Add CAInfo resource

This resource (which will be accessed at /ca/rest/info) will initially return the mechanism for archival. This is needed by clients to know how to package secrets when archiving. We may add the transport cert later. Change-Id: Ib13d52344e38dc9b54c0d2a1645f1211dd84069b
author: Ade Lee <alee@redhat.com> 2017-04-07 16:52:31 -0400
committer: Ade Lee <alee@redhat.com> 2017-04-11 16:48:48 -0400
commit: 24d7e952e4f048fcb58dcd1b33009e92afde365d (patch)
tree: ae571f9cb0af0037ad7eeab754a1fd473705fbca /base
parent: 77d2064858e4623fa25f4986647f318d8bf8a6f7 (diff)
download: pki-24d7e952e4f048fcb58dcd1b33009e92afde365d.tar.gz
pki-24d7e952e4f048fcb58dcd1b33009e92afde365d.tar.xz
pki-24d7e952e4f048fcb58dcd1b33009e92afde365d.zip
5 files changed, 273 insertions, 0 deletions
diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java b/base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java
index ae18e0230..45881b9cf 100644
--- a/base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java
+++ b/base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java
@@ -9,6 +9,7 @@ import org.dogtagpki.server.rest.ACLInterceptor;
 import org.dogtagpki.server.rest.AccountService;
 import org.dogtagpki.server.rest.AuditService;
 import org.dogtagpki.server.rest.AuthMethodInterceptor;
+import org.dogtagpki.server.rest.CAInfoService;
 import org.dogtagpki.server.rest.FeatureService;
 import org.dogtagpki.server.rest.GroupService;
 import org.dogtagpki.server.rest.MessageFormatInterceptor;
@@ -65,6 +66,9 @@ public class CAApplication extends Application {
         // features
         classes.add(FeatureService.class);
 
+        // info service
+        classes.add(CAInfoService.class);
+
         // security domain
         IConfigStore cs = CMS.getConfigStore();
 
diff --git a/base/common/src/org/dogtagpki/common/CAInfo.java b/base/common/src/org/dogtagpki/common/CAInfo.java
new file mode 100644
index 000000000..89255ed1a
--- /dev/null
+++ b/base/common/src/org/dogtagpki/common/CAInfo.java
@@ -0,0 +1,119 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2017 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+package org.dogtagpki.common;
+
+import java.io.StringReader;
+import java.io.StringWriter;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.netscape.certsrv.base.ResourceMessage;
+
+/**
+ * @author Ade Lee
+ */
+@XmlRootElement(name="CAInfo")
+public class CAInfo extends ResourceMessage {
+
+    private static Logger logger = LoggerFactory.getLogger(Info.class);
+
+    public static Marshaller marshaller;
+    public static Unmarshaller unmarshaller;
+
+    static {
+        try {
+            marshaller = JAXBContext.newInstance(CAInfo.class).createMarshaller();
+            marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
+            unmarshaller = JAXBContext.newInstance(CAInfo.class).createUnmarshaller();
+        } catch (Exception e) {
+            logger.error(e.getMessage(), e);
+        }
+    }
+
+    String archivalMechanism;
+
+    @XmlElement(name="ArchivalMechanism")
+    public String getArchivalMechanism() {
+        return archivalMechanism;
+    }
+
+    public void setArchivalMechanism(String archivalMechanism) {
+        this.archivalMechanism = archivalMechanism;
+    }
+
+    @Override
+    public int hashCode() {
+        final int prime = 31;
+        int result = super.hashCode();
+        result = prime * result + ((archivalMechanism == null) ? 0 : archivalMechanism.hashCode());
+        return result;
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+        if (this == obj)
+            return true;
+        if (!super.equals(obj))
+            return false;
+        if (getClass() != obj.getClass())
+            return false;
+        CAInfo other = (CAInfo) obj;
+        if (archivalMechanism == null) {
+            if (other.archivalMechanism != null)
+                return false;
+        } else if (!archivalMechanism.equals(other.archivalMechanism))
+            return false;
+        return true;
+    }
+
+    public String toString() {
+        try {
+            StringWriter sw = new StringWriter();
+            marshaller.marshal(this, sw);
+            return sw.toString();
+
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    public static CAInfo valueOf(String string) throws Exception {
+        return (CAInfo)unmarshaller.unmarshal(new StringReader(string));
+    }
+
+    public static void main(String args[]) throws Exception {
+
+        CAInfo before = new CAInfo();
+        before.setArchivalMechanism("encrypt");
+
+        String string = before.toString();
+        System.out.println(string);
+
+        CAInfo after = CAInfo.valueOf(string);
+        System.out.println(before.equals(after));
+    }
+}
+
diff --git a/base/common/src/org/dogtagpki/common/CAInfoClient.java b/base/common/src/org/dogtagpki/common/CAInfoClient.java
new file mode 100644
index 000000000..859c829a0
--- /dev/null
+++ b/base/common/src/org/dogtagpki/common/CAInfoClient.java
@@ -0,0 +1,49 @@
+//--- BEGIN COPYRIGHT BLOCK ---
+//This program is free software; you can redistribute it and/or modify
+//it under the terms of the GNU General Public License as published by
+//the Free Software Foundation; version 2 of the License.
+//
+//This program is distributed in the hope that it will be useful,
+//but WITHOUT ANY WARRANTY; without even the implied warranty of
+//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//GNU General Public License for more details.
+//
+//You should have received a copy of the GNU General Public License along
+//with this program; if not, write to the Free Software Foundation, Inc.,
+//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+//(C) 2017 Red Hat, Inc.
+//All rights reserved.
+//--- END COPYRIGHT BLOCK ---
+
+package org.dogtagpki.common;
+
+import java.net.URISyntaxException;
+
+import javax.ws.rs.core.Response;
+
+import com.netscape.certsrv.client.Client;
+import com.netscape.certsrv.client.PKIClient;
+
+/**
+ * @author Ade Lee
+ */
+public class CAInfoClient extends Client {
+
+    public CAInfoResource resource;
+
+    public CAInfoClient(PKIClient client, String subsystem) throws URISyntaxException {
+        super(client, subsystem, "info");
+        init();
+    }
+
+    public void init() throws URISyntaxException {
+        resource = createProxy(CAInfoResource.class);
+    }
+
+    public CAInfo getInfo() throws Exception {
+        Response response = resource.getInfo();
+        return client.getEntity(response, CAInfo.class);
+    }
+}
+
diff --git a/base/common/src/org/dogtagpki/common/CAInfoResource.java b/base/common/src/org/dogtagpki/common/CAInfoResource.java
new file mode 100644
index 000000000..6c18cd575
--- /dev/null
+++ b/base/common/src/org/dogtagpki/common/CAInfoResource.java
@@ -0,0 +1,37 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2017 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+package org.dogtagpki.common;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Response;
+
+import org.jboss.resteasy.annotations.ClientResponseType;
+
+/**
+ * @author Ade Lee
+ */
+@Path("info")
+public interface CAInfoResource {
+
+    @GET
+    @ClientResponseType(entityType=CAInfo.class)
+    public Response getInfo() throws Exception;
+}
+
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/CAInfoService.java b/base/server/cms/src/org/dogtagpki/server/rest/CAInfoService.java
new file mode 100644
index 000000000..975ad61ac
--- /dev/null
+++ b/base/server/cms/src/org/dogtagpki/server/rest/CAInfoService.java
@@ -0,0 +1,64 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2017 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+package org.dogtagpki.server.rest;
+
+import javax.servlet.http.HttpSession;
+import javax.ws.rs.core.Response;
+
+import org.dogtagpki.common.CAInfo;
+import org.dogtagpki.common.CAInfoResource;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.cms.servlet.base.PKIService;
+
+/**
+ * @author Ade Lee
+ */
+public class CAInfoService extends PKIService implements CAInfoResource {
+
+    private static Logger logger = LoggerFactory.getLogger(InfoService.class);
+
+    @Override
+    public Response getInfo() throws Exception {
+
+        HttpSession session = servletRequest.getSession();
+        logger.debug("CAInfoService.getInfo(): session: " + session.getId());
+
+        CAInfo info = new CAInfo();
+        String archivalMechanism = getArchivalMechanism();
+
+        if (archivalMechanism != null)
+            info.setArchivalMechanism(getArchivalMechanism());
+
+        return createOKResponse(info);
+    }
+
+    String getArchivalMechanism() throws EBaseException {
+        IConfigStore cs = CMS.getConfigStore();
+        boolean kra_present = cs.getBoolean("ca.connector.KRA.enable", false);
+        if (!kra_present) return null;
+
+        boolean encrypt_archival = cs.getBoolean("kra.allowEncDecrypt.archival", false);
+        return encrypt_archival ? KRAInfoService.ENCRYPT_MECHANISM : KRAInfoService.KEYWRAP_MECHANISM;
+    }
+}
author	Ade Lee <alee@redhat.com>	2017-04-07 16:52:31 -0400
committer	Ade Lee <alee@redhat.com>	2017-04-11 16:48:48 -0400
commit	24d7e952e4f048fcb58dcd1b33009e92afde365d (patch)
tree	ae571f9cb0af0037ad7eeab754a1fd473705fbca /base
parent	77d2064858e4623fa25f4986647f318d8bf8a6f7 (diff)
download	pki-24d7e952e4f048fcb58dcd1b33009e92afde365d.tar.gz pki-24d7e952e4f048fcb58dcd1b33009e92afde365d.tar.xz pki-24d7e952e4f048fcb58dcd1b33009e92afde365d.zip