet request + if (req == null) { + return; + } + } + + public CertSearchData(MultivaluedMap<String, String> form) { + } + + public String buildFilter() { + StringBuffer filter = new StringBuffer(); + buildSerialNumberRangeFilter(filter); + buildSubjectFilter(filter); + buildRevokedByFilter(filter); + buildRevokedOnFilter(filter); + buildRevocationReasonFilter(filter); + buildIssuedByFilter(filter); + buildIssuedOnFilter(filter); + buildValidNotBeforeFilter(filter); + buildValidNotAfterFilter(filter); + buildValidityLengthFilter(filter); + buildCertTypeFilter(filter); + + searchFilter = filter.toString(); + + if (searchFilter != null && !searchFilter.equals("")) { + searchFilter = "(&" + searchFilter + ")"; + } + + return searchFilter; + } + + private void buildSerialNumberRangeFilter(StringBuffer filter) { + + if (!getSerialNumberRangeInUse()) { + return; + } + boolean changed = false; + String serialFrom = getSerialFrom(); + if (serialFrom != null && !serialFrom.equals("")) { + filter.append("(certRecordId>=" + LDAPUtil.escapeFilter(serialFrom) + ")"); + changed = true; + } + String serialTo = getSerialTo(); + if (serialTo != null && !serialTo.equals("")) { + filter.append("(certRecordId<=" + LDAPUtil.escapeFilter(serialTo) + ")"); + changed = true; + } + if (!changed) { + filter.append("(certRecordId=*)"); + } + + } + + private void buildSubjectFilter(StringBuffer filter) { + if (!getSubjectInUse()) { + return; + } + StringBuffer lf = new StringBuffer(); + + String matchStr = null; + boolean match = getMatchExactly(); + + if (match == true) { + matchStr = MATCH_EXACTLY; + } + + buildAVAFilter(getEmail(), "E", lf, matchStr); + buildAVAFilter(getCommonName(), "CN", lf, matchStr); + buildAVAFilter(getUserID(), "UID", lf, matchStr); + buildAVAFilter(getOrgUnit(), "OU", lf, matchStr); + buildAVAFilter(getOrg(), "O", lf, matchStr); + buildAVAFilter(getLocality(), "L", lf, matchStr); + buildAVAFilter(getState(), "ST", lf, matchStr); + buildAVAFilter(getCountry(), "C", lf, matchStr); + + if (lf.length() == 0) { + filter.append("(x509cert.subject=*)"); + return; + } + if (matchStr.equals(MATCH_EXACTLY)) { + filter.append("(&"); + filter.append(lf); + filter.append(")"); + } else { + filter.append("(|"); + filter.append(lf); + filter.append(")"); + } + } + + private void buildRevokedByFilter(StringBuffer filter) { + if (!getRevokedByInUse()) { + return; + } + + String revokedBy = getRevokedBy(); + if (revokedBy == null || revokedBy.equals("")) { + filter.append("(certRevokedBy=*)"); + } else { + filter.append("(certRevokedBy="); + filter.append(LDAPUtil.escapeFilter(revokedBy)); + filter.append(")"); + } + } + + private void buildDateFilter(String prefix, + String outStr, long adjustment, + StringBuffer filter) { + long epoch = 0; + try { + epoch = Long.parseLong(prefix); + } catch (NumberFormatException e) { + // exception safely ignored + } + Calendar from = Calendar.getInstance(); + from.setTimeInMillis(epoch); + filter.append("("); + filter.append(LDAPUtil.escapeFilter(outStr)); + filter.append(Long.toString(from.getTimeInMillis() + adjustment)); + filter.append(")"); + } + + private void buildRevokedOnFilter(StringBuffer filter) { + if (!getRevokedOnInUse()) { + return; + } + buildDateFilter(getRevokedOnFrom(), "certRevokedOn>=", 0, filter); + buildDateFilter(getRevokedOnTo(), "certRevokedOn<=", 86399999, filter); + } + + private void buildRevocationReasonFilter(StringBuffer filter) { + if (!getRevocationReasonInUse()) { + return; + } + String reasons = getRevocationReason(); + if (reasons == null) { + return; + } + String queryCertFilter = null; + StringTokenizer st = new StringTokenizer(reasons, ","); + if (st.hasMoreTokens()) { + filter.append("(|"); + while (st.hasMoreTokens()) { + String token = st.nextToken(); + if (queryCertFilter == null) { + queryCertFilter = ""; + } + filter.append("(x509cert.certRevoInfo="); + filter.append(LDAPUtil.escapeFilter(token)); + filter.append(")"); + } + filter.append(")"); + } + } + + private void buildIssuedByFilter(StringBuffer filter) { + if (!getIssuedByInUse()) { + return; + } + String issuedBy = getIssuedBy(); + ; + if (issuedBy == null || issuedBy.equals("")) { + filter.append("(certIssuedBy=*)"); + } else { + filter.append("(certIssuedBy="); + filter.append(LDAPUtil.escapeFilter(issuedBy)); + filter.append(")"); + } + } + + private void buildIssuedOnFilter(StringBuffer filter) { + if (!getIssuedOnInUse()) { + return; + } + buildDateFilter(getIssuedOnFrom(), "certCreateTime>=", 0, filter); + buildDateFilter(getIssuedOnTo(), "certCreateTime<=", 86399999, filter); + } + + private void buildValidNotBeforeFilter(StringBuffer filter) { + if (!getValidNotBeforeInUse()) { + return; + } + buildDateFilter(validNotBeforeFrom, "x509cert.notBefore>=", 0, filter); + buildDateFilter(validNotBeforeTo, "x509cert.notBefore<=", 86399999, filter); + + } + + private void buildValidNotAfterFilter(StringBuffer filter) { + if (!getValidNotAfterInUse()) { + return; + } + buildDateFilter(getValidNotAfterFrom(), "x509cert.notAfter>=", 0, filter); + buildDateFilter(getValidNotAfterTo(), "x509cert.notAfter<=", 86399999, filter); + + } + + private void buildValidityLengthFilter(StringBuffer filter) { + if (!getValidityLengthInUse()) { + return; + } + String op = getValidityOperation(); + long count = 0; + try { + count = Long.parseLong(getValidityCount()); + } catch (NumberFormatException e) { + // safely ignore + } + long unit = 0; + try { + unit = Long.parseLong(getValidityUnit()); + } catch (NumberFormatException e) { + // safely ignore + } + filter.append("("); + filter.append("x509cert.duration"); + filter.append(LDAPUtil.escapeFilter(op)); + filter.append(count * unit); + filter.append(")"); + } + + private void buildCertTypeFilter(StringBuffer filter) { + if (!getCertTypeInUse()) { + return; + } + if (isOn(getCertTypeSSLClient())) { + filter.append("(x509cert.nsExtension.SSLClient=on)"); + } else if (isOff(getCertTypeSSLClient())) { + filter.append("(x509cert.nsExtension.SSLClient=off)"); + } + if (isOn(getCertTypeSSLServer())) { + filter.append("(x509cert.nsExtension.SSLServer=on)"); + } else if (isOff(getCertTypeSSLServer())) { + filter.append("(x509cert.nsExtension.SSLServer=off)"); + } + if (isOn(getCertTypeSecureEmail())) { + filter.append("(x509cert.nsExtension.SecureEmail=on)"); + } else if (isOff(getCertTypeSecureEmail())) { + filter.append("(x509cert.nsExtension.SecureEmail=off)"); + } + if (isOn(getCertTypeSubSSLCA())) { + filter.append("(x509cert.nsExtension.SubordinateSSLCA=on)"); + } else if (isOff(getCertTypeSubSSLCA())) { + filter.append("(x509cert.nsExtension.SubordinateSSLCA=off)"); + } + if (isOn(getCertTypeSubEmailCA())) { + filter.append("(x509cert.nsExtension.SubordinateEmailCA=on)"); + } else if (isOff(getCertTypeSubEmailCA())) { + filter.append("(x509cert.nsExtension.SubordinateEmailCA=off)"); + } + } + + private boolean isOn(String value) { + String inUse = value; + if (inUse == null) { + return false; + } + if (inUse.equals("on")) { + return true; + } + return false; + } + + private boolean isOff(String value) { + String inUse = value; + if (inUse == null) { + return false; + } + if (inUse.equals("off")) { + return true; + } + return false; + } + + private void buildAVAFilter(String param, + String avaName, StringBuffer lf, String match) { + if (param != null && !param.equals("")) { + if (match != null && match.equals(MATCH_EXACTLY)) { + lf.append("(|"); + lf.append("(x509cert.subject=*"); + lf.append(avaName); + lf.append("="); + lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param, false))); + lf.append(",*)"); + lf.append("(x509cert.subject=*"); + lf.append(avaName); + lf.append("="); + lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param, false))); + lf.append(")"); + lf.append(")"); + } else { + lf.append("(x509cert.subject=*"); + lf.append(avaName); + lf.append("="); + lf.append("*"); + lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param, false))); + lf.append("*)"); + } + } + + } + + private String searchFilter = null; + + public String getSearchFilter() { + return searchFilter; + } + + public void setSearchFilter(String searchFilter) { + this.searchFilter = searchFilter; + } +} diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java index 30623ce61..cb6ed937d 100644 --- a/base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java +++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java @@ -18,9 +18,13 @@ package com.netscape.cms.servlet.cert.model; import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.certsrv.dbs.certdb.CertIdAdapter; /** * @author alee @@ -32,6 +36,28 @@ public class CertificateData { @XmlElement private String b64; + @XmlElement + private String prettyPrint; + + @XmlElement + private String subjectName; + + @XmlElement + private String pkcs7CertChain; + + @XmlElement + @XmlJavaTypeAdapter(CertIdAdapter.class) + private CertId serialNo; + + @XmlElement + private String notBefore; + + @XmlElement + private String notAfter; + + @XmlElement + private String issuerName; + public CertificateData() { // required for jaxb } @@ -50,4 +76,60 @@ public class CertificateData { this.b64 = b64; } + public String getPrettyPrint() { + return prettyPrint; + } + + public void setPrettyPrint(String prettyPrint) { + this.prettyPrint = prettyPrint; + } + + public void setPkcs7CertChain(String chain) { + this.pkcs7CertChain = chain; + } + + public String getPkcs7CertChain() { + return pkcs7CertChain; + } + + public String getSubjectName() { + return subjectName; + } + + public void setSubjectName(String subjectName) { + this.subjectName = subjectName; + } + + public CertId getSerialNo() { + return serialNo; + } + + public void setSerialNo(CertId serialNo) { + this.serialNo = serialNo; + } + + public String getNotBefore() { + return notBefore; + } + + public void setNotBefore(String notBefore) { + this.notBefore = notBefore; + } + + public String getNotAfter() { + return notAfter; + } + + public void setNotAfter(String notAfter) { + this.notAfter = notAfter; + } + + public String getIssuerName() { + return issuerName; + } + + public void setIssuerName(String issuerName) { + this.issuerName = issuerName; + } + } diff --git a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMErrorInterceptor.java b/base/common/src/com/netscape/cms/servlet/csadmin/CMSErrorInterceptor.java index 7572acef5..b751fb091 100644 --- a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMErrorInterceptor.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/CMSErrorInterceptor.java @@ -1,4 +1,21 @@ -package com.netscape.cms.servlet.test; +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.csadmin; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MultivaluedMap; @@ -8,19 +25,21 @@ import org.jboss.resteasy.client.core.ClientErrorInterceptor; import com.netscape.cms.servlet.base.CMSException; -public class DRMErrorInterceptor implements ClientErrorInterceptor { +public class CMSErrorInterceptor implements ClientErrorInterceptor { public void handle(ClientResponse<?> response) { // handle HTTP code 4xx and 5xx int code = response.getResponseStatus().getStatusCode(); - if (code < 400) return; + if (code < 400) + return; MultivaluedMap<String, String> headers = response.getHeaders(); String contentType = headers.getFirst("Content-Type"); // handle XML content only - if (!contentType.startsWith(MediaType.TEXT_XML)) return; + if (!contentType.startsWith(MediaType.TEXT_XML)) + return; CMSException exception; diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java b/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java new file mode 100644 index 000000000..37db06bd5 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java @@ -0,0 +1,175 @@ +package com.netscape.cms.servlet.csadmin; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.InetSocketAddress; +import java.net.Socket; +import java.net.URI; +import java.net.URISyntaxException; +import java.net.UnknownHostException; +import java.util.Enumeration; + +import org.apache.commons.httpclient.ConnectTimeoutException; +import org.apache.http.client.HttpClient; +import org.apache.http.conn.scheme.LayeredSchemeSocketFactory; +import org.apache.http.conn.scheme.Scheme; +import org.apache.http.conn.scheme.SchemeSocketFactory; +import org.apache.http.impl.client.DefaultHttpClient; +import org.apache.http.params.HttpParams; +import org.jboss.resteasy.client.ClientExecutor; +import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor; +import org.jboss.resteasy.spi.ResteasyProviderFactory; +import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; +import org.mozilla.jss.ssl.SSLSocket; + +public abstract class CMSRestClient { + // Callback to approve or deny returned SSL server certs + // Right now, simply approve the cert. + // ToDO: Look into taking this JSS http client code and move it into + // its own class to be used by possible future clients. + + public CMSRestClient(String baseUri, String clientCertNick) throws URISyntaxException { + + clientCertNickname = clientCertNick; + + uri = new URI(baseUri); + + String protocol = uri.getScheme(); + int port = uri.getPort(); + + HttpClient httpclient = new DefaultHttpClient(); + if (protocol != null && protocol.equals("https")) { + + Scheme scheme = new Scheme("https", port, new JSSProtocolSocketFactory()); + httpclient.getConnectionManager().getSchemeRegistry().register(scheme); + + } + + executor = new ApacheHttpClient4Executor(httpclient); + providerFactory = ResteasyProviderFactory.getInstance(); + providerFactory.addClientErrorInterceptor(new CMSErrorInterceptor()); + } + + private class ServerCertApprovalCB implements SSLCertificateApprovalCallback { + + public boolean approve(org.mozilla.jss.crypto.X509Certificate servercert, + SSLCertificateApprovalCallback.ValidityStatus status) { + + //For now lets just accept the server cert. This is a test tool, being + // pointed at a well know kra instance. + + if (servercert != null) { + System.out.println("Peer SSL Servercert details: " + + "\n subject: " + servercert.getSubjectDN().toString() + + "\n issuer: " + servercert.getIssuerDN().toString() + + "\n serial: " + servercert.getSerialNumber().toString() + ); + } + + SSLCertificateApprovalCallback.ValidityItem item; + + Enumeration<?> errors = status.getReasons(); + int i = 0; + while (errors.hasMoreElements()) { + i++; + item = (SSLCertificateApprovalCallback.ValidityItem) errors.nextElement(); + System.out.println("item " + i + + " reason=" + item.getReason() + + " depth=" + item.getDepth()); + + int reason = item.getReason(); + + if (reason == + SSLCertificateApprovalCallback.ValidityStatus.UNTRUSTED_ISSUER || + reason == SSLCertificateApprovalCallback.ValidityStatus.BAD_CERT_DOMAIN) { + + //Allow these two since we haven't necessarily installed the CA cert for trust + // and we are choosing "localhost" as the host for this client. + + return true; + + } + } + + //For other errors return false + + return false; + } + } + + private class JSSProtocolSocketFactory implements SchemeSocketFactory, LayeredSchemeSocketFactory { + + @Override + public Socket createSocket(HttpParams params) + throws IOException { + + return null; + + } + + @Override + public Socket connectSocket(Socket sock, + InetSocketAddress remoteAddress, + InetSocketAddress localAddress, + HttpParams params) + throws IOException, + UnknownHostException, + ConnectTimeoutException { + + SSLSocket socket; + + String hostName = null; + int port = 0; + if (remoteAddress != null) { + hostName = remoteAddress.getHostName(); + port = remoteAddress.getPort(); + + } + + int localPort = 0; + InetAddress localAddr = null; + + if (localAddress != null) { + localPort = localAddress.getPort(); + localAddr = localAddress.getAddress(); + } + + if (sock == null) { + socket = new SSLSocket(InetAddress.getByName(hostName), + port, + localAddr, + localPort, + new ServerCertApprovalCB(), + null); + + } else { + socket = new SSLSocket(sock, hostName, new ServerCertApprovalCB(), null); + } + + if (socket != null && clientCertNickname != null) { + socket.setClientCertNickname(clientCertNickname); + } + + return socket; + } + + @Override + public boolean isSecure(Socket sock) { + //We only use this factory in the case of SSL Connections + return true; + } + + @Override + public Socket createLayeredSocket(Socket arg0, String arg1, int arg2, boolean arg3) throws IOException, + UnknownHostException { + //This method implementation is required to get SSL working. + return null; + } + + } + + protected static String clientCertNickname; + protected ResteasyProviderFactory providerFactory; + protected ClientExecutor executor; + protected URI uri; +} diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index 5328fc054..93de638eb 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -1412,7 +1412,7 @@ public class ConfigurationUtils { return dir.delete(); } - public static void populateIndexes() throws EPropertyNotFound, EBaseException, IOException, LDAPException { + public static void populateIndexes() throws Exception { CMS.debug("populateIndexes(): start"); IConfigStore cs = CMS.getConfigStore(); diff --git a/base/common/src/com/netscape/cms/servlet/key/KeysResourceService.java b/base/common/src/com/netscape/cms/servlet/key/KeysResourceService.java index 080d4871b..c57710ce0 100644 --- a/base/common/src/com/netscape/cms/servlet/key/KeysResourceService.java +++ b/base/common/src/com/netscape/cms/servlet/key/KeysResourceService.java @@ -67,12 +67,12 @@ public class KeysResourceService extends CMSResourceService implements KeysResou } if (status != null) { - filter += "(status=" + LDAPUtil.escape(status) + ")"; + filter += "(status=" + LDAPUtil.escapeFilter(status) + ")"; matches ++; } if (clientID != null) { - filter += "(clientID=" + LDAPUtil.escape(clientID) + ")"; + filter += "(clientID=" + LDAPUtil.escapeFilter(clientID) + ")"; matches ++; } diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileNotFoundException.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileNotFoundException.java new file mode 100644 index 000000000..30a1a5852 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/profile/ProfileNotFoundException.java @@ -0,0 +1,62 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.profile; + +import javax.ws.rs.core.Response; + +import com.netscape.cms.servlet.base.CMSException; + +public class ProfileNotFoundException extends CMSException { + + private static final long serialVersionUID = -4784839378360933483L; + + public String profileId; + + public ProfileNotFoundException(String profileId) { + this(profileId, "Profile ID " + profileId + " not found"); + } + + public ProfileNotFoundException(String profileId, String message) { + super(Response.Status.NOT_FOUND, message); + this.profileId = profileId; + } + + public ProfileNotFoundException(String profileId, String message, Throwable cause) { + super(Response.Status.NOT_FOUND, message, cause); + this.profileId = profileId; + } + + public ProfileNotFoundException(Data data) { + super(data); + profileId = data.getAttribute("profileId"); + } + + public Data getData() { + Data data = super.getData(); + data.setAttribute("profileId", profileId); + return data; + } + + public String getProfileId() { + return profileId; + } + + public void setRequestId(String profileId) { + this.profileId = profileId; + } +} diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileResource.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileResource.java new file mode 100644 index 000000000..38f7ee038 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/profile/ProfileResource.java @@ -0,0 +1,40 @@ +package com.netscape.cms.servlet.profile; + +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; + +import com.netscape.cms.servlet.profile.model.ProfileData; + +@Path("/profile") +public interface ProfileResource { + + @GET + @Path("{id}") + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + public ProfileData retrieveProfile(@PathParam("id") String id); + + /** + * Used to retrieve a key + * + * @param data + * @return + */ + + /* + @POST + @Path("retrieve") + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + public ProfileData retrieveProfile(ProfileRetrievalRequestData request); + + // retrieval - used to test integration with a browser + @POST + @Path("retrieve") + @Produces(MediaType.TEXT_XML) + @Consumes({ MediaType.APPLICATION_FORM_URLENCODED }) + public ProfileData retrievProfile(MultivaluedMap<String, String> form); + */ +}
\ No newline at end of file diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileResourceService.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileResourceService.java new file mode 100644 index 000000000..a9af6278f --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/profile/ProfileResourceService.java @@ -0,0 +1,40 @@ +//--- BEGIN COPYRIGHT BLOCK --- +//This program is free software; you can redistribute it and/or modify +//it under the terms of the GNU General Public License as published by +//the Free Software Foundation; version 2 of the License. +// +//This program is distributed in the hope that it will be useful, +//but WITHOUT ANY WARRANTY; without even the implied warranty of +//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +//GNU General Public License for more details. +// +//You should have received a copy of the GNU General Public License along +//with this program; if not, write to the Free Software Foundation, Inc., +//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +//(C) 2011 Red Hat, Inc. +//All rights reserved. +//--- END COPYRIGHT BLOCK --- + +package com.netscape.cms.servlet.profile; + +import com.netscape.cms.servlet.base.CMSResourceService; +import com.netscape.cms.servlet.profile.model.ProfileDAO; +import com.netscape.cms.servlet.profile.model.ProfileData; + +/** + * @author alee + * + */ +public class ProfileResourceService extends CMSResourceService implements ProfileResource { + @Override + public ProfileData retrieveProfile(String id) { + + ProfileData data = null; + ProfileDAO dao = new ProfileDAO(); + + data = dao.getProfile(id); + + return data; + } +} diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfilesResource.java b/base/common/src/com/netscape/cms/servlet/profile/ProfilesResource.java new file mode 100644 index 000000000..68868ebe8 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/profile/ProfilesResource.java @@ -0,0 +1,34 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.profile; + +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; + +import com.netscape.cms.servlet.profile.model.ProfileDataInfos; + +@Path("/profiles") +public interface ProfilesResource { + + @GET + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + public ProfileDataInfos listProfiles(); + +} diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfilesResourceService.java b/base/common/src/com/netscape/cms/servlet/profile/ProfilesResourceService.java new file mode 100644 index 000000000..f07fbdcc2 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/profile/ProfilesResourceService.java @@ -0,0 +1,38 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +/** + * + */ +package com.netscape.cms.servlet.profile; + +import com.netscape.cms.servlet.base.CMSResourceService; +import com.netscape.cms.servlet.profile.model.ProfileDAO; +import com.netscape.cms.servlet.profile.model.ProfileDataInfos; + +/** + * @author alee + * + */ +public class ProfilesResourceService extends CMSResourceService implements ProfilesResource { + + public ProfileDataInfos listProfiles() + { + ProfileDAO dao = new ProfileDAO(); + return dao.listProfiles(uriInfo); + } +} diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileDAO.java b/base/common/src/com/netscape/cms/servlet/profile/model/ProfileDAO.java new file mode 100644 index 000000000..372570a53 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/profile/model/ProfileDAO.java @@ -0,0 +1,214 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.profile.model; + +import java.util.ArrayList; +import java.util.Enumeration; +import java.util.List; +import java.util.Locale; + +import javax.ws.rs.Path; +import javax.ws.rs.core.UriBuilder; +import javax.ws.rs.core.UriInfo; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.profile.EProfileException; +import com.netscape.certsrv.profile.IProfile; +import com.netscape.certsrv.profile.IProfileInput; +import com.netscape.certsrv.profile.IProfileSubsystem; +import com.netscape.cms.servlet.profile.ProfileNotFoundException; +import com.netscape.cms.servlet.profile.ProfileResource; + +/** + * @author alee + * + */ +public class ProfileDAO { + + private IProfileSubsystem ps; + + public ProfileDAO() { + ps = (IProfileSubsystem) CMS.getSubsystem(IProfileSubsystem.ID); + } + + /** + * Returns list of profiles + */ + + public ProfileDataInfos listProfiles(UriInfo uriInfo) + { + + List<ProfileDataInfo> list = new ArrayList<ProfileDataInfo>(); + ProfileDataInfos infos = new ProfileDataInfos(); + + if (ps == null) { + return null; + } + + Enumeration<String> profileIds = ps.getProfileIds(); + + if (profileIds != null) { + while (profileIds.hasMoreElements()) { + String id = profileIds.nextElement(); + ProfileDataInfo info = null; + try { + info = createProfileDataInfo(id, uriInfo); + } catch (EBaseException e) { + continue; + } + + if (info != null) { + list.add(info); + } + } + } + + infos.setProfileInfos(list); + + return infos; + } + + public ProfileData getProfile(String profileId) throws ProfileNotFoundException { + ProfileData data = null; + + if (ps == null) { + return null; + } + + Enumeration<String> profileIds = ps.getProfileIds(); + + IProfile profile = null; + if (profileIds != null) { + while (profileIds.hasMoreElements()) { + String id = profileIds.nextElement(); + + if (id.equals(profileId)) { + + try { + profile = ps.getProfile(profileId); + } catch (EProfileException e) { + e.printStackTrace(); + throw new ProfileNotFoundException(profileId); + } + break; + } + } + } + + if (profile == null) { + throw new ProfileNotFoundException(profileId); + } + + try { + data = createProfileData(profileId); + } catch (EBaseException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + throw new ProfileNotFoundException(profileId); + } + + return data; + } + + public ProfileData createProfileData(String profileId) throws EBaseException { + + IProfile profile; + + try { + profile = ps.getProfile(profileId); + } catch (EProfileException e) { + e.printStackTrace(); + throw new ProfileNotFoundException(profileId); + } + + ProfileData data = new ProfileData(); + + Locale locale = Locale.getDefault(); + String name = profile.getName(locale); + String desc = profile.getDescription(locale); + + data.setName(name); + data.setDescription(desc); + data.setIsEnabled(ps.isProfileEnable(profileId)); + data.setIsVisible(profile.isVisible()); + data.setEnabledBy(ps.getProfileEnableBy(profileId)); + data.setId(profileId); + + Enumeration<String> inputIds = profile.getProfileInputIds(); + + String inputName = null; + + if (inputIds != null) { + while (inputIds.hasMoreElements()) { + String inputId = inputIds.nextElement(); + IProfileInput profileInput = profile.getProfileInput(inputId); + + if (profileInput == null) { + continue; + } + inputName = profileInput.getName(locale); + + Enumeration<String> inputNames = profileInput.getValueNames(); + + ProfileInput input = data.addProfileInput(inputName); + + String curInputName = null; + while (inputNames.hasMoreElements()) { + curInputName = inputNames.nextElement(); + + if (curInputName != null && !curInputName.equals("")) { + input.setInputAttr(curInputName, ""); + } + + } + } + } + + return data; + + } + + public ProfileDataInfo createProfileDataInfo(String profileId, UriInfo uriInfo) throws EBaseException { + + if (profileId == null) { + throw new EBaseException("Error creating ProfileDataInfo."); + } + ProfileDataInfo ret = null; + + IProfile profile = null; + + profile = ps.getProfile(profileId); + if (profile == null) { + return null; + } + + ret = new ProfileDataInfo(); + + ret.setProfileId(profileId); + + Path profilePath = ProfileResource.class.getAnnotation(Path.class); + + UriBuilder profileBuilder = uriInfo.getBaseUriBuilder(); + profileBuilder.path(profilePath.value() + "/" + profileId); + ret.setProfileURL(profileBuilder.build().toString()); + + return ret; + } + +}
\ No newline at end of file diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileData.java b/base/common/src/com/netscape/cms/servlet/profile/model/ProfileData.java new file mode 100644 index 000000000..22a59c470 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/profile/model/ProfileData.java @@ -0,0 +1,146 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +/** + * + */ +package com.netscape.cms.servlet.profile.model; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; + +/** + * @author jmagne + * + */ + +@XmlRootElement(name = "ProfileData") +@XmlAccessorType(XmlAccessType.FIELD) +public class ProfileData { + + @XmlElement + protected String id; + @XmlElement + protected String name; + + @XmlElement + protected String description; + + @XmlElement + protected boolean isEnabled; + + @XmlElement + protected boolean isVisible; + + @XmlElement + protected String enabledBy; + + @XmlElement(name = "Input") + protected List<ProfileInput> inputs = new ArrayList<ProfileInput>(); + + public void setName(String name) { + this.name = name; + } + + public String getName() { + return name; + } + + public void setDescription(String description) { + this.description = description; + } + + public String getDescription() { + return description; + } + + public void setIsEnabled(boolean isEnabled) { + this.isEnabled = isEnabled; + } + + public boolean getIsEnabled() { + return isEnabled; + } + + public void setIsVisible(boolean isVisible) { + this.isVisible = isVisible; + } + + public boolean getIsVisible() { + return isVisible; + } + + public void setEnabledBy(String enabledBy) { + this.enabledBy = enabledBy; + } + + public String getEnabledBy() { + return enabledBy; + } + + public void setId(String id) { + this.id = id; + } + + public String getId() { + return id; + } + + public ProfileInput addProfileInput(String name) { + + ProfileInput oldInput = getProfileInput(name); + + if (oldInput != null) + return oldInput; + + ProfileInput newInput = new ProfileInput(); + newInput.setInputId(name); + + inputs.add(newInput); + + return newInput; + } + + public ProfileInput getProfileInput(String name) { + + ProfileInput input = null; + + Iterator<ProfileInput> it = inputs.iterator(); + + ProfileInput curInput = null; + while (it.hasNext()) { + curInput = it.next(); + + if (curInput != null && curInput.getInputId().equals(name)) + break; + } + + return input; + } + + public List<ProfileInput> getProfileInputsList() { + return inputs; + } + +}
\ No newline at end of file diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileDataInfo.java b/base/common/src/com/netscape/cms/servlet/profile/model/ProfileDataInfo.java new file mode 100644 index 000000000..63f005b54 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/profile/model/ProfileDataInfo.java @@ -0,0 +1,72 @@ +package com.netscape.cms.servlet.profile.model; + +//--- BEGIN COPYRIGHT BLOCK --- +//This program is free software; you can redistribute it and/or modify +//it under the terms of the GNU General Public License as published by +//the Free Software Foundation; version 2 of the License. +// +//This program is distributed in the hope that it will be useful, +//but WITHOUT ANY WARRANTY; without even the implied warranty of +//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +//GNU General Public License for more details. +// +//You should have received a copy of the GNU General Public License along +//with this program; if not, write to the Free Software Foundation, Inc., +//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +//(C) 2011 Red Hat, Inc. +//All rights reserved. +//--- END COPYRIGHT BLOCK --- +/** + * + */ + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlAccessorType; + +/** + * @author alee + * + */ +@XmlRootElement(name = "ProfileDataInfo") +@XmlAccessorType(XmlAccessType.FIELD) +public class ProfileDataInfo { + + @XmlElement + protected String profileURL; + + @XmlElement + protected String profileId; + + public ProfileDataInfo() { + // required for JAXB (defaults) + } + + /** + * @return the profileURL + */ + public String getProfileURL() { + return profileURL; + } + + /** + * @param keyURL the profileURL to set + */ + public void setProfileURL(String profileURL) { + this.profileURL = profileURL; + } + + public void setProfileId(String profileId) { + this.profileId = profileId; + } + + /** + * @return the profile ID in the profileURL + */ + public String getProfileId() { + return profileId; + } + +} diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileDataInfos.java b/base/common/src/com/netscape/cms/servlet/profile/model/ProfileDataInfos.java new file mode 100644 index 000000000..e14ac6641 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/profile/model/ProfileDataInfos.java @@ -0,0 +1,90 @@ +//--- BEGIN COPYRIGHT BLOCK --- +//This program is free software; you can redistribute it and/or modify +//it under the terms of the GNU General Public License as published by +//the Free Software Foundation; version 2 of the License. +// +//This program is distributed in the hope that it will be useful, +//but WITHOUT ANY WARRANTY; without even the implied warranty of +//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +//GNU General Public License for more details. +// +//You should have received a copy of the GNU General Public License along +//with this program; if not, write to the Free Software Foundation, Inc., +//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +//(C) 2012 Red Hat, Inc. +//All rights reserved. +//--- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.profile.model; + +import java.util.Collection; +import java.util.List; + +import javax.xml.bind.annotation.XmlElementRef; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlTransient; + +import com.netscape.cms.servlet.base.model.Link; + +@XmlRootElement(name = "ProfileDataInfos") +public class ProfileDataInfos { + + protected Collection<ProfileDataInfo> profileInfos; + protected List<Link> links; + + /** + * @return the ProfileInfos + */ + @XmlElementRef + public Collection<ProfileDataInfo> getProfileInfos() { + return profileInfos; + } + + /** + * @param ProfileInfos theProfileInfos to set + */ + public void setProfileInfos(Collection<ProfileDataInfo> profileInfos) { + this.profileInfos = profileInfos; + } + + /** + * @return the links + */ + @XmlElementRef + public List<Link> getLinks() { + return links; + } + + /** + * @param links the links to set + */ + public void setLinks(List<Link> links) { + this.links = links; + } + + @XmlTransient + public String getNext() { + if (links == null) { + return null; + } + for (Link link : links) { + if ("next".equals(link.getRelationship())) { + return link.getHref(); + } + } + return null; + } + + @XmlTransient + public String getPrevious() { + if (links == null) { + return null; + } + for (Link link : links) { + if ("previous".equals(link.getRelationship())) { + return link.getHref(); + } + } + return null; + } +} diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileInput.java b/base/common/src/com/netscape/cms/servlet/profile/model/ProfileInput.java new file mode 100644 index 000000000..a0aea9fd4 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/profile/model/ProfileInput.java @@ -0,0 +1,89 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.profile.model; + +import java.util.ArrayList; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; + +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlValue; +import javax.xml.bind.annotation.adapters.XmlAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + +public class ProfileInput { + + @XmlElement + public String getInputId() { + return inputId; + } + + private String inputId; + @XmlJavaTypeAdapter(InputAttrsAdapter.class) + public Map<String, String> InputAttrs = new LinkedHashMap<String, String>(); + + public void setInputAttr(String name, String value) { + InputAttrs.put(name, value); + } + + public void setInputId(String inputId) { + this.inputId = inputId; + } + + public static class InputAttrsAdapter extends XmlAdapter<InputAttrList, Map<String, String>> { + + public InputAttrList marshal(Map<String, String> map) { + InputAttrList list = new InputAttrList(); + for (Map.Entry<String, String> entry : map.entrySet()) { + Attribute attribute = new Attribute(); + attribute.name = entry.getKey(); + attribute.value = entry.getValue(); + list.attributes.add(attribute); + } + return list; + } + + public Map<String, String> unmarshal(InputAttrList list) { + Map<String, String> map = new LinkedHashMap<String, String>(); + for (Attribute attribute : list.attributes) { + map.put(attribute.name, attribute.value); + } + return map; + } + } + + public static class InputAttrList { + @XmlElement(name = "InputAttr") + public List<Attribute> attributes = new ArrayList<Attribute>(); + } + + public static class Attribute { + + @XmlAttribute + public String name; + + @XmlValue + public String value; + } + + public Map<String, String> getAttributes() { + return InputAttrs; + } +} diff --git a/base/common/src/com/netscape/cms/servlet/request/CertRequestResource.java b/base/common/src/com/netscape/cms/servlet/request/CertRequestResource.java new file mode 100644 index 000000000..5dc97650d --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/request/CertRequestResource.java @@ -0,0 +1,69 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.request; + +import javax.ws.rs.Consumes; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.MultivaluedMap; + +import com.netscape.certsrv.request.RequestId; +import com.netscape.cms.servlet.request.model.CertRequestInfo; +import com.netscape.cms.servlet.request.model.EnrollmentRequestData; + +@Path("/certrequest") +public interface CertRequestResource { + + /** + * Used to retrieve cert request info for a specific request + */ + @GET + @Path("{id}") + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + public CertRequestInfo getRequestInfo(@PathParam("id") RequestId id); + + // Enrollment - used to test integration with a browser + @POST + @Path("enroll") + @Produces({ MediaType.TEXT_XML }) + @Consumes({ MediaType.APPLICATION_FORM_URLENCODED }) + public CertRequestInfo enrollCert(MultivaluedMap<String, String> form); + + @POST + @Path("enroll") + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + public CertRequestInfo enrollCert(EnrollmentRequestData data); + + @POST + @Path("approve/{id}") + public void approveRequest(@PathParam("id") RequestId id); + + @POST + @Path("reject/{id}") + public void rejectRequest(@PathParam("id") RequestId id); + + @POST + @Path("cancel/{id}") + public void cancelRequest(@PathParam("id") RequestId id); + +} diff --git a/base/common/src/com/netscape/cms/servlet/request/CertRequestResourceService.java b/base/common/src/com/netscape/cms/servlet/request/CertRequestResourceService.java new file mode 100644 index 000000000..40f57a7a7 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/request/CertRequestResourceService.java @@ -0,0 +1,110 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cms.servlet.request; + +import javax.ws.rs.core.MultivaluedMap; + +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.request.RequestId; +import com.netscape.cms.servlet.base.BadRequestException; +import com.netscape.cms.servlet.base.CMSException; +import com.netscape.cms.servlet.base.CMSResourceService; +import com.netscape.cms.servlet.request.model.CertRequestDAO; +import com.netscape.cms.servlet.request.model.CertRequestInfo; +import com.netscape.cms.servlet.request.model.EnrollmentRequestData; + +/** + * @author alee + * + */ +public class CertRequestResourceService extends CMSResourceService implements CertRequestResource { + + /** + * Used to retrieve key request info for a specific request + */ + public CertRequestInfo getRequestInfo(RequestId id) { + // auth and authz + CertRequestInfo info; + + CertRequestDAO dao = new CertRequestDAO(); + try { + info = dao.getRequest(id, uriInfo); + } catch (EBaseException e) { + // log error + e.printStackTrace(); + throw new CMSException("Error getting Cert request info!"); + } + + if (info == null) { + // request does not exist + throw new RequestNotFoundException(id); + } + + return info; + } + + // Enrollment - used to test integration with a browser + public CertRequestInfo enrollCert(MultivaluedMap<String, String> form) { + EnrollmentRequestData data = new EnrollmentRequestData(form); + return enrollCert(data); + } + + public CertRequestInfo enrollCert(EnrollmentRequestData data) { + + if (data == null) { + throw new BadRequestException("Bad data input into CertRequestResourceService.enrollCert!"); + } + CertRequestDAO dao = new CertRequestDAO(); + + try { + dao.submitRequest(data, uriInfo); + } catch (EBaseException e) { + throw new CMSException("Problem enrolling cert in CertRequestResource.enrollCert!"); + } + + //TODO implement + throw new CMSException("CertRequestResourceService.enrollCert not implemented!"); + } + + public void approveRequest(RequestId id) { + if (id == null) { + throw new BadRequestException("Bad data input in CertRequestResourceService.approveRequest!"); + } + //TODO implement + throw new CMSException("Problem approving request in CertRequestResource.approveRequest!"); + } + + public void rejectRequest(RequestId id) { + if (id == null) { + throw new BadRequestException("Bad data input into CertRequestResourceService.rejectRequest!"); + } + //TODO implement + + throw new CMSException("Problem rejecting request in CertRequestResource.rejectRequest!"); + + } + + public void cancelRequest(RequestId id) { + if (id == null) { + throw new BadRequestException("Bad data input in CertRequestResourceService.cancelRequest!"); + } + //TODO implement + throw new CMSException("Problem cancelling request in CertRequestResource.cancelRequest!"); + } +} diff --git a/base/common/src/com/netscape/cms/servlet/request/CertRequestsResource.java b/base/common/src/com/netscape/cms/servlet/request/CertRequestsResource.java new file mode 100644 index 000000000..ec8e2679f --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/request/CertRequestsResource.java @@ -0,0 +1,50 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.request; + +import javax.ws.rs.DefaultValue; +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.core.MediaType; + +import com.netscape.certsrv.request.RequestId; +import com.netscape.cms.servlet.request.model.CertRequestInfos; + +@Path("/certrequests") +public interface CertRequestsResource { + + public static final int DEFAULT_START = 0; + public static final int DEFAULT_PAGESIZE = 20; + public static final int DEFAULT_MAXRESULTS = 100; + public static final int DEFAULT_MAXTIME = 10; + + /** + * Used to generate list of cert requests based on the search parameters + */ + @GET + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + public CertRequestInfos listRequests(@QueryParam("requestState") String requestState, + @QueryParam("requestType") String requestType, + @DefaultValue("" + DEFAULT_START) @QueryParam("start") RequestId start, + @DefaultValue("" + DEFAULT_PAGESIZE) @QueryParam("pageSize") int pageSize, + @DefaultValue("" + DEFAULT_MAXRESULTS) @QueryParam("maxResults") int maxResults, + @DefaultValue("" + DEFAULT_MAXTIME) @QueryParam("maxTime") int maxTime); + +}
\ No newline at end of file diff --git a/base/common/src/com/netscape/cms/servlet/request/CertRequestsResourceService.java b/base/common/src/com/netscape/cms/servlet/request/CertRequestsResourceService.java new file mode 100644 index 000000000..370bd126f --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/request/CertRequestsResourceService.java @@ -0,0 +1,88 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cms.servlet.request; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.request.RequestId; +import com.netscape.cms.servlet.base.CMSException; +import com.netscape.cms.servlet.base.CMSResourceService; +import com.netscape.cms.servlet.request.model.CertRequestDAO; +import com.netscape.cms.servlet.request.model.CertRequestInfos; +import com.netscape.cmsutil.ldap.LDAPUtil; +/** + * @author alee + * + */ +public class CertRequestsResourceService extends CMSResourceService implements CertRequestsResource { + + /** + * Used to generate list of cert requests based on the search parameters + */ + public CertRequestInfos listRequests(String requestState, String requestType, + RequestId start, int pageSize, int maxResults, int maxTime) { + // auth and authz + + // get ldap filter + String filter = createSearchFilter(requestState, requestType); + CMS.debug("listRequests: filter is " + filter); + + // get start marker + if (start == null) { + start = new RequestId(CertRequestsResource.DEFAULT_START); + } + + CertRequestDAO reqDAO = new CertRequestDAO(); + CertRequestInfos requests; + try { + requests = reqDAO.listRequests(filter, start, pageSize, maxResults, maxTime, uriInfo); + } catch (EBaseException e) { + CMS.debug("listRequests: error in obtaining request results" + e); + e.printStackTrace(); + throw new CMSException("Error listing cert requests!"); + } + return requests; + } + + private String createSearchFilter(String requestState, String requestType) { + String filter = ""; + int matches = 0; + + if ((requestState == null) && (requestType == null)) { + filter = "(requeststate=*)"; + return filter; + } + + if (requestState != null) { + filter += "(requeststate=" + LDAPUtil.escapeFilter(requestState) + ")"; + matches++; + } + + if (requestType != null) { + filter += "(requesttype=" + LDAPUtil.escapeFilter(requestType) + ")"; + matches++; + } + + if (matches > 1) { + filter = "(&" + filter + ")"; + } + + return filter; + } +} diff --git a/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResourceService.java b/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResourceService.java index 0ea06f983..48218c4d2 100644 --- a/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResourceService.java +++ b/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResourceService.java @@ -73,17 +73,17 @@ public class KeyRequestsResourceService extends CMSResourceService implements Ke } if (requestState != null) { - filter += "(requeststate=" + LDAPUtil.escape(requestState) + ")"; + filter += "(requeststate=" + LDAPUtil.escapeFilter(requestState) + ")"; matches ++; } if (requestType != null) { - filter += "(requesttype=" + LDAPUtil.escape(requestType) + ")"; + filter += "(requesttype=" + LDAPUtil.escapeFilter(requestType) + ")"; matches ++; } if (clientID != null) { - filter += "(clientID=" + LDAPUtil.escape(clientID) + ")"; + filter += "(clientID=" + LDAPUtil.escapeFilter(clientID) + ")"; matches ++; } diff --git a/base/common/src/com/netscape/cms/servlet/request/model/CMSRequestDAO.java b/base/common/src/com/netscape/cms/servlet/request/model/CMSRequestDAO.java new file mode 100644 index 000000000..5ac984168 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/request/model/CMSRequestDAO.java @@ -0,0 +1,166 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.request.model; + +import java.net.URI; +import java.util.ArrayList; +import java.util.List; + +import javax.ws.rs.core.MultivaluedMap; +import javax.ws.rs.core.UriBuilder; +import javax.ws.rs.core.UriInfo; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.authority.IAuthority; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.request.IRequest; +import com.netscape.certsrv.request.IRequestList; +import com.netscape.certsrv.request.IRequestQueue; +import com.netscape.certsrv.request.IRequestVirtualList; +import com.netscape.certsrv.request.RequestId; +import com.netscape.cms.servlet.base.model.Link; + +/** + * @author alee + * + */ + +public abstract class CMSRequestDAO { + protected IRequestQueue queue; + protected IAuthority authority; + + private String[] vlvFilters = { + "(requeststate=*)", "(requesttype=enrollment)", + "(requesttype=recovery)", "(requeststate=canceled)", + "(&(requeststate=canceled)(requesttype=enrollment))", + "(&(requeststate=canceled)(requesttype=recovery))", + "(requeststate=rejected)", + "(&(requeststate=rejected)(requesttype=enrollment))", + "(&(requeststate=rejected)(requesttype=recovery))", + "(requeststate=complete)", + "(&(requeststate=complete)(requesttype=enrollment))", + "(&(requeststate=complete)(requesttype=recovery))" + }; + + public static final String ATTR_SERIALNO = "serialNumber"; + + public CMSRequestDAO(String authorityName) { + authority = (IAuthority) CMS.getSubsystem(authorityName); + queue = authority.getRequestQueue(); + } + + /** + * Finds list of requests matching the specified search filter. + * + * If the filter corresponds to a VLV search, then that search is executed and the pageSize + * and start parameters are used. Otherwise, the maxResults and maxTime parameters are + * used in the regularly indexed search. + * + * @param filter - ldap search filter + * @param start - start position for VLV search + * @param pageSize - page size for VLV search + * @param maxResults - max results to be returned in normal search + * @param maxTime - max time for normal search + * @param uriInfo - uri context of request + * @return collection of key request info + * @throws EBaseException + */ + public CMSRequestInfos listCMSRequests(String filter, RequestId start, int pageSize, int maxResults, int maxTime, + UriInfo uriInfo) throws EBaseException { + List<CMSRequestInfo> list = new ArrayList<CMSRequestInfo>(); + List<Link> links = new ArrayList<Link>(); + int totalSize = 0; + int current = 0; + + if (isVLVSearch(filter)) { + IRequestVirtualList vlvlist = queue.getPagedRequestsByFilter(start, false, filter, + pageSize + 1, "requestId"); + totalSize = vlvlist.getSize(); + current = vlvlist.getCurrentIndex(); + + int numRecords = (totalSize > (current + pageSize)) ? pageSize : + totalSize - current; + + for (int i = 0; i < numRecords; i++) { + IRequest request = vlvlist.getElementAt(i); + list.add(createCMSRequestInfo(request, uriInfo)); + } + } else { + // The non-vlv requests are indexed, but are not paginated. + // We should think about whether they should be, or if we need to + // limit the number of results returned. + IRequestList requests = queue.listRequestsByFilter(filter, maxResults, maxTime); + + if (requests == null) { + return null; + } + while (requests.hasMoreElements()) { + RequestId rid = requests.nextElement(); + IRequest request = queue.findRequest(rid); + if (request != null) { + list.add(createCMSRequestInfo(request, uriInfo)); + } + } + } + + // builder for vlv links + MultivaluedMap<String, String> params = uriInfo.getQueryParameters(); + UriBuilder builder = uriInfo.getAbsolutePathBuilder(); + if (params.containsKey("requestState")) { + builder.queryParam("requestState", params.getFirst("requestState")); + } + if (params.containsKey("requestType")) { + builder.queryParam("requestType", params.getFirst("requestType")); + } + builder.queryParam("start", "{start}"); + builder.queryParam("pageSize", "{pageSize}"); + + // next link + if (totalSize > current + pageSize) { + int next = current + pageSize + 1; + URI nextUri = builder.clone().build(next, pageSize); + Link nextLink = new Link("next", nextUri.toString(), "application/xml"); + links.add(nextLink); + } + + // previous link + if (current > 0) { + int previous = current - pageSize; + URI previousUri = builder.clone().build(previous, pageSize); + Link previousLink = new Link("previous", previousUri.toString(), "application/xml"); + links.add(previousLink); + } + + CMSRequestInfos ret = new CMSRequestInfos(); + ret.setRequests(list); + ret.setLinks(links); + return ret; + } + + private boolean isVLVSearch(String filter) { + for (int i = 0; i < vlvFilters.length; i++) { + if (vlvFilters[i].equalsIgnoreCase(filter)) { + return true; + } + } + return false; + } + + abstract CMSRequestInfo createCMSRequestInfo(IRequest request, UriInfo uriInfo); +} + diff --git a/base/common/src/com/netscape/cms/servlet/request/model/CMSRequestInfo.java b/base/common/src/com/netscape/cms/servlet/request/model/CMSRequestInfo.java new file mode 100644 index 000000000..b86b39fbd --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/request/model/CMSRequestInfo.java @@ -0,0 +1,69 @@ +package com.netscape.cms.servlet.request.model; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; + +import com.netscape.certsrv.request.RequestId; +@XmlAccessorType(XmlAccessType.FIELD) +public class CMSRequestInfo { + @XmlElement + protected String requestType; + + @XmlElement + protected String requestStatus; + + @XmlElement + protected String requestURL; + + /** + * @return the requestType + */ + public String getRequestType() { + return requestType; + } + + /** + * @param requestType the requestType to set + */ + public void setRequestType(String requestType) { + this.requestType = requestType; + } + + /** + * @return the requestStatus + */ + public String getRequestStatus() { + return requestStatus; + } + + /** + * @param requestStatus the requestStatus to set + */ + public void setRequestStatus(String requestStatus) { + this.requestStatus = requestStatus; + } + + /** + * @return the requestURL + */ + public String getRequestURL() { + return requestURL; + } + + /** + * @return the request ID in the requestURL + */ + public RequestId getRequestId() { + String id = requestURL.substring(requestURL.lastIndexOf("/") + 1); + return new RequestId(id); + } + + /** + * @param requestURL the requestURL to set + */ + public void setRequestURL(String requestURL) { + this.requestURL = requestURL; + } + +} diff --git a/base/common/src/com/netscape/cms/servlet/request/model/CMSRequestInfos.java b/base/common/src/com/netscape/cms/servlet/request/model/CMSRequestInfos.java new file mode 100644 index 000000000..63b2e56b1 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/request/model/CMSRequestInfos.java @@ -0,0 +1,59 @@ +//--- BEGIN COPYRIGHT BLOCK --- +//This program is free software; you can redistribute it and/or modify +//it under the terms of the GNU General Public License as published by +//the Free Software Foundation; version 2 of the License. +// +//This program is distributed in the hope that it will be useful, +//but WITHOUT ANY WARRANTY; without even the implied warranty of +//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +//GNU General Public License for more details. +// +//You should have received a copy of the GNU General Public License along +//with this program; if not, write to the Free Software Foundation, Inc., +//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +//(C) 2011 Red Hat, Inc. +//All rights reserved. +//--- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.request.model; + +import java.util.Collection; +import java.util.List; + +import com.netscape.cms.servlet.base.model.Link; + +//Convenience class to simply hold a Collection of CMSRequests and a List of Links. +public class CMSRequestInfos { + + protected Collection<CMSRequestInfo> requests; + protected List<Link> links; + + /** + * @return the requests + */ + public Collection<CMSRequestInfo> getRequests() { + return requests; + } + + /** + * @param requests the requests to set + */ + public void setRequests(Collection<CMSRequestInfo> requests) { + this.requests = requests; + } + + /** + * @return the links + */ + public List<Link> getLinks() { + return links; + } + + /** + * @param links the links to set + */ + public void setLinks(List<Link> links) { + this.links = links; + } + +} diff --git a/base/common/src/com/netscape/cms/servlet/request/model/CertRequestDAO.java b/base/common/src/com/netscape/cms/servlet/request/model/CertRequestDAO.java new file mode 100644 index 000000000..1d7f8aeae --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/request/model/CertRequestDAO.java @@ -0,0 +1,207 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.request.model; + +import java.math.BigInteger; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +import javax.ws.rs.Path; +import javax.ws.rs.core.UriBuilder; +import javax.ws.rs.core.UriInfo; + +import netscape.security.x509.X509CertImpl; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.ca.ICertificateAuthority; +import com.netscape.certsrv.profile.IEnrollProfile; +import com.netscape.certsrv.request.IRequest; +import com.netscape.certsrv.request.IRequestQueue; +import com.netscape.certsrv.request.RequestId; +import com.netscape.certsrv.request.RequestStatus; +import com.netscape.cms.servlet.cert.CertResource; +import com.netscape.cms.servlet.request.CertRequestResource; + +/** + * @author alee + * + */ +public class CertRequestDAO extends CMSRequestDAO { + private IRequestQueue queue; + private ICertificateAuthority ca; + + public static final String ATTR_SERIALNO = "serialNumber"; + private static final String REQ_COMPLETE = "complete"; + + public CertRequestDAO() { + + super("ca"); + ca = (ICertificateAuthority) CMS.getSubsystem("ca"); + queue = ca.getRequestQueue(); + + } + + /** + * Finds list of requests matching the specified search filter. + * + * If the filter corresponds to a VLV search, then that search is executed and the pageSize + * and start parameters are used. Otherwise, the maxResults and maxTime parameters are + * used in the regularly indexed search. + * + * @param filter - ldap search filter + * @param start - start position for VLV search + * @param pageSize - page size for VLV search + * @param maxResults - max results to be returned in normal search + * @param maxTime - max time for normal search + * @param uriInfo - uri context of request + * @return collection of key request info + * @throws EBaseException + */ + + @SuppressWarnings("unchecked") + public CertRequestInfos listRequests(String filter, RequestId start, int pageSize, int maxResults, int maxTime, + UriInfo uriInfo) throws EBaseException { + + CMSRequestInfos cmsInfos = listCMSRequests(filter, start, pageSize, maxResults, maxTime, uriInfo); + + CertRequestInfos ret = new CertRequestInfos(); + + if (cmsInfos == null) { + ret.setRequests(null); + ret.setLinks(null); + return ret; + } + + List<CertRequestInfo> list = new ArrayList<CertRequestInfo>(); + ; + Collection<? extends CMSRequestInfo> cmsList = cmsInfos.getRequests(); + + // We absolutely know 100% that this list is a list + // of CertRequestInfo objects. This is because the method + // createCMSRequestInfo. Is the only one adding to it + + list = (List<CertRequestInfo>) cmsList; + + ret.setLinks(cmsInfos.getLinks()); + ret.setRequests(list); + + return ret; + } + + /** + * Gets info for a specific request + * + * @param id + * @return info for specific request + * @throws EBaseException + */ + public CertRequestInfo getRequest(RequestId id, UriInfo uriInfo) throws EBaseException { + IRequest request = queue.findRequest(id); + if (request == null) { + return null; + } + CertRequestInfo info = createCMSRequestInfo(request, uriInfo); + return info; + } + + /** + * Submits an enrollment request and processes it. + * + * @param data + * @return info for the request submitted. + * @throws EBaseException + */ + public CertRequestInfo submitRequest(EnrollmentRequestData data, UriInfo uriInfo) throws EBaseException { + + //TODO perform actual profile request. + + throw new EBaseException("Not implemented."); + } + + public void approveRequest(RequestId id) throws EBaseException { + IRequest request = queue.findRequest(id); + request.setRequestStatus(RequestStatus.APPROVED); + queue.updateRequest(request); + } + + public void rejectRequest(RequestId id) throws EBaseException { + IRequest request = queue.findRequest(id); + request.setRequestStatus(RequestStatus.CANCELED); + queue.updateRequest(request); + } + + public void cancelRequest(RequestId id) throws EBaseException { + IRequest request = queue.findRequest(id); + request.setRequestStatus(RequestStatus.REJECTED); + queue.updateRequest(request); + } + + private CertRequestInfo createCertRequestInfo(IRequest request, UriInfo uriInfo) { + CertRequestInfo ret = new CertRequestInfo(); + + String requestType = request.getRequestType(); + String requestStatus = request.getRequestStatus().toString(); + + ret.setRequestType(requestType); + ret.setRequestStatus(requestStatus); + + ret.setCertRequestType(request.getExtDataInString("cert_request_type")); + + Path certRequestPath = CertRequestResource.class.getAnnotation(Path.class); + RequestId rid = request.getRequestId(); + + UriBuilder reqBuilder = uriInfo.getBaseUriBuilder(); + reqBuilder.path(certRequestPath.value() + "/" + rid); + ret.setRequestURL(reqBuilder.build().toString()); + + //Get Cert info if issued. + + String serialNoStr = null; + + if ((requestType != null) && (requestStatus != null)) { + if (requestStatus.equals(REQ_COMPLETE)) { + X509CertImpl impl[] = new X509CertImpl[1]; + impl[0] = request.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + + BigInteger serialNo; + if (impl[0] != null) { + serialNo = impl[0].getSerialNumber(); + serialNoStr = serialNo.toString(); + } + } + + } + + if (serialNoStr != null && !serialNoStr.equals("")) { + Path certPath = CertResource.class.getAnnotation(Path.class); + UriBuilder certBuilder = uriInfo.getBaseUriBuilder(); + certBuilder.path(certPath.value() + "/" + serialNoStr); + ret.setCertURL(certBuilder.build().toString()); + } + + return ret; + } + + @Override + public CertRequestInfo createCMSRequestInfo(IRequest request, UriInfo uriInfo) { + return createCertRequestInfo(request, uriInfo); + } + +} diff --git a/base/common/src/com/netscape/cms/servlet/request/model/CertRequestInfo.java b/base/common/src/com/netscape/cms/servlet/request/model/CertRequestInfo.java new file mode 100644 index 000000000..25083126d --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/request/model/CertRequestInfo.java @@ -0,0 +1,81 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cms.servlet.request.model; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; + +import com.netscape.certsrv.dbs.certdb.CertId; + +@XmlRootElement(name = "CertRequestInfo") +@XmlAccessorType(XmlAccessType.FIELD) +public class CertRequestInfo extends CMSRequestInfo { + + @XmlElement + protected String certURL; + + @XmlElement + protected String certRequestType; + + public CertRequestInfo() { + // required to be here for JAXB (defaults) + } + + /** + * @param certRequestType to set + */ + + public void setCertRequestType(String certRequestType) { + this.certRequestType = certRequestType; + } + + /** + * @return the certRequestType + */ + + public String getCertRequestType() { + return certRequestType; + } + + /** + * @set the certURL + */ + public void setCertURL(String certURL) { + this.certURL = certURL; + } + + /** + * @return the certURL + */ + public String getCertURL() { + return certURL; + } + + /** + * @return the certId + */ + + public CertId getCertId() { + String id = certURL.substring(certURL.lastIndexOf("/") + 1); + return new CertId(id); + } + +} diff --git a/base/common/src/com/netscape/cms/servlet/request/model/CertRequestInfos.java b/base/common/src/com/netscape/cms/servlet/request/model/CertRequestInfos.java new file mode 100644 index 000000000..a4c39a33e --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/request/model/CertRequestInfos.java @@ -0,0 +1,89 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.request.model; + +import java.util.Collection; +import java.util.List; + +import javax.xml.bind.annotation.XmlElementRef; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlTransient; + +import com.netscape.cms.servlet.base.model.Link; + +@XmlRootElement(name = "CertRequestInfos") +public class CertRequestInfos { + protected Collection<CertRequestInfo> requests; + protected List<Link> links; + + /** + * @return the requests + */ + @XmlElementRef + public Collection<CertRequestInfo> getRequests() { + return requests; + } + + /** + * @param requests the requests to set + */ + public void setRequests(Collection<CertRequestInfo> requests) { + this.requests = requests; + } + + /** + * @return the links + */ + @XmlElementRef + public List<Link> getLinks() { + return links; + } + + /** + * @param links the links to set + */ + public void setLinks(List<Link> links) { + this.links = links; + } + + @XmlTransient + public String getNext() { + if (links == null) { + return null; + } + for (Link link : links) { + if ("next".equals(link.getRelationship())) { + return link.getHref(); + } + } + return null; + } + + @XmlTransient + public String getPrevious() { + if (links == null) { + return null; + } + for (Link link : links) { + if ("previous".equals(link.getRelationship())) { + return link.getHref(); + } + } + return null; + } +} diff --git a/base/common/src/com/netscape/cms/servlet/request/model/CertRetrievalRequestData.java b/base/common/src/com/netscape/cms/servlet/request/model/CertRetrievalRequestData.java new file mode 100644 index 000000000..72e437c17 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/request/model/CertRetrievalRequestData.java @@ -0,0 +1,78 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +/** + * + */ +package com.netscape.cms.servlet.request.model; + +import javax.ws.rs.core.MultivaluedMap; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.certsrv.dbs.certdb.CertIdAdapter; +import com.netscape.certsrv.request.RequestId; +import com.netscape.certsrv.request.RequestIdAdapter; + +/** + * @author alee + * + */ +@XmlRootElement(name = "CertRetrievalRequest") +@XmlAccessorType(XmlAccessType.FIELD) +public class CertRetrievalRequestData { + + private static final String CERT_ID = "certId"; + + @XmlElement + @XmlJavaTypeAdapter(CertIdAdapter.class) + protected CertId certId; + + @XmlElement + @XmlJavaTypeAdapter(RequestIdAdapter.class) + protected RequestId requestId; + + public CertRetrievalRequestData() { + // required for JAXB (defaults) + } + + public CertRetrievalRequestData(MultivaluedMap<String, String> form) { + if (form.containsKey(CERT_ID)) { + certId = new CertId(form.getFirst(CERT_ID)); + } + } + + /** + * @return the CertId + */ + public CertId getCertId() { + return certId; + } + + /** + * @param CertId the CertId to set + */ + public void setCertId(CertId certId) { + this.certId = certId; + } + +} diff --git a/base/common/src/com/netscape/cms/servlet/request/model/EnrollmentRequestData.java b/base/common/src/com/netscape/cms/servlet/request/model/EnrollmentRequestData.java new file mode 100644 index 000000000..f2979ebce --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/request/model/EnrollmentRequestData.java @@ -0,0 +1,202 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +/** + * + */ +package com.netscape.cms.servlet.request.model; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import javax.ws.rs.core.MultivaluedMap; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Marshaller; +import javax.xml.bind.Unmarshaller; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; + +import com.netscape.cms.servlet.profile.model.ProfileInput; + +/** + * @author jmagne + * + */ + +@XmlRootElement(name = "EnrollmentRequest") +@XmlAccessorType(XmlAccessType.FIELD) +public class EnrollmentRequestData { + + private static final String PROFILE_ID = "profileId"; + private static final String RENEWAL = "renewal"; + + @XmlElement + protected String profileId; + + @XmlElement + protected boolean isRenewal; + + @XmlElement(name = "Input") + protected List<ProfileInput> inputs = new ArrayList<ProfileInput>(); + + public EnrollmentRequestData() { + } + + public EnrollmentRequestData(MultivaluedMap<String, String> form) { + profileId = form.getFirst(PROFILE_ID); + String renewalStr = form.getFirst(RENEWAL); + + isRenewal = new Boolean(renewalStr); + + } + + /** + * @return the profileId + */ + public String getProfileId() { + return profileId; + } + + /** + * @param profileId the profileId to set + */ + + public void setProfileId(String profileId) { + this.profileId = profileId; + } + + /** + * @return renewal + */ + + public boolean getIsRenewal() { + return isRenewal; + } + + public ProfileInput addInput(String name) { + + ProfileInput oldInput = getInput(name); + + if (oldInput != null) + return oldInput; + + ProfileInput newInput = new ProfileInput(); + newInput.setInputId(name); + + inputs.add(newInput); + + return newInput; + } + + public ProfileInput getInput(String name) { + + ProfileInput input = null; + + Iterator<ProfileInput> it = inputs.iterator(); + + ProfileInput curInput = null; + while (it.hasNext()) + + { + curInput = it.next(); + + if (curInput != null && curInput.getInputId().equals(name)) + break; + } + + return input; + } + + /** + * @param renewal the renewal to set + */ + public void setIsRenewal(boolean isRenewal) { + this.isRenewal = isRenewal; + } + + public static void main(String args[]) throws Exception { + EnrollmentRequestData data = new EnrollmentRequestData(); + data.setProfileId("caUserCert"); + data.setIsRenewal(false); + + //Simulate a "caUserCert" Profile enrollment + + ProfileInput certReq = data.addInput("KeyGenInput"); + certReq.setInputAttr("cert_request_type", "crmf"); + certReq.setInputAttr( + "cert_request", + "MIIBozCCAZ8wggEFAgQBMQp8MIHHgAECpQ4wDDEKMAgGA1UEAxMBeKaBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2NgaPHp0jiohcP4M+ufrJOZEqH8GV+liu5JLbT8nWpkfhC+8EUBqT6g+n3qroSxIcNVGNdcsBEqs1utvpItzyslAbpdyat3WwQep1dWMzo6RHrPDuIoxNA0Yka1n3qEX4U//08cLQtUv2bYglYgN/hOCNQemLV6vZWAv0n7zelkCAwEAAakQMA4GA1UdDwEB/wQEAwIF4DAzMBUGCSsGAQUFBwUBAQwIcmVnVG9rZW4wGgYJKwYBBQUHBQECDA1hdXRoZW50aWNhdG9yoYGTMA0GCSqGSIb3DQEBBQUAA4GBAJ1VOQcaSEhdHa94s8kifVbSZ2WZeYE5//qxL6wVlEst20vq4ybj13CetnbN3+WT49Zkwp7Fg+6lALKgSk47suTg3EbbQDm+8yOrC0nc/q4PTRoHl0alMmUxIhirYc1t3xoCMqJewmjX1bNP8lpVIZAYFZo4eZCpZaiSkM5BeHhz"); + + ProfileInput subjectName = data.addInput("SubjectNameInput"); + subjectName.setInputAttr("sn_uid", "jmagne"); + subjectName.setInputAttr("sn_e", "jmagne@redhat.com"); + subjectName.setInputAttr("sn_c", "US"); + subjectName.setInputAttr("sn_ou", "Development"); + subjectName.setInputAttr("sn_ou1", "IPA"); + subjectName.setInputAttr("sn_ou2", "Dogtag"); + subjectName.setInputAttr("sn_ou3", "CA"); + subjectName.setInputAttr("sn_cn", "Common"); + subjectName.setInputAttr("sn_o", "RedHat"); + + ProfileInput submitter = data.addInput("SubmitterInfoInput"); + submitter.setInputAttr("requestor_name", "admin"); + submitter.setInputAttr("requestor_email", "admin@redhat.com"); + submitter.setInputAttr("requestor_phone", "650-555-5555"); + + try { + JAXBContext context = JAXBContext.newInstance(EnrollmentRequestData.class); + Marshaller marshaller = context.createMarshaller(); + marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); + + ByteArrayOutputStream stream = new ByteArrayOutputStream(); + + marshaller.marshal(data, stream); + + System.out.println("Originally marshalled enrollment object. \n"); + + System.out.println(stream.toString()); + + //Try to unmarshall + + Unmarshaller unmarshaller = context.createUnmarshaller(); + + ByteArrayInputStream bais = new ByteArrayInputStream(stream.toByteArray()); + Object unmarshalled = unmarshaller.unmarshal(bais); + + //Try re-marshalling, unmarshalled object to compare + + stream.reset(); + + marshaller.marshal(unmarshalled, stream); + + System.out.println("Remarshalled unmarshalled enrollment object. \n"); + + System.out.println(stream.toString()); + + } catch (JAXBException e) { + System.out.println(e.toString()); + } + } + +} diff --git a/base/common/src/com/netscape/cms/servlet/request/model/KeyRequestDAO.java b/base/common/src/com/netscape/cms/servlet/request/model/KeyRequestDAO.java index aaea45398..9def75248 100644 --- a/base/common/src/com/netscape/cms/servlet/request/model/KeyRequestDAO.java +++ b/base/common/src/com/netscape/cms/servlet/request/model/KeyRequestDAO.java @@ -17,13 +17,12 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request.model; -import java.net.URI; import java.util.ArrayList; +import java.util.Collection; import java.util.Hashtable; import java.util.List; import javax.ws.rs.Path; -import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriInfo; @@ -31,54 +30,34 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.dbs.keydb.KeyId; import com.netscape.certsrv.kra.IKeyRecoveryAuthority; +import com.netscape.certsrv.profile.IEnrollProfile; import com.netscape.certsrv.request.IRequest; -import com.netscape.certsrv.request.IRequestList; -import com.netscape.certsrv.request.IRequestQueue; -import com.netscape.certsrv.request.IRequestVirtualList; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.request.RequestStatus; -import com.netscape.cms.servlet.base.model.Link; import com.netscape.cms.servlet.key.KeyResource; import com.netscape.cms.servlet.key.model.KeyDAO; import com.netscape.cms.servlet.key.model.KeyDataInfos; -import com.netscape.certsrv.profile.IEnrollProfile; import com.netscape.cms.servlet.request.KeyRequestResource; /** * @author alee * */ -public class KeyRequestDAO { - private IRequestQueue queue; - private IKeyRecoveryAuthority kra; +public class KeyRequestDAO extends CMSRequestDAO { private static String REQUEST_ARCHIVE_OPTIONS = IEnrollProfile.REQUEST_ARCHIVE_OPTIONS; - private String[] vlvFilters = { - "(requeststate=*)", "(requesttype=enrollment)", - "(requesttype=recovery)", "(requeststate=canceled)", - "(&(requeststate=canceled)(requesttype=enrollment))", - "(&(requeststate=canceled)(requesttype=recovery))", - "(requeststate=rejected)", - "(&(requeststate=rejected)(requesttype=enrollment))", - "(&(requeststate=rejected)(requesttype=recovery))", - "(requeststate=complete)", - "(&(requeststate=complete)(requesttype=enrollment))", - "(&(requeststate=complete)(requesttype=recovery))" - }; - public static final String ATTR_SERIALNO = "serialNumber"; public KeyRequestDAO() { - kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( "kra" ); - queue = kra.getRequestQueue(); + super("kra"); } /** * Finds list of requests matching the specified search filter. * * If the filter corresponds to a VLV search, then that search is executed and the pageSize - * and start parameters are used. Otherwise, the maxResults and maxTime parameters are + * and start parameters are used. Otherwise, the maxResults and maxTime parameters are * used in the regularly indexed search. * * @param filter - ldap search filter @@ -90,80 +69,39 @@ public class KeyRequestDAO { * @return collection of key request info * @throws EBaseException */ + @SuppressWarnings("unchecked") public KeyRequestInfos listRequests(String filter, RequestId start, int pageSize, int maxResults, int maxTime, UriInfo uriInfo) throws EBaseException { - List <KeyRequestInfo> list = new ArrayList<KeyRequestInfo>(); - List <Link> links = new ArrayList<Link>(); - int totalSize = 0; - int current = 0; - - if (isVLVSearch(filter)) { - IRequestVirtualList vlvlist = queue.getPagedRequestsByFilter(start, false, filter, - pageSize +1 , "requestId"); - totalSize = vlvlist.getSize(); - current = vlvlist.getCurrentIndex(); - - int numRecords = (totalSize > (current + pageSize)) ? pageSize : - totalSize - current; - - for (int i=0; i < numRecords; i++) { - IRequest request = vlvlist.getElementAt(i); - list.add(createKeyRequestInfo(request, uriInfo)); - } - } else { - // The non-vlv requests are indexed, but are not paginated. - // We should think about whether they should be, or if we need to - // limit the number of results returned. - IRequestList requests = queue.listRequestsByFilter(filter, maxResults, maxTime); - - if (requests == null) { - return null; - } - while (requests.hasMoreElements()) { - RequestId rid = requests.nextElement(); - IRequest request = queue.findRequest(rid); - if (request != null) { - list.add(createKeyRequestInfo(request, uriInfo)); - } - } - } - // builder for vlv links - MultivaluedMap<String, String> params = uriInfo.getQueryParameters(); - UriBuilder builder = uriInfo.getAbsolutePathBuilder(); - if (params.containsKey("requestState")) { - builder.queryParam("requestState", params.getFirst("requestState")); - } - if (params.containsKey("requestType")) { - builder.queryParam("requestType", params.getFirst("requestType")); - } - builder.queryParam("start", "{start}"); - builder.queryParam("pageSize", "{pageSize}"); - - // next link - if (totalSize > current + pageSize) { - int next = current + pageSize + 1; - URI nextUri = builder.clone().build(next,pageSize); - Link nextLink = new Link("next", nextUri.toString(), "application/xml"); - links.add(nextLink); - } + CMSRequestInfos cmsInfos = listCMSRequests(filter, start, pageSize, maxResults, maxTime, uriInfo); + KeyRequestInfos ret = new KeyRequestInfos(); - // previous link - if (current >0) { - int previous = current - pageSize; - URI previousUri = builder.clone().build(previous,pageSize); - Link previousLink = new Link("previous", previousUri.toString(), "application/xml"); - links.add(previousLink); + if (cmsInfos == null) { + ret.setRequests(null); + ret.setLinks(null); + return ret; } - KeyRequestInfos ret = new KeyRequestInfos(); + List<KeyRequestInfo> list = new ArrayList<KeyRequestInfo>(); + ; + Collection<? extends CMSRequestInfo> cmsList = cmsInfos.getRequests(); + + // We absolutely know 100% that this list is a list + // of KeyRequestInfo objects. This is because the method + // createCMSRequestInfo. Is the only one adding to it + + list = (List<KeyRequestInfo>) cmsList; + + ret.setLinks(cmsInfos.getLinks()); ret.setRequests(list); - ret.setLinks(links); + return ret; + } /** * Gets info for a specific request + * * @param id * @return info for specific request * @throws EBaseException @@ -176,8 +114,10 @@ public class KeyRequestDAO { KeyRequestInfo info = createKeyRequestInfo(request, uriInfo); return info; } + /** * Submits an archival request and processes it. + * * @param data * @return info for the request submitted. * @throws EBaseException @@ -205,8 +145,10 @@ public class KeyRequestDAO { return createKeyRequestInfo(request, uriInfo); } + /** * Submits a key recovery request. + * * @param data * @return info on the recovery request created * @throws EBaseException @@ -224,9 +166,10 @@ public class KeyRequestDAO { KeyId keyId = data.getKeyId(); Hashtable<String, Object> requestParams; - requestParams = kra.createVolatileRequest(request.getRequestId()); - if(requestParams == null) { + requestParams = ((IKeyRecoveryAuthority) authority).createVolatileRequest(request.getRequestId()); + + if (requestParams == null) { throw new EBaseException("Can not create Volatile params in submitRequest!"); } @@ -269,7 +212,7 @@ public class KeyRequestDAO { queue.updateRequest(request); } - public KeyRequestInfo createKeyRequestInfo(IRequest request, UriInfo uriInfo) { + private KeyRequestInfo createKeyRequestInfo(IRequest request, UriInfo uriInfo) { KeyRequestInfo ret = new KeyRequestInfo(); ret.setRequestType(request.getRequestType()); @@ -292,13 +235,11 @@ public class KeyRequestDAO { return ret; } - private boolean isVLVSearch(String filter) { - for (int i=0; i < vlvFilters.length; i++) { - if (vlvFilters[i].equalsIgnoreCase(filter)) { - return true; - } - } - return false; + @Override + public KeyRequestInfo createCMSRequestInfo(IRequest request, UriInfo uriInfo) { + + return createKeyRequestInfo(request, uriInfo); + } //We only care if the key exists or not @@ -306,19 +247,19 @@ public class KeyRequestDAO { boolean ret = false; String state = "active"; - KeyDAO keys = new KeyDAO(); + KeyDAO keys = new KeyDAO(); KeyDataInfos existingKeys; String filter = "(&(" + IRequest.SECURITY_DATA_CLIENT_ID + "=" + clientId + ")" - + "(" + IRequest.SECURITY_DATA_STATUS + "=" + state + "))"; + + "(" + IRequest.SECURITY_DATA_STATUS + "=" + state + "))"; try { - existingKeys = keys.listKeys(filter, 1, 10, uriInfo); + existingKeys = keys.listKeys(filter, 1, 10, uriInfo); - if(existingKeys != null && existingKeys.getKeyInfos().size() > 0) { + if (existingKeys != null && existingKeys.getKeyInfos().size() > 0) { ret = true; } } catch (EBaseException e) { - ret= false; + ret = false; } return ret; diff --git a/base/common/src/com/netscape/cms/servlet/request/model/KeyRequestInfo.java b/base/common/src/com/netscape/cms/servlet/request/model/KeyRequestInfo.java index fd3be8044..91d5f8210 100644 --- a/base/common/src/com/netscape/cms/servlet/request/model/KeyRequestInfo.java +++ b/base/common/src/com/netscape/cms/servlet/request/model/KeyRequestInfo.java @@ -19,84 +19,24 @@ package com.netscape.cms.servlet.request.model; import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; import com.netscape.certsrv.dbs.keydb.KeyId; -import com.netscape.certsrv.request.RequestId; -@XmlRootElement(name="SecurityDataRequestInfo") +@XmlRootElement(name = "SecurityDataRequestInfo") @XmlAccessorType(XmlAccessType.FIELD) -public class KeyRequestInfo { - - @XmlElement - protected String requestType; - - @XmlElement - protected String requestStatus; - - @XmlElement - protected String requestURL; +public class KeyRequestInfo extends CMSRequestInfo { @XmlElement protected String keyURL; - public KeyRequestInfo(){ + public KeyRequestInfo() { // required to be here for JAXB (defaults) } /** - * @return the requestType - */ - public String getRequestType() { - return requestType; - } - - /** - * @param requestType the requestType to set - */ - public void setRequestType(String requestType) { - this.requestType = requestType; - } - - /** - * @return the requestStatus - */ - public String getRequestStatus() { - return requestStatus; - } - - /** - * @param requestStatus the requestStatus to set - */ - public void setRequestStatus(String requestStatus) { - this.requestStatus = requestStatus; - } - - /** - * @return the requestURL - */ - public String getRequestURL() { - return requestURL; - } - - /** - * @return the request ID in the requestURL - */ - public RequestId getRequestId() { - String id = requestURL.substring(requestURL.lastIndexOf("/") + 1); - return new RequestId(id); - } - - /** - * @param requestURL the requestURL to set - */ - public void setRequestURL(String requestURL) { - this.requestURL = requestURL; - } - - /** * @return the keyURL */ public String getKeyURL() { diff --git a/base/common/src/com/netscape/cms/servlet/request/model/ProfileRetrievalRequestData.java b/base/common/src/com/netscape/cms/servlet/request/model/ProfileRetrievalRequestData.java new file mode 100644 index 000000000..7a0359587 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/request/model/ProfileRetrievalRequestData.java @@ -0,0 +1,67 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +/** + * + */ +package com.netscape.cms.servlet.request.model; + +import javax.ws.rs.core.MultivaluedMap; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; + +/** + * @author alee + * + */ +@XmlRootElement(name = "ProfileRetrievalRequest") +@XmlAccessorType(XmlAccessType.FIELD) +public class ProfileRetrievalRequestData { + + private static final String PROFILE_ID = "profileId"; + + @XmlElement + protected String profileId; + + public ProfileRetrievalRequestData() { + // required for JAXB (defaults) + } + + public ProfileRetrievalRequestData(MultivaluedMap<String, String> form) { + if (form.containsKey(PROFILE_ID)) { + profileId = form.getFirst(PROFILE_ID); + } + } + + /** + * @return the ProfileId + */ + public String getProfileId() { + return profileId; + } + + /** + * @param ProfileId the ProfileId to set + */ + public void setProfileId(String profileId) { + this.profileId = profileId; + } + +}
\ No newline at end of file diff --git a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java index f346526d8..772612bf4 100644 --- a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java +++ b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java @@ -1,35 +1,17 @@ package com.netscape.cms.servlet.test; -import java.io.IOException; -import java.net.InetAddress; -import java.net.InetSocketAddress; -import java.net.Socket; -import java.net.URI; import java.net.URISyntaxException; -import java.net.UnknownHostException; import java.util.Collection; -import java.util.Enumeration; import java.util.Iterator; -import org.apache.commons.httpclient.ConnectTimeoutException; -import org.apache.http.client.HttpClient; -import org.apache.http.conn.scheme.LayeredSchemeSocketFactory; -import org.apache.http.conn.scheme.Scheme; -import org.apache.http.conn.scheme.SchemeSocketFactory; -import org.apache.http.impl.client.DefaultHttpClient; -import org.apache.http.params.HttpParams; -import org.jboss.resteasy.client.ClientExecutor; import org.jboss.resteasy.client.ClientResponse; import org.jboss.resteasy.client.ProxyFactory; -import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor; -import org.jboss.resteasy.spi.ResteasyProviderFactory; -import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; -import org.mozilla.jss.ssl.SSLSocket; import com.netscape.certsrv.dbs.keydb.KeyId; import com.netscape.certsrv.request.RequestId; import com.netscape.cms.servlet.admin.SystemCertificateResource; import com.netscape.cms.servlet.cert.model.CertificateData; +import com.netscape.cms.servlet.csadmin.CMSRestClient; import com.netscape.cms.servlet.key.KeyResource; import com.netscape.cms.servlet.key.KeysResource; import com.netscape.cms.servlet.key.model.KeyData; @@ -43,129 +25,7 @@ import com.netscape.cms.servlet.request.model.KeyRequestInfos; import com.netscape.cms.servlet.request.model.RecoveryRequestData; import com.netscape.cmsutil.util.Utils; -public class DRMRestClient { - - // Callback to approve or deny returned SSL server certs - // Right now, simply approve the cert. - // ToDO: Look into taking this JSS http client code and move it into - // its own class to be used by possible future clients. - private class ServerCertApprovalCB implements SSLCertificateApprovalCallback { - - public boolean approve(org.mozilla.jss.crypto.X509Certificate servercert, - SSLCertificateApprovalCallback.ValidityStatus status) { - - //For now lets just accept the server cert. This is a test tool, being - // pointed at a well know kra instance. - - if (servercert != null) { - System.out.println("Peer cert details: " + - "\n subject: " + servercert.getSubjectDN().toString() + - "\n issuer: " + servercert.getIssuerDN().toString() + - "\n serial: " + servercert.getSerialNumber().toString() - ); - } - - SSLCertificateApprovalCallback.ValidityItem item; - - Enumeration<?> errors = status.getReasons(); - int i = 0; - while (errors.hasMoreElements()) { - i++; - item = (SSLCertificateApprovalCallback.ValidityItem) errors.nextElement(); - System.out.println("item " + i + - " reason=" + item.getReason() + - " depth=" + item.getDepth()); - - int reason = item.getReason(); - - if (reason == - SSLCertificateApprovalCallback.ValidityStatus.UNTRUSTED_ISSUER || - reason == SSLCertificateApprovalCallback.ValidityStatus.BAD_CERT_DOMAIN) { - - //Allow these two since we haven't necessarily installed the CA cert for trust - // and we are choosing "localhost" as the host for this client. - - return true; - - } - } - - //For other errors return false - - return false; - } - } - - private class JSSProtocolSocketFactory implements SchemeSocketFactory, LayeredSchemeSocketFactory { - - @Override - public Socket createSocket(HttpParams params) - throws IOException { - - return null; - - } - - @Override - public Socket connectSocket(Socket sock, - InetSocketAddress remoteAddress, - InetSocketAddress localAddress, - HttpParams params) - throws IOException, - UnknownHostException, - ConnectTimeoutException { - - SSLSocket socket; - - String hostName = null; - int port = 0; - if (remoteAddress != null) { - hostName = remoteAddress.getHostName(); - port = remoteAddress.getPort(); - - } - - int localPort = 0; - InetAddress localAddr = null; - - if (localAddress != null) { - localPort = localAddress.getPort(); - localAddr = localAddress.getAddress(); - } - - if (sock == null) { - socket = new SSLSocket(InetAddress.getByName(hostName), - port, - localAddr, - localPort, - new ServerCertApprovalCB(), - null); - - } else { - socket = new SSLSocket(sock, hostName, new ServerCertApprovalCB(), null); - } - - if (socket != null && clientCertNickname != null) { - socket.setClientCertNickname(clientCertNickname); - } - - return socket; - } - - @Override - public boolean isSecure(Socket sock) { - //We only use this factory in the case of SSL Connections - return true; - } - - @Override - public Socket createLayeredSocket(Socket arg0, String arg1, int arg2, boolean arg3) throws IOException, - UnknownHostException { - //This method implementation is required to get SSL working. - return null; - } - - } +public class DRMRestClient extends CMSRestClient { private KeyResource keyClient; private KeysResource keysClient; @@ -173,34 +33,8 @@ public class DRMRestClient { private KeyRequestResource keyRequestClient; private SystemCertificateResource systemCertClient; - private String clientCertNickname = null; - public DRMRestClient(String baseUri, String clientCertNick) throws URISyntaxException { - - // For SSL we are assuming the caller has already intialized JSS and has - // a valid CryptoManager and CryptoToken - // optional clientCertNickname is provided for use if required. - - URI uri = new URI(baseUri); - - String protocol = uri.getScheme(); - int port = uri.getPort(); - - clientCertNickname = clientCertNick; - HttpClient httpclient = new DefaultHttpClient(); - if (protocol != null && protocol.equals("https")) { - - Scheme scheme = new Scheme("https", port, new JSSProtocolSocketFactory()); - - // Register for port 443 our SSLSocketFactory to the ConnectionManager - httpclient.getConnectionManager().getSchemeRegistry().register(scheme); - - } - - ClientExecutor executor = new ApacheHttpClient4Executor(httpclient); - - ResteasyProviderFactory providerFactory = ResteasyProviderFactory.getInstance(); - providerFactory.addClientErrorInterceptor(new DRMErrorInterceptor()); + super(baseUri,clientCertNick); systemCertClient = ProxyFactory.create(SystemCertificateResource.class, uri, executor, providerFactory); keyRequestsClient = ProxyFactory.create(KeyRequestsResource.class, uri, executor, providerFactory); diff --git a/base/util/src/com/netscape/cmsutil/ldap/LDAPUtil.java b/base/util/src/com/netscape/cmsutil/ldap/LDAPUtil.java index e821db67a..4409ddeaf 100644 --- a/base/util/src/com/netscape/cmsutil/ldap/LDAPUtil.java +++ b/base/util/src/com/netscape/cmsutil/ldap/LDAPUtil.java @@ -45,12 +45,13 @@ public class LDAPUtil { * @param string string to escape * @return escaped string */ - public static String escape(String string) { + public static String escapeFilter(String string) { StringBuilder sb = new StringBuilder(); for (char c : string.toCharArray()) { if (SPECIAL_CHARS.indexOf(c) >= 0) { sb.append('\\'); - if (c < 0x10) sb.append('0'); // make sure it's 2-digit + if (c < 0x10) + sb.append('0'); // make sure it's 2-digit sb.append(Integer.toHexString(c)); } else { sb.append(c); @@ -59,6 +60,45 @@ public class LDAPUtil { return sb.toString(); } + public static String escapeDN(String v, boolean doubleEscape) { + StringBuffer result = new StringBuffer(); + + // Do we need to escape any characters + for (int i = 0; i < v.length(); i++) { + int c = v.charAt(i); + if (c == ',' || c == '=' || c == '+' || c == '<' || + c == '>' || c == '#' || c == ';' || c == '\r' || + c == '\n' || c == '\\' || c == '"') { + if ((c == 0x5c) && ((i + 1) < v.length())) { + int nextC = v.charAt(i + 1); + if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' || + nextC == '<' || nextC == '>' || nextC == '#' || + nextC == ';' || nextC == '\r' || nextC == '\n' || + nextC == '\\' || nextC == '"')) { + if (doubleEscape) + result.append('\\'); + } else { + result.append('\\'); + if (doubleEscape) + result.append('\\'); + } + } else { + result.append('\\'); + if (doubleEscape) + result.append('\\'); + } + } + if (c == '\r') { + result.append("0D"); + } else if (c == '\n') { + result.append("0A"); + } else { + result.append((char) c); + } + } + return result.toString(); + } + public static void importLDIF(LDAPConnection conn, String filename, ArrayList<String> errors) throws IOException { LDIF ldif = new LDIF(filename); while (true) { |