diff options
author | Ade Lee <alee@redhat.com> | 2012-07-24 12:49:36 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2012-07-25 10:36:41 -0400 |
commit | 2a3125d54365bf1806633c3301ce59fdb21461e4 (patch) | |
tree | 256b9c6f8d13b8d1b2562b9042fec65156718cd9 /base | |
parent | 5fd74e0e0c9407306e99ef4fd2e776cb911ee94a (diff) | |
download | pki-2a3125d54365bf1806633c3301ce59fdb21461e4.tar.gz pki-2a3125d54365bf1806633c3301ce59fdb21461e4.tar.xz pki-2a3125d54365bf1806633c3301ce59fdb21461e4.zip |
Merge most DAO objects into the ResourceService files
Diffstat (limited to 'base')
7 files changed, 519 insertions, 721 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertResourceService.java b/base/common/src/com/netscape/cms/servlet/cert/CertResourceService.java index 6dbfee322..395907b53 100644 --- a/base/common/src/com/netscape/cms/servlet/cert/CertResourceService.java +++ b/base/common/src/com/netscape/cms/servlet/cert/CertResourceService.java @@ -18,23 +18,38 @@ package com.netscape.cms.servlet.cert; +import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; +import java.net.URI; +import java.security.Principal; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Date; +import java.util.Enumeration; +import java.util.List; import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Response; +import netscape.security.pkcs.ContentInfo; +import netscape.security.pkcs.PKCS7; +import netscape.security.pkcs.SignerInfo; +import netscape.security.x509.AlgorithmId; import netscape.security.x509.RevocationReason; import netscape.security.x509.X509CertImpl; +import org.jboss.resteasy.plugins.providers.atom.Link; + import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.ICertPrettyPrint; import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.dbs.EDBRecordNotFoundException; import com.netscape.certsrv.dbs.certdb.CertId; import com.netscape.certsrv.dbs.certdb.ICertRecord; +import com.netscape.certsrv.dbs.certdb.ICertificateRepository; import com.netscape.certsrv.logging.AuditFormat; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.request.IRequest; @@ -42,7 +57,7 @@ import com.netscape.cms.servlet.base.BadRequestException; import com.netscape.cms.servlet.base.CMSException; import com.netscape.cms.servlet.base.CMSResourceService; import com.netscape.cms.servlet.base.UnauthorizedException; -import com.netscape.cms.servlet.cert.model.CertDAO; +import com.netscape.cms.servlet.cert.model.CertDataInfo; import com.netscape.cms.servlet.cert.model.CertDataInfos; import com.netscape.cms.servlet.cert.model.CertRevokeRequest; import com.netscape.cms.servlet.cert.model.CertSearchData; @@ -53,6 +68,7 @@ import com.netscape.cms.servlet.request.model.CertRequestDAO; import com.netscape.cms.servlet.request.model.CertRequestInfo; import com.netscape.cms.servlet.request.model.CertRetrievalRequestData; import com.netscape.cmsutil.ldap.LDAPUtil; +import com.netscape.cmsutil.util.Utils; /** * @author alee @@ -61,32 +77,31 @@ import com.netscape.cmsutil.ldap.LDAPUtil; public class CertResourceService extends CMSResourceService implements CertResource { ICertificateAuthority authority; + ICertificateRepository repo; + public CertResourceService() { authority = (ICertificateAuthority) CMS.getSubsystem("ca"); + repo = authority.getCertificateRepository(); } private void validateRequest(CertId id) { - if (id == null) { throw new BadRequestException("Invalid id in CertResourceService.validateRequest."); } - } @Override public CertificateData getCert(CertId id) { - validateRequest(id); CertRetrievalRequestData data = new CertRetrievalRequestData(); data.setCertId(id); - CertDAO dao = createDAO(); CertificateData certData = null; try { - certData = dao.getCert(data); + certData = getCert(data); } catch (EDBRecordNotFoundException e) { throw new CertNotFoundException(id); } catch (EBaseException e) { @@ -96,7 +111,6 @@ public class CertResourceService extends CMSResourceService implements CertResou } return certData; - } @Override @@ -110,7 +124,6 @@ public class CertResourceService extends CMSResourceService implements CertResou } public CertRequestInfo revokeCert(CertId id, CertRevokeRequest request, boolean caCert) { - RevocationReason revReason = request.getReason(); if (revReason == RevocationReason.REMOVE_FROM_CRL) { CertUnrevokeRequest unrevRequest = new CertUnrevokeRequest(); @@ -222,7 +235,6 @@ public class CertResourceService extends CMSResourceService implements CertResou @Override public CertRequestInfo unrevokeCert(CertId id, CertUnrevokeRequest request) { - RevocationProcessor processor; try { processor = new RevocationProcessor("caDoUnrevoke", getLocale()); @@ -278,13 +290,6 @@ public class CertResourceService extends CMSResourceService implements CertResou } } - public CertDAO createDAO() { - CertDAO dao = new CertDAO(); - dao.setLocale(getLocale()); - dao.setUriInfo(uriInfo); - return dao; - } - private String createSearchFilter(String status) { String filter = ""; @@ -301,26 +306,22 @@ public class CertResourceService extends CMSResourceService implements CertResou } private String createSearchFilter(CertSearchData data) { - if (data == null) { return null; } return data.buildFilter(); - } @Override public CertDataInfos listCerts(String status, int maxResults, int maxTime) { - // get ldap filter String filter = createSearchFilter(status); CMS.debug("listKeys: filter is " + filter); - CertDAO dao = createDAO(); CertDataInfos infos; try { - infos = dao.listCerts(filter, maxResults, maxTime); + infos = getCertList(filter, maxResults, maxTime); } catch (EBaseException e) { e.printStackTrace(); throw new CMSException("Error listing certs in CertsResourceService.listCerts!"); @@ -330,16 +331,14 @@ public class CertResourceService extends CMSResourceService implements CertResou @Override public CertDataInfos searchCerts(CertSearchData data, int maxResults, int maxTime) { - if (data == null) { throw new WebApplicationException(Response.Status.BAD_REQUEST); } String filter = createSearchFilter(data); - CertDAO dao = createDAO(); CertDataInfos infos; try { - infos = dao.listCerts(filter, maxResults, maxTime); + infos = getCertList(filter, maxResults, maxTime); } catch (EBaseException e) { e.printStackTrace(); throw new CMSException("Error listing certs in CertsResourceService.listCerts!"); @@ -347,4 +346,165 @@ public class CertResourceService extends CMSResourceService implements CertResou return infos; } + + /** + * Returns list of certs meeting specified search filter. + * Currently, vlv searches are not used for certs. + * + * @param filter + * @param maxResults + * @param maxTime + * @param uriInfo + * @return + * @throws EBaseException + */ + private CertDataInfos getCertList(String filter, int maxResults, int maxTime) + throws EBaseException { + List<CertDataInfo> list = new ArrayList<CertDataInfo>(); + Enumeration<ICertRecord> e = null; + + e = repo.searchCertificates(filter, maxResults, maxTime); + if (e == null) { + throw new EBaseException("search results are null"); + } + + while (e.hasMoreElements()) { + ICertRecord rec = e.nextElement(); + if (rec != null) { + list.add(createCertDataInfo(rec)); + } + } + + CertDataInfos ret = new CertDataInfos(); + ret.setCertInfos(list); + + return ret; + } + + public CertificateData getCert(CertRetrievalRequestData data) throws EBaseException, CertificateEncodingException { + CertId certId = data.getCertId(); + + //find the cert in question + ICertRecord record = repo.readCertificateRecord(certId.toBigInteger()); + X509CertImpl cert = record.getCertificate(); + + CertificateData certData = new CertificateData(); + + certData.setSerialNumber(certId); + + Principal issuerDN = cert.getIssuerDN(); + if (issuerDN != null) certData.setIssuerDN(issuerDN.toString()); + + Principal subjectDN = cert.getSubjectDN(); + if (subjectDN != null) certData.setSubjectDN(subjectDN.toString()); + + String base64 = CMS.getEncodedCert(cert); + certData.setEncoded(base64); + + ICertPrettyPrint print = CMS.getCertPrettyPrint(cert); + certData.setPrettyPrint(print.toString(getLocale())); + + String p7Str = getCertChainData(cert); + certData.setPkcs7CertChain(p7Str); + + Date notBefore = cert.getNotBefore(); + if (notBefore != null) certData.setNotBefore(notBefore.toString()); + + Date notAfter = cert.getNotAfter(); + if (notAfter != null) certData.setNotAfter(notAfter.toString()); + + certData.setStatus(record.getStatus()); + + URI uri = uriInfo.getBaseUriBuilder().path(CertResource.class).path("{id}").build(certId.toHexString()); + certData.setLink(new Link("self", uri)); + + return certData; + } + + private CertDataInfo createCertDataInfo(ICertRecord record) throws EBaseException { + CertDataInfo info = new CertDataInfo(); + + CertId id = new CertId(record.getSerialNumber()); + info.setID(id); + + X509Certificate cert = record.getCertificate(); + info.setSubjectDN(cert.getSubjectDN().toString()); + + info.setStatus(record.getStatus()); + + URI uri = uriInfo.getBaseUriBuilder().path(CertResource.class).path("{id}").build(id.toHexString()); + info.setLink(new Link("self", uri)); + + return info; + } + + private String getCertChainData(X509CertImpl x509cert) { + X509Certificate mCACerts[]; + + if (x509cert == null) { + return null; + } + + try { + mCACerts = authority.getCACertChain().getChain(); + } catch (Exception e) { + mCACerts = null; + } + + X509CertImpl[] certsInChain = new X509CertImpl[1]; + + int mCACertsLength = 0; + boolean certAlreadyInChain = false; + int certsInChainLength = 0; + if (mCACerts != null) { + mCACertsLength = mCACerts.length; + for (int i = 0; i < mCACertsLength; i++) { + if (x509cert.equals(mCACerts[i])) { + certAlreadyInChain = true; + break; + } + } + + if (certAlreadyInChain == true) { + certsInChainLength = mCACertsLength; + } else { + certsInChainLength = mCACertsLength + 1; + } + + certsInChain = new X509CertImpl[certsInChainLength]; + + } + + certsInChain[0] = x509cert; + + if (mCACerts != null) { + int curCount = 1; + for (int i = 0; i < mCACertsLength; i++) { + if (!x509cert.equals(mCACerts[i])) { + certsInChain[curCount] = (X509CertImpl) mCACerts[i]; + curCount++; + } + + } + } + + String p7Str; + + try { + PKCS7 p7 = new PKCS7(new AlgorithmId[0], + new ContentInfo(new byte[0]), + certsInChain, + new SignerInfo[0]); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + + p7.encodeSignedData(bos, false); + byte[] p7Bytes = bos.toByteArray(); + + p7Str = Utils.base64encode(p7Bytes); + } catch (Exception e) { + p7Str = null; + } + + return p7Str; + } } diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertDAO.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertDAO.java deleted file mode 100644 index 1177b66f6..000000000 --- a/base/common/src/com/netscape/cms/servlet/cert/model/CertDAO.java +++ /dev/null @@ -1,249 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2011 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.cert.model; - -import java.io.ByteArrayOutputStream; -import java.net.URI; -import java.security.Principal; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Date; -import java.util.Enumeration; -import java.util.List; -import java.util.Locale; - -import javax.ws.rs.core.UriInfo; - -import netscape.security.pkcs.ContentInfo; -import netscape.security.pkcs.PKCS7; -import netscape.security.pkcs.SignerInfo; -import netscape.security.x509.AlgorithmId; -import netscape.security.x509.X509CertImpl; - -import org.jboss.resteasy.plugins.providers.atom.Link; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.ICertPrettyPrint; -import com.netscape.certsrv.ca.ICertificateAuthority; -import com.netscape.certsrv.dbs.certdb.CertId; -import com.netscape.certsrv.dbs.certdb.ICertRecord; -import com.netscape.certsrv.dbs.certdb.ICertificateRepository; -import com.netscape.cms.servlet.cert.CertResource; -import com.netscape.cms.servlet.request.model.CertRetrievalRequestData; -import com.netscape.cmsutil.util.Utils; - -/** - * @author alee - * - */ -public class CertDAO { - - Locale locale; - UriInfo uriInfo; - - private ICertificateRepository repo; - private ICertificateAuthority ca; - - public CertDAO() { - ca = (ICertificateAuthority) CMS.getSubsystem("ca"); - repo = ca.getCertificateRepository(); - } - - public Locale getLocale() { - return locale; - } - - public void setLocale(Locale locale) { - this.locale = locale; - } - - public UriInfo getUriInfo() { - return uriInfo; - } - - public void setUriInfo(UriInfo uriInfo) { - this.uriInfo = uriInfo; - } - - /** - * Returns list of certs meeting specified search filter. - * Currently, vlv searches are not used for certs. - * - * @param filter - * @param maxResults - * @param maxTime - * @param uriInfo - * @return - * @throws EBaseException - */ - public CertDataInfos listCerts(String filter, int maxResults, int maxTime) - throws EBaseException { - List<CertDataInfo> list = new ArrayList<CertDataInfo>(); - Enumeration<ICertRecord> e = null; - - e = repo.searchCertificates(filter, maxResults, maxTime); - if (e == null) { - throw new EBaseException("search results are null"); - } - - while (e.hasMoreElements()) { - ICertRecord rec = e.nextElement(); - if (rec != null) { - list.add(createCertDataInfo(rec)); - } - } - - CertDataInfos ret = new CertDataInfos(); - ret.setCertInfos(list); - - return ret; - } - - public CertificateData getCert(CertRetrievalRequestData data) throws EBaseException, CertificateEncodingException { - - CertId certId = data.getCertId(); - - //find the cert in question - ICertRecord record = repo.readCertificateRecord(certId.toBigInteger()); - X509CertImpl cert = record.getCertificate(); - - CertificateData certData = new CertificateData(); - - certData.setSerialNumber(certId); - - Principal issuerDN = cert.getIssuerDN(); - if (issuerDN != null) certData.setIssuerDN(issuerDN.toString()); - - Principal subjectDN = cert.getSubjectDN(); - if (subjectDN != null) certData.setSubjectDN(subjectDN.toString()); - - String base64 = CMS.getEncodedCert(cert); - certData.setEncoded(base64); - - ICertPrettyPrint print = CMS.getCertPrettyPrint(cert); - certData.setPrettyPrint(print.toString(locale)); - - String p7Str = getCertChainData(cert); - certData.setPkcs7CertChain(p7Str); - - Date notBefore = cert.getNotBefore(); - if (notBefore != null) certData.setNotBefore(notBefore.toString()); - - Date notAfter = cert.getNotAfter(); - if (notAfter != null) certData.setNotAfter(notAfter.toString()); - - certData.setStatus(record.getStatus()); - - URI uri = uriInfo.getBaseUriBuilder().path(CertResource.class).path("{id}").build(certId.toHexString()); - certData.setLink(new Link("self", uri)); - - return certData; - } - - private CertDataInfo createCertDataInfo(ICertRecord record) throws EBaseException { - - CertDataInfo info = new CertDataInfo(); - - CertId id = new CertId(record.getSerialNumber()); - info.setID(id); - - X509Certificate cert = record.getCertificate(); - info.setSubjectDN(cert.getSubjectDN().toString()); - - info.setStatus(record.getStatus()); - - URI uri = uriInfo.getBaseUriBuilder().path(CertResource.class).path("{id}").build(id.toHexString()); - info.setLink(new Link("self", uri)); - - return info; - } - - private String getCertChainData(X509CertImpl x509cert) { - - X509Certificate mCACerts[]; - - if (x509cert == null) { - return null; - } - - try { - mCACerts = ca.getCACertChain().getChain(); - } catch (Exception e) { - mCACerts = null; - } - - X509CertImpl[] certsInChain = new X509CertImpl[1]; - ; - - int mCACertsLength = 0; - boolean certAlreadyInChain = false; - int certsInChainLength = 0; - if (mCACerts != null) { - mCACertsLength = mCACerts.length; - for (int i = 0; i < mCACertsLength; i++) { - if (x509cert.equals(mCACerts[i])) { - certAlreadyInChain = true; - break; - } - } - - if (certAlreadyInChain == true) { - certsInChainLength = mCACertsLength; - } else { - certsInChainLength = mCACertsLength + 1; - } - - certsInChain = new X509CertImpl[certsInChainLength]; - - } - - certsInChain[0] = x509cert; - - if (mCACerts != null) { - int curCount = 1; - for (int i = 0; i < mCACertsLength; i++) { - if (!x509cert.equals(mCACerts[i])) { - certsInChain[curCount] = (X509CertImpl) mCACerts[i]; - curCount++; - } - - } - } - - String p7Str; - - try { - PKCS7 p7 = new PKCS7(new AlgorithmId[0], - new ContentInfo(new byte[0]), - certsInChain, - new SignerInfo[0]); - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - - p7.encodeSignedData(bos, false); - byte[] p7Bytes = bos.toByteArray(); - - p7Str = Utils.base64encode(p7Bytes); - } catch (Exception e) { - p7Str = null; - } - - return p7Str; - } -} diff --git a/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java b/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java index 75fb886df..560d7f9f8 100644 --- a/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java +++ b/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java @@ -19,19 +19,31 @@ package com.netscape.cms.servlet.key; +import java.math.BigInteger; +import java.util.ArrayList; +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.List; + +import javax.ws.rs.Path; import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; +import javax.ws.rs.core.UriBuilder; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.dbs.keydb.IKeyRecord; +import com.netscape.certsrv.dbs.keydb.IKeyRepository; import com.netscape.certsrv.dbs.keydb.KeyId; +import com.netscape.certsrv.kra.IKeyRecoveryAuthority; import com.netscape.certsrv.request.IRequest; +import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.base.CMSResourceService; -import com.netscape.cms.servlet.key.model.KeyDAO; import com.netscape.cms.servlet.key.model.KeyData; +import com.netscape.cms.servlet.key.model.KeyDataInfo; import com.netscape.cms.servlet.key.model.KeyDataInfos; import com.netscape.cms.servlet.request.model.KeyRequestDAO; import com.netscape.cms.servlet.request.model.KeyRequestInfo; @@ -44,6 +56,16 @@ import com.netscape.cmsutil.ldap.LDAPUtil; */ public class KeyResourceService extends CMSResourceService implements KeyResource{ + private IKeyRepository repo; + private IKeyRecoveryAuthority kra; + private IRequestQueue queue; + + public KeyResourceService() { + kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( "kra" ); + repo = kra.getKeyRepository(); + queue = kra.getRequestQueue(); + } + /** * Used to retrieve a key * @param data @@ -52,12 +74,10 @@ public class KeyResourceService extends CMSResourceService implements KeyResourc public KeyData retrieveKey(RecoveryRequestData data) { // auth and authz KeyId keyId = validateRequest(data); - KeyDAO dao = new KeyDAO(); KeyData keyData; try { - keyData = dao.getKey(keyId, data); + keyData = getKey(keyId, data); } catch (EBaseException e) { - // log error e.printStackTrace(); throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); } @@ -74,6 +94,104 @@ public class KeyResourceService extends CMSResourceService implements KeyResourc return retrieveKey(data); } + public KeyData getKey(KeyId keyId, RecoveryRequestData data) throws EBaseException { + KeyData keyData; + + RequestId rId = data.getRequestId(); + + String transWrappedSessionKey; + String sessionWrappedPassphrase; + + IRequest request = queue.findRequest(rId); + + if (request == null) { + return null; + } + + // get wrapped key + IKeyRecord rec = repo.readKeyRecord(keyId.toBigInteger()); + if (rec == null) { + return null; + } + + Hashtable<String, Object> requestParams = kra.getVolatileRequest( + request.getRequestId()); + + if(requestParams == null) { + throw new EBaseException("Can't obtain Volatile requestParams in getKey!"); + } + + String sessWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_SESS_WRAPPED_DATA); + String passWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_PASS_WRAPPED_DATA); + String nonceData = (String) requestParams.get(IRequest.SECURITY_DATA_IV_STRING_OUT); + + if (sessWrappedKeyData != null || passWrappedKeyData != null) { + //The recovery process has already placed a valid recovery + //package, either session key wrapped or pass wrapped, into the request. + //Request already has been processed. + keyData = new KeyData(); + + } else { + // The request has not yet been processed, let's see if the RecoveryRequestData contains + // the info now needed to process the recovery request. + + transWrappedSessionKey = data.getTransWrappedSessionKey(); + sessionWrappedPassphrase = data.getSessionWrappedPassphrase(); + nonceData = data.getNonceData(); + + if (transWrappedSessionKey == null) { + //There must be at least a transWrappedSessionKey input provided. + //The command AND the request have provided insufficient data, end of the line. + throw new EBaseException("Can't retrieve key, insufficient input data!"); + } + + if (sessionWrappedPassphrase != null) { + requestParams.put(IRequest.SECURITY_DATA_SESS_PASS_PHRASE, sessionWrappedPassphrase); + } + + if (transWrappedSessionKey != null) { + requestParams.put(IRequest.SECURITY_DATA_TRANS_SESS_KEY, transWrappedSessionKey); + } + + if (nonceData != null) { + requestParams.put(IRequest.SECURITY_DATA_IV_STRING_IN, nonceData); + } + + try { + // Has to be in this state or it won't go anywhere. + request.setRequestStatus(RequestStatus.BEGIN); + queue.processRequest(request); + } catch (EBaseException e) { + kra.destroyVolatileRequest(request.getRequestId()); + throw new EBaseException(e.toString()); + } + + nonceData = null; + keyData = new KeyData(); + + sessWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_SESS_WRAPPED_DATA); + passWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_PASS_WRAPPED_DATA); + nonceData = (String) requestParams.get(IRequest.SECURITY_DATA_IV_STRING_OUT); + + } + + if (sessWrappedKeyData != null) { + keyData.setWrappedPrivateData(sessWrappedKeyData); + } + if (passWrappedKeyData != null) { + keyData.setWrappedPrivateData(passWrappedKeyData); + } + if (nonceData != null) { + keyData.setNonceData(nonceData); + } + + kra.destroyVolatileRequest(request.getRequestId()); + + queue.markAsServiced(request); + + return keyData; + } + private KeyId validateRequest(RecoveryRequestData data) { // confirm request exists @@ -134,10 +252,24 @@ public class KeyResourceService extends CMSResourceService implements KeyResourc String filter = createSearchFilter(status, clientID); CMS.debug("listKeys: filter is " + filter); - KeyDAO dao = new KeyDAO(); - KeyDataInfos infos; + KeyDataInfos infos = new KeyDataInfos(); try { - infos = dao.listKeys(filter, maxResults, maxTime, uriInfo); + List <KeyDataInfo> list = new ArrayList<KeyDataInfo>(); + Enumeration<IKeyRecord> e = null; + + e = repo.searchKeys(filter, maxResults, maxTime); + if (e == null) { + throw new EBaseException("search results are null"); + } + + while (e.hasMoreElements()) { + IKeyRecord rec = e.nextElement(); + if (rec != null) { + list.add(createKeyDataInfo(rec)); + } + } + + infos.setKeyInfos(list); } catch (EBaseException e) { e.printStackTrace(); throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); @@ -145,6 +277,20 @@ public class KeyResourceService extends CMSResourceService implements KeyResourc return infos; } + + public KeyDataInfo createKeyDataInfo(IKeyRecord rec) throws EBaseException { + KeyDataInfo ret = new KeyDataInfo(); + + Path keyPath = KeyResource.class.getAnnotation(Path.class); + BigInteger serial = rec.getSerialNumber(); + + UriBuilder keyBuilder = uriInfo.getBaseUriBuilder(); + keyBuilder.path(keyPath.value() + "/" + serial); + ret.setKeyURL(keyBuilder.build().toString()); + + return ret; + } + private String createSearchFilter(String status, String clientID) { String filter = ""; int matches = 0; @@ -170,5 +316,4 @@ public class KeyResourceService extends CMSResourceService implements KeyResourc return filter; } - } diff --git a/base/common/src/com/netscape/cms/servlet/key/model/KeyDAO.java b/base/common/src/com/netscape/cms/servlet/key/model/KeyDAO.java deleted file mode 100644 index c34c1752f..000000000 --- a/base/common/src/com/netscape/cms/servlet/key/model/KeyDAO.java +++ /dev/null @@ -1,202 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2011 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key.model; - -import java.math.BigInteger; -import java.util.ArrayList; -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.List; - -import javax.ws.rs.Path; -import javax.ws.rs.core.UriBuilder; -import javax.ws.rs.core.UriInfo; -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.dbs.keydb.IKeyRecord; -import com.netscape.certsrv.dbs.keydb.IKeyRepository; -import com.netscape.certsrv.dbs.keydb.KeyId; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.request.IRequest; -import com.netscape.certsrv.request.IRequestQueue; -import com.netscape.certsrv.request.RequestId; -import com.netscape.certsrv.request.RequestStatus; -import com.netscape.cms.servlet.key.KeyResource; -import com.netscape.cms.servlet.request.model.RecoveryRequestData; - -/** - * @author alee - * - */ -public class KeyDAO { - - private IKeyRepository repo; - private IKeyRecoveryAuthority kra; - private IRequestQueue queue; - - public KeyDAO() { - kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( "kra" ); - repo = kra.getKeyRepository(); - queue = kra.getRequestQueue(); - } - /** - * Returns list of keys meeting specified search filter. - * Currently, vlv searches are not used for keys. - * - * @param filter - * @param maxResults - * @param maxTime - * @param uriInfo - * @return - * @throws EBaseException - */ - public KeyDataInfos listKeys(String filter, int maxResults, int maxTime, UriInfo uriInfo) - throws EBaseException { - List <KeyDataInfo> list = new ArrayList<KeyDataInfo>(); - Enumeration<IKeyRecord> e = null; - - e = repo.searchKeys(filter, maxResults, maxTime); - if (e == null) { - throw new EBaseException("search results are null"); - } - - while (e.hasMoreElements()) { - IKeyRecord rec = e.nextElement(); - if (rec != null) { - list.add(createKeyDataInfo(rec, uriInfo)); - } - } - - KeyDataInfos ret = new KeyDataInfos(); - ret.setKeyInfos(list); - - return ret; - } - - public KeyData getKey(KeyId keyId, RecoveryRequestData data) throws EBaseException { - KeyData keyData; - - RequestId rId = data.getRequestId(); - - String transWrappedSessionKey; - String sessionWrappedPassphrase; - - IRequest request = queue.findRequest(rId); - - if (request == null) { - return null; - } - - // get wrapped key - IKeyRecord rec = repo.readKeyRecord(keyId.toBigInteger()); - if (rec == null) { - return null; - } - - Hashtable<String, Object> requestParams = kra.getVolatileRequest( - request.getRequestId()); - - if(requestParams == null) { - throw new EBaseException("Can't obtain Volatile requestParams in KeyDAO.getKey!"); - } - - String sessWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_SESS_WRAPPED_DATA); - String passWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_PASS_WRAPPED_DATA); - String nonceData = (String) requestParams.get(IRequest.SECURITY_DATA_IV_STRING_OUT); - - if (sessWrappedKeyData != null || passWrappedKeyData != null) { - //The recovery process has already placed a valid recovery - //package, either session key wrapped or pass wrapped, into the request. - //Request already has been processed. - keyData = new KeyData(); - - } else { - // The request has not yet been processed, let's see if the RecoveryRequestData contains - // the info now needed to process the recovery request. - - transWrappedSessionKey = data.getTransWrappedSessionKey(); - sessionWrappedPassphrase = data.getSessionWrappedPassphrase(); - nonceData = data.getNonceData(); - - if (transWrappedSessionKey == null) { - //There must be at least a transWrappedSessionKey input provided. - //The command AND the request have provided insufficient data, end of the line. - throw new EBaseException("Can't retrieve key, insufficient input data!"); - } - - if (sessionWrappedPassphrase != null) { - requestParams.put(IRequest.SECURITY_DATA_SESS_PASS_PHRASE, sessionWrappedPassphrase); - } - - if (transWrappedSessionKey != null) { - requestParams.put(IRequest.SECURITY_DATA_TRANS_SESS_KEY, transWrappedSessionKey); - } - - if (nonceData != null) { - requestParams.put(IRequest.SECURITY_DATA_IV_STRING_IN, nonceData); - } - - try { - // Has to be in this state or it won't go anywhere. - request.setRequestStatus(RequestStatus.BEGIN); - queue.processRequest(request); - } catch (EBaseException e) { - kra.destroyVolatileRequest(request.getRequestId()); - throw new EBaseException(e.toString()); - } - - nonceData = null; - keyData = new KeyData(); - - sessWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_SESS_WRAPPED_DATA); - passWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_PASS_WRAPPED_DATA); - nonceData = (String) requestParams.get(IRequest.SECURITY_DATA_IV_STRING_OUT); - - } - - if (sessWrappedKeyData != null) { - keyData.setWrappedPrivateData(sessWrappedKeyData); - } - if (passWrappedKeyData != null) { - keyData.setWrappedPrivateData(passWrappedKeyData); - } - if (nonceData != null) { - keyData.setNonceData(nonceData); - } - - kra.destroyVolatileRequest(request.getRequestId()); - - queue.markAsServiced(request); - - return keyData; - } - - public KeyDataInfo createKeyDataInfo(IKeyRecord rec, UriInfo uriInfo) throws EBaseException { - KeyDataInfo ret = new KeyDataInfo(); - - Path keyPath = KeyResource.class.getAnnotation(Path.class); - BigInteger serial = rec.getSerialNumber(); - - UriBuilder keyBuilder = uriInfo.getBaseUriBuilder(); - keyBuilder.path(keyPath.value() + "/" + serial); - ret.setKeyURL(keyBuilder.build().toString()); - - return ret; - } - -} diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileResourceService.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileResourceService.java index 7e8a32424..c39125876 100644 --- a/base/common/src/com/netscape/cms/servlet/profile/ProfileResourceService.java +++ b/base/common/src/com/netscape/cms/servlet/profile/ProfileResourceService.java @@ -18,26 +18,186 @@ package com.netscape.cms.servlet.profile; +import java.util.ArrayList; +import java.util.Enumeration; +import java.util.List; +import java.util.Locale; + +import javax.ws.rs.Path; +import javax.ws.rs.core.UriBuilder; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.profile.EProfileException; +import com.netscape.certsrv.profile.IProfile; +import com.netscape.certsrv.profile.IProfileInput; +import com.netscape.certsrv.profile.IProfileSubsystem; import com.netscape.cms.servlet.base.CMSResourceService; -import com.netscape.cms.servlet.profile.model.ProfileDAO; import com.netscape.cms.servlet.profile.model.ProfileData; +import com.netscape.cms.servlet.profile.model.ProfileDataInfo; import com.netscape.cms.servlet.profile.model.ProfileDataInfos; +import com.netscape.cms.servlet.profile.model.ProfileInput; /** * @author alee * */ public class ProfileResourceService extends CMSResourceService implements ProfileResource { - @Override - public ProfileData retrieveProfile(String id) { + + private IProfileSubsystem ps = (IProfileSubsystem) CMS.getSubsystem(IProfileSubsystem.ID); + + public ProfileDataInfos listProfiles() { + List<ProfileDataInfo> list = new ArrayList<ProfileDataInfo>(); + ProfileDataInfos infos = new ProfileDataInfos(); + + if (ps == null) { + return null; + } + + Enumeration<String> profileIds = ps.getProfileIds(); + if (profileIds != null) { + while (profileIds.hasMoreElements()) { + String id = profileIds.nextElement(); + ProfileDataInfo info = null; + try { + info = createProfileDataInfo(id); + } catch (EBaseException e) { + continue; + } + + if (info != null) { + list.add(info); + } + } + } + + infos.setProfileInfos(list); + return infos; + } + + public ProfileData retrieveProfile(String profileId) throws ProfileNotFoundException { ProfileData data = null; - ProfileDAO dao = new ProfileDAO(); - data = dao.getProfile(id); + + if (ps == null) { + return null; + } + + Enumeration<String> profileIds = ps.getProfileIds(); + + IProfile profile = null; + if (profileIds != null) { + while (profileIds.hasMoreElements()) { + String id = profileIds.nextElement(); + + if (id.equals(profileId)) { + + try { + profile = ps.getProfile(profileId); + } catch (EProfileException e) { + e.printStackTrace(); + throw new ProfileNotFoundException(profileId); + } + break; + } + } + } + + if (profile == null) { + throw new ProfileNotFoundException(profileId); + } + + try { + data = createProfileData(profileId); + } catch (EBaseException e) { + e.printStackTrace(); + throw new ProfileNotFoundException(profileId); + } + return data; } - public ProfileDataInfos listProfiles() { - ProfileDAO dao = new ProfileDAO(); - return dao.listProfiles(uriInfo); + public ProfileData createProfileData(String profileId) throws EBaseException { + + IProfile profile; + + try { + profile = ps.getProfile(profileId); + } catch (EProfileException e) { + e.printStackTrace(); + throw new ProfileNotFoundException(profileId); + } + + ProfileData data = new ProfileData(); + + Locale locale = Locale.getDefault(); + String name = profile.getName(locale); + String desc = profile.getDescription(locale); + + data.setName(name); + data.setDescription(desc); + data.setIsEnabled(ps.isProfileEnable(profileId)); + data.setIsVisible(profile.isVisible()); + data.setEnabledBy(ps.getProfileEnableBy(profileId)); + data.setId(profileId); + + Enumeration<String> inputIds = profile.getProfileInputIds(); + + String inputName = null; + + if (inputIds != null) { + while (inputIds.hasMoreElements()) { + String inputId = inputIds.nextElement(); + IProfileInput profileInput = profile.getProfileInput(inputId); + + if (profileInput == null) { + continue; + } + inputName = profileInput.getName(locale); + + Enumeration<String> inputNames = profileInput.getValueNames(); + + ProfileInput input = data.addProfileInput(inputName); + + String curInputName = null; + while (inputNames.hasMoreElements()) { + curInputName = inputNames.nextElement(); + + if (curInputName != null && !curInputName.equals("")) { + input.setInputAttr(curInputName, ""); + } + + } + } + } + + return data; + + } + + public ProfileDataInfo createProfileDataInfo(String profileId) throws EBaseException { + + if (profileId == null) { + throw new EBaseException("Error creating ProfileDataInfo."); + } + ProfileDataInfo ret = null; + + IProfile profile = null; + + profile = ps.getProfile(profileId); + if (profile == null) { + return null; + } + + ret = new ProfileDataInfo(); + + ret.setProfileId(profileId); + + Path profilePath = ProfileResource.class.getAnnotation(Path.class); + + UriBuilder profileBuilder = uriInfo.getBaseUriBuilder(); + profileBuilder.path(profilePath.value() + "/" + profileId); + ret.setProfileURL(profileBuilder.build().toString()); + + return ret; } } diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileDAO.java b/base/common/src/com/netscape/cms/servlet/profile/model/ProfileDAO.java deleted file mode 100644 index 372570a53..000000000 --- a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileDAO.java +++ /dev/null @@ -1,214 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2011 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.profile.model; - -import java.util.ArrayList; -import java.util.Enumeration; -import java.util.List; -import java.util.Locale; - -import javax.ws.rs.Path; -import javax.ws.rs.core.UriBuilder; -import javax.ws.rs.core.UriInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.profile.IProfileSubsystem; -import com.netscape.cms.servlet.profile.ProfileNotFoundException; -import com.netscape.cms.servlet.profile.ProfileResource; - -/** - * @author alee - * - */ -public class ProfileDAO { - - private IProfileSubsystem ps; - - public ProfileDAO() { - ps = (IProfileSubsystem) CMS.getSubsystem(IProfileSubsystem.ID); - } - - /** - * Returns list of profiles - */ - - public ProfileDataInfos listProfiles(UriInfo uriInfo) - { - - List<ProfileDataInfo> list = new ArrayList<ProfileDataInfo>(); - ProfileDataInfos infos = new ProfileDataInfos(); - - if (ps == null) { - return null; - } - - Enumeration<String> profileIds = ps.getProfileIds(); - - if (profileIds != null) { - while (profileIds.hasMoreElements()) { - String id = profileIds.nextElement(); - ProfileDataInfo info = null; - try { - info = createProfileDataInfo(id, uriInfo); - } catch (EBaseException e) { - continue; - } - - if (info != null) { - list.add(info); - } - } - } - - infos.setProfileInfos(list); - - return infos; - } - - public ProfileData getProfile(String profileId) throws ProfileNotFoundException { - ProfileData data = null; - - if (ps == null) { - return null; - } - - Enumeration<String> profileIds = ps.getProfileIds(); - - IProfile profile = null; - if (profileIds != null) { - while (profileIds.hasMoreElements()) { - String id = profileIds.nextElement(); - - if (id.equals(profileId)) { - - try { - profile = ps.getProfile(profileId); - } catch (EProfileException e) { - e.printStackTrace(); - throw new ProfileNotFoundException(profileId); - } - break; - } - } - } - - if (profile == null) { - throw new ProfileNotFoundException(profileId); - } - - try { - data = createProfileData(profileId); - } catch (EBaseException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - throw new ProfileNotFoundException(profileId); - } - - return data; - } - - public ProfileData createProfileData(String profileId) throws EBaseException { - - IProfile profile; - - try { - profile = ps.getProfile(profileId); - } catch (EProfileException e) { - e.printStackTrace(); - throw new ProfileNotFoundException(profileId); - } - - ProfileData data = new ProfileData(); - - Locale locale = Locale.getDefault(); - String name = profile.getName(locale); - String desc = profile.getDescription(locale); - - data.setName(name); - data.setDescription(desc); - data.setIsEnabled(ps.isProfileEnable(profileId)); - data.setIsVisible(profile.isVisible()); - data.setEnabledBy(ps.getProfileEnableBy(profileId)); - data.setId(profileId); - - Enumeration<String> inputIds = profile.getProfileInputIds(); - - String inputName = null; - - if (inputIds != null) { - while (inputIds.hasMoreElements()) { - String inputId = inputIds.nextElement(); - IProfileInput profileInput = profile.getProfileInput(inputId); - - if (profileInput == null) { - continue; - } - inputName = profileInput.getName(locale); - - Enumeration<String> inputNames = profileInput.getValueNames(); - - ProfileInput input = data.addProfileInput(inputName); - - String curInputName = null; - while (inputNames.hasMoreElements()) { - curInputName = inputNames.nextElement(); - - if (curInputName != null && !curInputName.equals("")) { - input.setInputAttr(curInputName, ""); - } - - } - } - } - - return data; - - } - - public ProfileDataInfo createProfileDataInfo(String profileId, UriInfo uriInfo) throws EBaseException { - - if (profileId == null) { - throw new EBaseException("Error creating ProfileDataInfo."); - } - ProfileDataInfo ret = null; - - IProfile profile = null; - - profile = ps.getProfile(profileId); - if (profile == null) { - return null; - } - - ret = new ProfileDataInfo(); - - ret.setProfileId(profileId); - - Path profilePath = ProfileResource.class.getAnnotation(Path.class); - - UriBuilder profileBuilder = uriInfo.getBaseUriBuilder(); - profileBuilder.path(profilePath.value() + "/" + profileId); - ret.setProfileURL(profileBuilder.build().toString()); - - return ret; - } - -}
\ No newline at end of file diff --git a/base/common/src/com/netscape/cms/servlet/request/model/KeyRequestDAO.java b/base/common/src/com/netscape/cms/servlet/request/model/KeyRequestDAO.java index ac54d5cca..36a869aaf 100644 --- a/base/common/src/com/netscape/cms/servlet/request/model/KeyRequestDAO.java +++ b/base/common/src/com/netscape/cms/servlet/request/model/KeyRequestDAO.java @@ -19,6 +19,7 @@ package com.netscape.cms.servlet.request.model; import java.util.ArrayList; import java.util.Collection; +import java.util.Enumeration; import java.util.Hashtable; import java.util.List; @@ -28,6 +29,8 @@ import javax.ws.rs.core.UriInfo; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.dbs.keydb.IKeyRecord; +import com.netscape.certsrv.dbs.keydb.IKeyRepository; import com.netscape.certsrv.dbs.keydb.KeyId; import com.netscape.certsrv.kra.IKeyRecoveryAuthority; import com.netscape.certsrv.profile.IEnrollProfile; @@ -35,8 +38,6 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.key.KeyResource; -import com.netscape.cms.servlet.key.model.KeyDAO; -import com.netscape.cms.servlet.key.model.KeyDataInfos; import com.netscape.cms.servlet.request.KeyRequestResource; /** @@ -46,11 +47,15 @@ import com.netscape.cms.servlet.request.KeyRequestResource; public class KeyRequestDAO extends CMSRequestDAO { private static String REQUEST_ARCHIVE_OPTIONS = IEnrollProfile.REQUEST_ARCHIVE_OPTIONS; - public static final String ATTR_SERIALNO = "serialNumber"; + private IKeyRepository repo; + private IKeyRecoveryAuthority kra; + public KeyRequestDAO() { super("kra"); + kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( "kra" ); + repo = kra.getKeyRepository(); } /** @@ -154,7 +159,6 @@ public class KeyRequestDAO extends CMSRequestDAO { * @throws EBaseException */ public KeyRequestInfo submitRequest(RecoveryRequestData data, UriInfo uriInfo) throws EBaseException { - // set data using request.setExtData(field, data) String wrappedSessionKeyStr = data.getTransWrappedSessionKey(); @@ -237,31 +241,25 @@ public class KeyRequestDAO extends CMSRequestDAO { @Override public KeyRequestInfo createCMSRequestInfo(IRequest request, UriInfo uriInfo) { - return createKeyRequestInfo(request, uriInfo); - } //We only care if the key exists or not private boolean doesKeyExist(String clientId, String keyStatus, UriInfo uriInfo) { - boolean ret = false; String state = "active"; - - KeyDAO keys = new KeyDAO(); - - KeyDataInfos existingKeys; String filter = "(&(" + IRequest.SECURITY_DATA_CLIENT_ID + "=" + clientId + ")" + "(" + IRequest.SECURITY_DATA_STATUS + "=" + state + "))"; try { - existingKeys = keys.listKeys(filter, 1, 10, uriInfo); + Enumeration<IKeyRecord> existingKeys = null; - if (existingKeys != null && existingKeys.getKeyInfos().size() > 0) { - ret = true; + existingKeys = repo.searchKeys(filter, 1, 10); + if (existingKeys != null && existingKeys.hasMoreElements()) { + return true; } } catch (EBaseException e) { - ret = false; + return false; } - return ret; + return false; } } |