diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-03-24 02:27:47 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-03-26 11:43:54 -0500 |
commit | 621d9e5c413e561293d7484b93882d985b3fe15f (patch) | |
tree | 638f3d75761c121d9a8fb50b52a12a6686c5ac5c /pki/base/common/src/com/netscape/cms/servlet/key | |
parent | 40d3643b8d91886bf210aa27f711731c81a11e49 (diff) | |
download | pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.gz pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.xz pki-621d9e5c413e561293d7484b93882d985b3fe15f.zip |
Removed unnecessary pki folder.
Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.
Ticket #131
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/key')
22 files changed, 0 insertions, 4274 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java deleted file mode 100644 index 59b01f26a..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java +++ /dev/null @@ -1,187 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.math.BigInteger; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.dbs.keydb.IKeyRecord; -import com.netscape.certsrv.dbs.keydb.IKeyRepository; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.kra.IKeyService; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * A class representing a recoverKey servlet. This servlet - * shows key information and presents a list of text boxes - * so that recovery agents can type in their identifiers - * and passwords. - * - * @version $Revision$, $Date$ - */ -public class ConfirmRecoverBySerial extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = 2221819191344494389L; - private final static String INFO = "recoverBySerial"; - private final static String TPL_FILE = - "confirmRecoverBySerial.template"; - - private final static String IN_SERIALNO = "serialNumber"; - private final static String OUT_SERIALNO = IN_SERIALNO; - private final static String OUT_OP = "op"; - private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_M = "noOfRequiredAgents"; - private final static String OUT_ERROR = "errorDetails"; - - private IKeyRepository mKeyDB = null; - private IKeyService mRecoveryService = null; - private String mFormPath = null; - - /** - * Constructs ConfirmRecoverBySerial servlet. - */ - public ConfirmRecoverBySerial() { - super(); - } - - /** - * Initializes the servlet. - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - mRecoveryService = (IKeyService) mAuthority; - mKeyDB = ((IKeyRecoveryAuthority) mAuthority).getKeyRepository(); - - mTemplates.remove(CMSRequest.SUCCESS); - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Serves HTTP request. The format of this request is - * as follows: - * confirmRecoverBySerial? - * [serialNumber=<serialno>] - */ - public void process(CMSRequest cmsReq) throws EBaseException { - - // Note that we should try to handle all the exceptions - // instead of passing it up back to the servlet - // framework. - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - - authenticate(cmsReq); - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - IArgBlock header = CMS.createArgBlock(); - IArgBlock fixed = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - - BigInteger seqNum = BigInteger.ZERO; - - try { - if (req.getParameter(IN_SERIALNO) != null) { - seqNum = new BigInteger(req.getParameter(IN_SERIALNO)); - } - - // make sure this page, which contains password - // information, is not cache. Too bad, this is - // only good for NS browser, not IE specifically. - resp.setHeader("pragma", "no-cache"); - - process(argSet, header, seqNum, req, resp, locale[0]); - } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); - } - - try { - ServletOutputStream out = resp.getOutputStream(); - - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - cmsReq.setStatus(CMSRequest.SUCCESS); - } - - /** - * Requests for a list of agent passwords. - */ - private void process(CMSTemplateParams argSet, - IArgBlock header, BigInteger seq, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { - try { - header.addBigIntegerValue(OUT_SERIALNO, seq, 10); - header.addIntegerValue(OUT_M, - mRecoveryService.getNoOfRequiredAgents()); - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - - IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(seq); - - KeyRecordParser.fillRecordIntoArg(rec, header); - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale)); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java deleted file mode 100644 index 8876d9350..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java +++ /dev/null @@ -1,194 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.math.BigInteger; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.dbs.keydb.IKeyRecord; -import com.netscape.certsrv.dbs.keydb.IKeyRepository; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * Display a specific Key Archival Request - * <P> - * - * @version $Revision$, $Date$ - */ -public class DisplayBySerial extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = -537957487396615246L; - private final static String INFO = "displayBySerial"; - private final static String TPL_FILE = "displayBySerial.template"; - - private final static String IN_SERIALNO = "serialNumber"; - private final static String OUT_OP = "op"; - private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_ERROR = "errorDetails"; - - private IKeyRepository mKeyDB = null; - private String mFormPath = null; - - /** - * Constructs displayBySerial servlet. - */ - public DisplayBySerial() { - super(); - } - - /** - * initialize the servlet. This servlet uses the template file - * "displayBySerial.template" to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - mKeyDB = ((IKeyRecoveryAuthority) mAuthority).getKeyRepository(); - - mTemplates.remove(CMSRequest.SUCCESS); - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param serialNumber serial number of the key archival request - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - // Note that we should try to handle all the exceptions - // instead of passing it up back to the servlet - // framework. - - IArgBlock header = CMS.createArgBlock(); - IArgBlock fixed = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - BigInteger seqNum = BigInteger.ZERO; - - try { - if (req.getParameter(IN_SERIALNO) != null) { - seqNum = new BigInteger(req.getParameter(IN_SERIALNO)); - } - process(argSet, header, seqNum, req, resp, locale[0]); - } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); - } - - try { - ServletOutputStream out = resp.getOutputStream(); - - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - } - - /** - * Display information about a particular key. - */ - private void process(CMSTemplateParams argSet, - IArgBlock header, BigInteger seq, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { - try { - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(seq); - - KeyRecordParser.fillRecordIntoArg(rec, header); - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale)); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java deleted file mode 100644 index 29cc2b3b3..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java +++ /dev/null @@ -1,213 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.math.BigInteger; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.dbs.keydb.IKeyRecord; -import com.netscape.certsrv.dbs.keydb.IKeyRepository; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.kra.IKeyService; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * Display a Specific Key Archival Request, and initiate - * key recovery process - * - * @version $Revision$, $Date$ - */ -public class DisplayBySerialForRecovery extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = 6876016034084761827L; - private final static String INFO = "displayBySerial"; - private final static String TPL_FILE = "displayBySerialForRecovery.template"; - - private final static String IN_SERIALNO = "serialNumber"; - private final static String OUT_OP = "op"; - private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_ERROR = "errorDetails"; - - private IKeyRepository mKeyDB = null; - private String mFormPath = null; - private IKeyService mService = null; - - /** - * Constructor - */ - public DisplayBySerialForRecovery() { - super(); - } - - /** - * initialize the servlet. This servlet uses the template file - * "displayBySerialForRecovery.template" to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mFormPath = "/agent/" + mAuthority.getId() + "/" + TPL_FILE; - mKeyDB = ((IKeyRecoveryAuthority) mAuthority).getKeyRepository(); - mService = (IKeyService) mAuthority; - - mTemplates.remove(CMSRequest.SUCCESS); - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param serialNumber request ID of key archival request - * <li>http.param publicKeyData - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - // Note that we should try to handle all the exceptions - // instead of passing it up back to the servlet - // framework. - - IArgBlock header = CMS.createArgBlock(); - IArgBlock fixed = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - - BigInteger seqNum = BigInteger.ZERO; - - try { - if (req.getParameter(IN_SERIALNO) != null) { - seqNum = new BigInteger(req.getParameter(IN_SERIALNO)); - } - process(argSet, header, - req.getParameter("publicKeyData"), - seqNum, req, resp, locale[0]); - } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); - } catch (Exception e) { - e.printStackTrace(); - System.out.println(e.toString()); - } - try { - ServletOutputStream out = resp.getOutputStream(); - - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - cmsReq.setStatus(CMSRequest.SUCCESS); - } - - /** - * Display information about a particular key. - */ - private synchronized void process(CMSTemplateParams argSet, - IArgBlock header, String publicKeyData, BigInteger seq, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { - try { - header.addIntegerValue("noOfRequiredAgents", - mService.getNoOfRequiredAgents()); - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue("keySplitting", - CMS.getConfigStore().getString("kra.keySplitting")); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - if (publicKeyData != null) { - header.addStringValue("publicKeyData", - publicKeyData); - } - IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(seq); - - KeyRecordParser.fillRecordIntoArg(rec, header); - - // recovery identifier - header.addStringValue("recoveryID", mService.getRecoveryID()); - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale)); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java deleted file mode 100644 index dd224cc8a..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java +++ /dev/null @@ -1,125 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.security.ITransportKeyUnit; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * Retrieve Transport Certificate used to - * wrap Private key Archival requests - * - * @version $Revision$, $Date$ - */ -public class DisplayTransport extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = -6509083753395783705L; - private final static String INFO = "displayTransport"; - - /** - * Constructs displayTransport servlet. - */ - public DisplayTransport() { - super(); - } - - /** - * Initializes the servlet. - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mTemplates.remove(CMSRequest.SUCCESS); - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Process the HTTP request. - * - * @param cmsReq the object holding the request and response information - */ - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletResponse resp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); - } catch (Exception e) { - // do nothing for now - } - - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - try { - IKeyRecoveryAuthority kra = - (IKeyRecoveryAuthority) mAuthority; - ITransportKeyUnit tu = kra.getTransportKeyUnit(); - org.mozilla.jss.crypto.X509Certificate transportCert = - tu.getCertificate(); - - resp.setStatus(HttpServletResponse.SC_OK); - resp.setContentType("text/html"); - String content = ""; - - content += "<HTML><PRE>"; - String mime64 = - "-----BEGIN CERTIFICATE-----\n" + - CMS.BtoA(transportCert.getEncoded()) + - "-----END CERTIFICATE-----\n"; - - content += mime64; - content += "</PRE></HTML>"; - resp.setContentType("text/html"); - resp.getOutputStream().write(content.getBytes()); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - cmsReq.setStatus(CMSRequest.SUCCESS); - } -} diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java deleted file mode 100644 index cd440da08..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java +++ /dev/null @@ -1,249 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.math.BigInteger; -import java.util.Hashtable; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.dbs.keydb.IKeyRecord; -import com.netscape.certsrv.dbs.keydb.IKeyRepository; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.kra.IKeyService; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * View the Key Recovery Request - * - * @version $Revision$, $Date$ - */ -public class ExamineRecovery extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = -953282265332774966L; - private final static String INFO = "examineRecovery"; - private final static String TPL_FILE = "examineRecovery.template"; - - private final static String IN_SERIALNO = "serialNumber"; - private final static String IN_UID = "uid"; - private final static String IN_PWD = "pwd"; - private final static String IN_PASSWORD = "p12Password"; - private final static String IN_DELIVERY = "p12Delivery"; - private final static String IN_CERT = "cert"; - - private final static String OUT_OP = "op"; - private final static String OUT_SERIALNO = IN_SERIALNO; - private final static String OUT_RECOVERY_SUCCESS = "recoverySuccess"; - private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_ERROR = "errorDetails"; - - private IKeyService mService = null; - private String mFormPath = null; - - /** - * Constructs EA servlet. - */ - public ExamineRecovery() { - super(); - } - - /** - * Initializes the servlet. - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mService = (IKeyService) mAuthority; - mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - - mTemplates.remove(CMSRequest.SUCCESS); - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param recoveryID recovery request ID - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - IArgBlock header = CMS.createArgBlock(); - IArgBlock fixed = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - - EBaseException error = null; - - try { - process(argSet, header, - req.getParameter("recoveryID"), - req, resp, locale[0]); - } catch (EBaseException e) { - error = e; - } catch (Exception e) { - error = new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); - } - - /* - catch (NumberFormatException e) { - error = eBaseException( - - header.addStringValue(OUT_ERROR, - MessageFormatter.getLocalizedString( - locale[0], - BaseResources.class.getName(), - BaseResources.INTERNAL_ERROR_1, - e.toString())); - } - */ - - try { - if (error == null) { - String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - ServletOutputStream out = resp.getOutputStream(); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } - } else { - cmsReq.setStatus(CMSRequest.ERROR); - cmsReq.setError(error); - } - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - } - - /** - * Recovers a key. The p12 will be protected by the password - * provided by the administrator. - */ - private void process(CMSTemplateParams argSet, - IArgBlock header, String recoveryID, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) - throws EBaseException { - try { - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - header.addStringValue("keySplitting", - CMS.getConfigStore().getString("kra.keySplitting")); - Hashtable<String, Object> params = mService.getRecoveryParams( - recoveryID); - - if (params == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); - } - String keyID = (String) params.get("keyID"); - header.addStringValue("serialNumber", keyID); - header.addStringValue("recoveryID", recoveryID); - - IKeyRepository mKeyDB = - ((IKeyRecoveryAuthority) mAuthority).getKeyRepository(); - IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new - BigInteger(keyID)); - KeyRecordParser.fillRecordIntoArg(rec, header); - - } catch (EBaseException e) { - log(ILogger.LL_FAILURE, "Error e " + e); - throw e; - } - - /* - catch (Exception e) { - header.addStringValue(OUT_ERROR, e.toString()); - } - */ - } -} diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java deleted file mode 100644 index 55d79b1ab..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java +++ /dev/null @@ -1,235 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Locale; -import java.util.Vector; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authority.IAuthority; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.security.Credential; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * Check to see if a Key Recovery Request has been approved - * - * @version $Revision$, $Date$ - */ -public class GetApprovalStatus extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = -8257339915430654983L; - private final static String INFO = "getApprovalStatus"; - private final static String TPL_FILE = "getApprovalStatus.template"; - private final static String TPL_FINISH = "finishRecovery.template"; - - private final static String IN_DELIVERY = "p12Delivery"; - - private final static String OUT_RECOVERY_SUCCESS = "recoverySuccess"; - private final static String OUT_ERROR = "errorDetails"; - private final static String OUT_STATUS = "status"; - - private com.netscape.certsrv.kra.IKeyService mService = null; - private String mFormPath = null; - - /** - * Constructs getApprovalStatus servlet. - */ - public GetApprovalStatus() { - super(); - } - - /** - * initialize the servlet. This servlet uses the template files - * "getApprovalStatus.template" and "finishRecovery.template" - * to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - // mFormPath = "/"+authority.getId()+"/"+TPL_FILE; - mService = (com.netscape.certsrv.kra.IKeyService) mAuthority; - - mTemplates.remove(CMSRequest.SUCCESS); - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param recoveryID request ID to check - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); - } catch (Exception e) { - // do nothing for now - } - - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - cmsReq.setStatus(CMSRequest.SUCCESS); - IArgBlock header = CMS.createArgBlock(); - IArgBlock fixed = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - int rComplete = 0; - - // get status and populate argSet - try { - String recoveryID = req.getParameter("recoveryID"); - - header.addStringValue("recoveryID", recoveryID); - - Hashtable<String, Object> params = mService.getRecoveryParams(recoveryID); - - if (params == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); - } - header.addStringValue("serialNumber", - (String) params.get("keyID")); - - int requiredNumber = mService.getNoOfRequiredAgents(); - - header.addIntegerValue("noOfRequiredAgents", requiredNumber); - - Vector<Credential> dc = ((IKeyRecoveryAuthority) mService).getAppAgents(recoveryID); - Enumeration<Credential> agents = dc.elements(); - - while (agents.hasMoreElements()) { - IArgBlock rarg = CMS.createArgBlock(); - - rarg.addStringValue("agentName", agents.nextElement().getIdentifier()); - argSet.addRepeatRecord(rarg); - } - if (dc.size() >= requiredNumber) { - // got all approval, return pk12 - byte pkcs12[] = ((IKeyRecoveryAuthority) mService).getPk12(recoveryID); - - if (pkcs12 != null) { - rComplete = 1; - header.addStringValue(OUT_STATUS, "complete"); - - /* - mService.destroyRecoveryParams(recoveryID); - try { - resp.setContentType("application/x-pkcs12"); - resp.getOutputStream().write(pkcs12); - return; - } catch (IOException e) { - header.addStringValue(OUT_ERROR, - MessageFormatter.getLocalizedString( - locale[0], - BaseResources.class.getName(), - BaseResources.INTERNAL_ERROR_1, - e.toString())); - } - */ - } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) { - // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService).getError(recoveryID)); - rComplete = 1; - } else { - // pk12 hasn't been created yet. - } - } - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale[0])); - rComplete = 1; - } - - try { - if (rComplete == 1) { - mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FINISH; - } else { - mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FILE; - } - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - ServletOutputStream out = resp.getOutputStream(); - - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - cmsReq.setStatus(CMSRequest.SUCCESS); - } -} diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java deleted file mode 100644 index 9d67cab8d..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java +++ /dev/null @@ -1,266 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.base.SessionContext; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * Get the recovered key in PKCS#12 format - * - for asynchronous key recovery only - * - */ -public class GetAsyncPk12 extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = 6933634840339605800L; - - private final static String INFO = "getAsyncPk12"; - - private final static String TPL_FILE = "finishAsyncRecovery.template"; - - private final static String IN_PASSWORD = "p12Password"; - private final static String IN_PASSWORD_AGAIN = "p12PasswordAgain"; - private final static String OUT_RECOVERY_SUCCESS = "recoverySuccess"; - private final static String OUT_ERROR = "errorDetails"; - - private com.netscape.certsrv.kra.IKeyService mService = null; - private final static String OUT_STATUS = "status"; - - private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; - - private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; - - private String mFormPath = null; - - /** - * Constructs getAsyncPk12 servlet. - */ - public GetAsyncPk12() { - super(); - } - - /** - * initialize the servlet. This servlet uses the template file - * "finishAsyncRecovery.template" to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mFormPath = "/agent/" + mAuthority.getId() + "/" + TPL_FILE; - mService = (com.netscape.certsrv.kra.IKeyService) mAuthority; - - mTemplates.remove(CMSRequest.SUCCESS); - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param reqID request id for recovery - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - String auditMessage = null; - String agent = null; - String reqID = null; - - IAuthToken authToken = authenticate(cmsReq); - - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "download"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - cmsReq.setStatus(CMSRequest.SUCCESS); - IArgBlock header = CMS.createArgBlock(); - IArgBlock fixed = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - - // get status and populate argSet - try { - reqID = req.getParameter("reqID"); - header.addStringValue("reqID", reqID); - - // only the init DRM agent can get the pkcs12 - SessionContext sContext = SessionContext.getContext(); - - if (sContext != null) { - agent = (String) sContext.get(SessionContext.USER_ID); - } - - if (agent == null) { - CMS.debug("GetAsyncPk12::process() - agent is null!"); - throw new EBaseException("agent is null"); - } - - String initAgent = "undefined"; - initAgent = mService.getInitAgentAsyncKeyRecovery(reqID); - - if ((initAgent.equals("undefined")) || !agent.equals(initAgent)) { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_INVALID_AGENT_ASYNC_3", - reqID, initAgent)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_AGENT_ASYNC", - reqID, initAgent)); - } - - // The async recovery request must be in "approved" state - // i.e. all required # of recovery agents approved - if (mService.isApprovedAsyncKeyRecovery(reqID) != true) { - CMS.debug("GetAsyncPk12::process() - # required recovery agents not met"); - throw new EBaseException("# required recovery agents not met"); - } - - String password = req.getParameter(IN_PASSWORD); - String passwordAgain = req.getParameter(IN_PASSWORD_AGAIN); - - if (password == null || password.equals("")) { - header.addStringValue(OUT_ERROR, "PKCS12 password not found"); - throw new EBaseException("PKCS12 password not found"); - } - if (passwordAgain == null || !passwordAgain.equals(password)) { - header.addStringValue(OUT_ERROR, "PKCS12 password not matched"); - throw new EBaseException("PKCS12 password not matched"); - } - - // got all approval, return pk12 - byte pkcs12[] = mService.doKeyRecovery(reqID, password); - - if (pkcs12 != null) { - try { - resp.setContentType("application/x-pkcs12"); - resp.getOutputStream().write(pkcs12); - mRenderResult = false; - - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, - agent, - ILogger.SUCCESS, - reqID, - ""); - - audit(auditMessage); - - return; - } catch (IOException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); - } - } else if (((IKeyRecoveryAuthority) mService).getError(reqID) != null) { - // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService).getError(reqID)); - } else { - // pk12 hasn't been created yet. Shouldn't get here - } - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale[0])); - } - - if ((agent != null) && (reqID != null)) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, - agent, - ILogger.FAILURE, - reqID, - ""); - - audit(auditMessage); - } - - try { - ServletOutputStream out = resp.getOutputStream(); - - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - cmsReq.setStatus(CMSRequest.SUCCESS); - } -} diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java deleted file mode 100644 index 96fe7c85d..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java +++ /dev/null @@ -1,260 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.util.Hashtable; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.base.SessionContext; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * Get the recovered key in PKCS#12 format - * - * @version $Revision$, $Date$ - */ -public class GetPk12 extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = 8974964964333880697L; - - private final static String INFO = "getPk12"; - - private final static String TPL_FILE = "finishRecovery.template"; - - private final static String OUT_RECOVERY_SUCCESS = "recoverySuccess"; - private final static String OUT_ERROR = "errorDetails"; - - private com.netscape.certsrv.kra.IKeyService mService = null; - private final static String OUT_STATUS = "status"; - - private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; - - private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; - - private String mFormPath = null; - - /** - * Constructs getPk12 servlet. - */ - public GetPk12() { - super(); - } - - /** - * initialize the servlet. This servlet uses the template file - * "finishRecovery.template" to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mFormPath = "/agent/" + mAuthority.getId() + "/" + TPL_FILE; - mService = (com.netscape.certsrv.kra.IKeyService) mAuthority; - - mTemplates.remove(CMSRequest.SUCCESS); - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param recoveryID ID of request to recover - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - String auditMessage = null; - String recoveryID = null; - String agent = null; - - IAuthToken authToken = authenticate(cmsReq); - - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "download"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - cmsReq.setStatus(CMSRequest.SUCCESS); - IArgBlock header = CMS.createArgBlock(); - IArgBlock fixed = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - - // get status and populate argSet - try { - recoveryID = req.getParameter("recoveryID"); - - header.addStringValue("recoveryID", recoveryID); - - Hashtable<String, Object> params = mService.getRecoveryParams(recoveryID); - - if (params == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); - } - - // only the init DRM agent can get the pkcs12 - SessionContext sContext = SessionContext.getContext(); - if (sContext != null) { - agent = (String) sContext.get(SessionContext.USER_ID); - } - - if (agent == null) { - CMS.debug("GetPk12::process() - agent is null!"); - throw new EBaseException("agent is null"); - } - - String initAgent = (String) params.get("agent"); - - if (!agent.equals(initAgent)) { - log(ILogger.LL_SECURITY, - - CMS.getLogMessage("CMSGW_INVALID_AGENT_3", - recoveryID, - initAgent)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_AGENT", - agent, initAgent, recoveryID)); - } - - header.addStringValue("serialNumber", - (String) params.get("keyID")); - - // got all approval, return pk12 - byte pkcs12[] = ((IKeyRecoveryAuthority) mService).getPk12(recoveryID); - - if (pkcs12 != null) { - mService.destroyRecoveryParams(recoveryID); - try { - resp.setContentType("application/x-pkcs12"); - resp.getOutputStream().write(pkcs12); - mRenderResult = false; - - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, - agent, - ILogger.SUCCESS, - recoveryID, - ""); - - audit(auditMessage); - - return; - } catch (IOException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); - } - } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) { - // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService).getError(recoveryID)); - } else { - // pk12 hasn't been created yet. Shouldn't get here - } - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale[0])); - } - - if ((agent != null) && (recoveryID != null)) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, - agent, - ILogger.FAILURE, - recoveryID, - ""); - - audit(auditMessage); - } - - try { - ServletOutputStream out = resp.getOutputStream(); - - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - cmsReq.setStatus(CMSRequest.SUCCESS); - } -} diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java deleted file mode 100644 index 7c0c0cb1c..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java +++ /dev/null @@ -1,280 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2010 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.kra.IKeyService; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * Approve an asynchronous key recovery request - * - */ -public class GrantAsyncRecovery extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = -4200111795169532676L; - private final static String INFO = "grantAsyncRecovery"; - private final static String TPL_FILE = "grantAsyncRecovery.template"; - - private final static String IN_SERIALNO = "serialNumber"; - private final static String IN_REQ_ID = "reqID"; - private final static String IN_UID = "uid"; - private final static String IN_CERT = "cert"; - - private final static String OUT_OP = "op"; - private final static String OUT_SERIALNO = IN_SERIALNO; - private final static String OUT_RECOVERY_SUCCESS = "recoverySuccess"; - private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_ERROR = "errorDetails"; - - private IKeyService mService = null; - private String mFormPath = null; - - private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = - "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; - - /** - * Constructs EA servlet. - */ - public GrantAsyncRecovery() { - super(); - } - - /** - * initialize the servlet. This servlet uses the template file - * 'grantAsyncRecovery.template' to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - mService = (IKeyService) mAuthority; - - mTemplates.remove(CMSRequest.SUCCESS); - - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param reqID request ID of the request to approve - * <li>http.param agentID User ID of the agent approving the request - * - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - - CMS.debug("GrantAsyncRecovery: process() begins"); - - IAuthToken authToken = authenticate(cmsReq); - - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "recover"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - IArgBlock header = CMS.createArgBlock(); - IArgBlock fixed = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - - String agentID = authToken.getInString("uid"); - CMS.debug("GrantAsyncRecovery: process() agent uid=" + agentID); - CMS.debug("GrantAsyncRecovery: process() request id=" + req.getParameter("reqID")); - try { - process(argSet, header, - req.getParameter("reqID"), - agentID, - req, resp, locale[0]); - } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); - } - try { - ServletOutputStream out = resp.getOutputStream(); - - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - cmsReq.setStatus(CMSRequest.SUCCESS); - } - - /** - * Update agent approval list - * <P> - * - * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used whenever DRM agents login as recovery agents - * to approve key recovery requests - * </ul> - * - * @param argSet CMS template parameters - * @param header argument block - * @param reqID string containing the recovery request ID - * @param agentID string containing the agent ID - * @param req HTTP servlet request - * @param resp HTTP servlet response - * @param locale the system locale - */ - private void process(CMSTemplateParams argSet, - IArgBlock header, String reqID, - String agentID, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { - String auditMessage = null; - String auditSubjectID = auditSubjectID(); - String auditRequestID = reqID; - String auditAgentID = agentID; - - // "normalize" the "reqID" - if (auditRequestID != null) { - auditRequestID = auditRequestID.trim(); - - if (auditRequestID.equals("")) { - auditRequestID = ILogger.UNIDENTIFIED; - } - } else { - auditRequestID = ILogger.UNIDENTIFIED; - } - - // "normalize" the "auditAgentID" - if (auditAgentID != null) { - auditAgentID = auditAgentID.trim(); - - if (auditAgentID.equals("")) { - auditAgentID = ILogger.UNIDENTIFIED; - } - } else { - auditAgentID = ILogger.UNIDENTIFIED; - } - - try { - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - - // update approving agent list - mService.addAgentAsyncKeyRecovery(reqID, agentID); - - header.addStringValue("requestID", reqID); - header.addStringValue("agentID", agentID); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.SUCCESS, - auditRequestID, - auditAgentID); - - audit(auditMessage); - - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale)); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.FAILURE, - auditRequestID, - auditAgentID); - - audit(auditMessage); - } catch (Exception e) { - header.addStringValue(OUT_ERROR, e.toString()); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.FAILURE, - auditRequestID, - auditAgentID); - - audit(auditMessage); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java deleted file mode 100644 index 02aacc31c..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java +++ /dev/null @@ -1,308 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.util.Hashtable; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.kra.IKeyService; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * Approve a key recovery request - * - * @version $Revision$, $Date$ - */ -public class GrantRecovery extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = 991970686415492L; - private final static String INFO = "grantRecovery"; - private final static String TPL_FILE = "grantRecovery.template"; - - private final static String IN_SERIALNO = "serialNumber"; - private final static String IN_UID = "uid"; - private final static String IN_PWD = "pwd"; - private final static String IN_PASSWORD = "p12Password"; - private final static String IN_DELIVERY = "p12Delivery"; - private final static String IN_CERT = "cert"; - - private final static String OUT_OP = "op"; - private final static String OUT_SERIALNO = IN_SERIALNO; - private final static String OUT_RECOVERY_SUCCESS = "recoverySuccess"; - private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_ERROR = "errorDetails"; - - private IKeyService mService = null; - private String mFormPath = null; - - private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = - "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; - - /** - * Constructs EA servlet. - */ - public GrantRecovery() { - super(); - } - - /** - * initialize the servlet. This servlet uses the template file - * 'grantRecovery.template' to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - mService = (IKeyService) mAuthority; - - mTemplates.remove(CMSRequest.SUCCESS); - - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param recoveryID ID of the request to approve - * <li>http.param agentID User ID of the agent approving the request - * <li>http.param agentPWD Password of the agent approving the request - * - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "recover"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - IArgBlock header = CMS.createArgBlock(); - IArgBlock fixed = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - - String agentID = authToken.getInString("uid"); - if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { - agentID = req.getParameter("agentID"); - } - try { - process(argSet, header, - req.getParameter("recoveryID"), - agentID, - req.getParameter("agentPWD"), - req, resp, locale[0]); - } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); - } - try { - ServletOutputStream out = resp.getOutputStream(); - - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - cmsReq.setStatus(CMSRequest.SUCCESS); - } - - /** - * Recovers a key. The p12 will be protected by the password - * provided by the administrator. - * <P> - * - * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used whenever DRM agents login as recovery agents - * to approve key recovery requests - * </ul> - * - * @param argSet CMS template parameters - * @param header argument block - * @param recoveryID string containing the recovery ID - * @param agentID string containing the agent ID - * @param agentPWD string containing the agent password - * @param req HTTP servlet request - * @param resp HTTP servlet response - * @param locale the system locale - */ - private void process(CMSTemplateParams argSet, - IArgBlock header, String recoveryID, - String agentID, String agentPWD, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { - String auditMessage = null; - String auditSubjectID = auditSubjectID(); - String auditRecoveryID = recoveryID; - String auditAgentID = agentID; - - // "normalize" the "auditRecoveryID" - if (auditRecoveryID != null) { - auditRecoveryID = auditRecoveryID.trim(); - - if (auditRecoveryID.equals("")) { - auditRecoveryID = ILogger.UNIDENTIFIED; - } - } else { - auditRecoveryID = ILogger.UNIDENTIFIED; - } - - // "normalize" the "auditAgentID" - if (auditAgentID != null) { - auditAgentID = auditAgentID.trim(); - - if (auditAgentID.equals("")) { - auditAgentID = ILogger.UNIDENTIFIED; - } - } else { - auditAgentID = ILogger.UNIDENTIFIED; - } - - try { - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - - Hashtable<String, Object> h = mService.getRecoveryParams(recoveryID); - - if (h == null) { - header.addStringValue(OUT_ERROR, - "No such token found"); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.FAILURE, - auditRecoveryID, - auditAgentID); - - audit(auditMessage); - - return; - } - header.addStringValue("serialNumber", - (String) h.get("keyID")); - - mService.addDistributedCredential(recoveryID, agentID, agentPWD); - header.addStringValue("agentID", - agentID); - header.addStringValue("recoveryID", - recoveryID); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.SUCCESS, - auditRecoveryID, - auditAgentID); - - audit(auditMessage); - - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale)); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.FAILURE, - auditRecoveryID, - auditAgentID); - - audit(auditMessage); - } catch (Exception e) { - header.addStringValue(OUT_ERROR, e.toString()); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.FAILURE, - auditRecoveryID, - auditAgentID); - - audit(auditMessage); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java deleted file mode 100644 index aeee624c0..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java +++ /dev/null @@ -1,87 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.util.Date; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.base.IPrettyPrintFormat; -import com.netscape.certsrv.dbs.keydb.IKeyRecord; - -/** - * Output a 'pretty print' of a Key Archival record - * - * @version $Revision$, $Date$ - */ -public class KeyRecordParser { - - public final static String OUT_STATE = "state"; - public final static String OUT_OWNER_NAME = "ownerName"; - public final static String OUT_SERIALNO = "serialNumber"; - public final static String OUT_KEY_ALGORITHM = "keyAlgorithm"; - public final static String OUT_PUBLIC_KEY = "publicKey"; - public final static String OUT_KEY_LEN = "keyLength"; - public final static String OUT_ARCHIVED_BY = "archivedBy"; - public final static String OUT_ARCHIVED_ON = "archivedOn"; - public final static String OUT_RECOVERED_BY = "recoveredBy"; - public final static String OUT_RECOVERED_ON = "recoveredOn"; - - /** - * Fills key record into argument block. - */ - public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg) - throws EBaseException { - if (rec == null) - return; - rarg.addStringValue(OUT_STATE, - rec.getState().toString()); - rarg.addStringValue(OUT_OWNER_NAME, - rec.getOwnerName()); - rarg.addBigIntegerValue(OUT_SERIALNO, - rec.getSerialNumber(), 10); - rarg.addStringValue(OUT_KEY_ALGORITHM, - rec.getAlgorithm()); - // Possible Enhancement: sun's BASE64Encode is not - // fast. We may may to have our native implmenetation. - IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":"); - - rarg.addStringValue(OUT_PUBLIC_KEY, - pp.toHexString(rec.getPublicKeyData(), 0, 20)); - Integer keySize = rec.getKeySize(); - - if (keySize == null) { - rarg.addIntegerValue(OUT_KEY_LEN, 512); - } else { - rarg.addIntegerValue(OUT_KEY_LEN, keySize.intValue()); - } - rarg.addStringValue(OUT_ARCHIVED_BY, - rec.getArchivedBy()); - rarg.addLongValue(OUT_ARCHIVED_ON, - rec.getCreateTime().getTime() / 1000); - Date dateOfRevocation[] = rec.getDateOfRevocation(); - - if (dateOfRevocation != null) { - rarg.addStringValue(OUT_RECOVERED_BY, - "null"); - rarg.addStringValue(OUT_RECOVERED_ON, - "null"); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeyResource.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeyResource.java deleted file mode 100644 index a47c46d86..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/key/KeyResource.java +++ /dev/null @@ -1,33 +0,0 @@ -package com.netscape.cms.servlet.key; - -import javax.ws.rs.Consumes; -import javax.ws.rs.POST; -import javax.ws.rs.Path; -import javax.ws.rs.Produces; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.MultivaluedMap; - -import com.netscape.cms.servlet.key.model.KeyData; -import com.netscape.cms.servlet.request.model.RecoveryRequestData; - -@Path("/key") -public interface KeyResource { - - /** - * Used to retrieve a key - * @param data - * @return - */ - @POST - @Path("retrieve") - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) - @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - public KeyData retrieveKey(RecoveryRequestData data); - - // retrieval - used to test integration with a browser - @POST - @Path("retrieve") - @Produces(MediaType.TEXT_XML) - @Consumes({ MediaType.APPLICATION_FORM_URLENCODED}) - public KeyData retrieveKey(MultivaluedMap<String, String> form); -} diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java deleted file mode 100644 index 79e6ccfdb..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java +++ /dev/null @@ -1,129 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2011 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -package com.netscape.cms.servlet.key; - - -import javax.ws.rs.WebApplicationException; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.MultivaluedMap; -import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; - -import com.netscape.cms.servlet.base.CMSResourceService; -import com.netscape.cms.servlet.key.model.KeyDAO; -import com.netscape.cms.servlet.key.model.KeyData; -import com.netscape.cms.servlet.request.model.KeyRequestDAO; -import com.netscape.cms.servlet.request.model.KeyRequestInfo; -import com.netscape.cms.servlet.request.model.RecoveryRequestData; -import com.netscape.certsrv.request.IRequest; -import com.netscape.certsrv.request.RequestId; -import com.netscape.certsrv.request.RequestStatus; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.dbs.keydb.KeyId; - -/** - * @author alee - * - */ -public class KeyResourceService extends CMSResourceService implements KeyResource{ - - @Context - UriInfo uriInfo; - - /** - * Used to retrieve a key - * @param data - * @return - */ - public KeyData retrieveKey(RecoveryRequestData data) { - // auth and authz - KeyId keyId = validateRequest(data); - KeyDAO dao = new KeyDAO(); - KeyData keyData; - try { - keyData = dao.getKey(keyId, data); - } catch (EBaseException e) { - // log error - e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); - } - if (keyData == null) { - // no key record - throw new WebApplicationException(Response.Status.GONE); - } - return keyData; - } - - // retrieval - used to test integration with a browser - public KeyData retrieveKey(MultivaluedMap<String, String> form) { - RecoveryRequestData data = new RecoveryRequestData(form); - return retrieveKey(data); - } - - private KeyId validateRequest(RecoveryRequestData data) { - - // confirm request exists - RequestId reqId = data.getRequestId(); - if (reqId == null) { - // log error - throw new WebApplicationException(Response.Status.BAD_REQUEST); - } - - // confirm that at least one wrapping method exists - // There must be at least the wrapped session key method. - if ((data.getTransWrappedSessionKey() == null)) { - // log error - throw new WebApplicationException(Response.Status.BAD_REQUEST); - } - - KeyRequestDAO reqDAO = new KeyRequestDAO(); - KeyRequestInfo reqInfo; - try { - reqInfo = reqDAO.getRequest(reqId, uriInfo); - } catch (EBaseException e1) { - // failed to get request - e1.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); - } - if (reqInfo == null) { - // request not found - throw new WebApplicationException(Response.Status.GONE); - } - - //confirm request is of the right type - String type = reqInfo.getRequestType(); - if (!type.equals(IRequest.SECURITY_DATA_RECOVERY_REQUEST)) { - // log error - throw new WebApplicationException(Response.Status.BAD_REQUEST); - } - - //confirm that agent is originator of request, else throw 401 - // TO-DO - - // confirm request is in approved state - String status = reqInfo.getRequestStatus(); - if (!status.equals(RequestStatus.APPROVED.toString())) { - // log error - throw new WebApplicationException(Response.Status.UNAUTHORIZED); - } - - return reqInfo.getKeyId(); - } - -} diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeysResource.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeysResource.java deleted file mode 100644 index c93ffa4c9..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/key/KeysResource.java +++ /dev/null @@ -1,23 +0,0 @@ -package com.netscape.cms.servlet.key; - -import javax.ws.rs.DefaultValue; -import javax.ws.rs.GET; -import javax.ws.rs.Path; -import javax.ws.rs.Produces; -import javax.ws.rs.QueryParam; -import javax.ws.rs.core.MediaType; -import com.netscape.cms.servlet.key.model.KeyDataInfos; - -@Path("/keys") -public interface KeysResource { - public static final int DEFAULT_MAXTIME = 10; - public static final int DEFAULT_MAXRESULTS = 100; - - @GET - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) - public KeyDataInfos listKeys(@QueryParam("clientID") String clientID, - @QueryParam("status") String status, - @DefaultValue(""+DEFAULT_MAXRESULTS) @QueryParam("maxResults") int maxResults, - @DefaultValue(""+DEFAULT_MAXTIME) @QueryParam("maxTime") int maxTime); - -} diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeysResourceService.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeysResourceService.java deleted file mode 100644 index a7876a6c6..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/key/KeysResourceService.java +++ /dev/null @@ -1,91 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2011 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -/** - * - */ -package com.netscape.cms.servlet.key; - -import javax.ws.rs.WebApplicationException; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.cms.servlet.base.CMSResourceService; -import com.netscape.cms.servlet.key.model.KeyDAO; -import com.netscape.cms.servlet.key.model.KeyDataInfos; -import com.netscape.cmsutil.ldap.LDAPUtil; - -/** - * @author alee - * - */ -public class KeysResourceService extends CMSResourceService implements KeysResource { - - @Context - UriInfo uriInfo; - - /** - * Used to generate list of key infos based on the search parameters - */ - public KeyDataInfos listKeys(String clientID, String status, int maxResults, int maxTime) { - // auth and authz - - // get ldap filter - String filter = createSearchFilter(status, clientID); - CMS.debug("listKeys: filter is " + filter); - - KeyDAO dao = new KeyDAO(); - KeyDataInfos infos; - try { - infos = dao.listKeys(filter, maxResults, maxTime, uriInfo); - } catch (EBaseException e) { - e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); - } - return infos; - } - - private String createSearchFilter(String status, String clientID) { - String filter = ""; - int matches = 0; - - if ((status == null) && (clientID == null)) { - filter = "(serialno=*)"; - return filter; - } - - if (status != null) { - filter += "(status=" + LDAPUtil.escape(status) + ")"; - matches ++; - } - - if (clientID != null) { - filter += "(clientID=" + LDAPUtil.escape(clientID) + ")"; - matches ++; - } - - if (matches > 1) { - filter = "(&" + filter + ")"; - } - - return filter; - } - -} diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java deleted file mode 100644 index 28ff30803..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java +++ /dev/null @@ -1,529 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.math.BigInteger; -import java.util.Hashtable; -import java.util.Locale; -import java.util.Vector; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import netscape.security.x509.X509CertImpl; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.base.SessionContext; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.security.Credential; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; -import com.netscape.cmsutil.util.Cert; - -/** - * A class representing a recoverBySerial servlet. - * - * @version $Revision$, $Date$ - */ -public class RecoverBySerial extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = -4544485601409309840L; - private final static String INFO = "recoverBySerial"; - private final static String TPL_FILE = "recoverBySerial.template"; - - private final static String IN_SERIALNO = "serialNumber"; - private final static String IN_UID = "uid"; - private final static String IN_PWD = "pwd"; - private final static String IN_PASSWORD = "p12Password"; - private final static String IN_PASSWORD_AGAIN = "p12PasswordAgain"; - private final static String IN_DELIVERY = "p12Delivery"; - private final static String IN_CERT = "cert"; - private final static String IN_NICKNAME = "nickname"; - - private final static String OUT_OP = "op"; - private final static String OUT_SERIALNO = IN_SERIALNO; - private final static String OUT_RECOVERY_SUCCESS = "recoverySuccess"; - private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_ERROR = "errorDetails"; - - private final static String SCHEME = "scheme"; - private final static String HOST = "host"; - private final static String PORT = "port"; - - private com.netscape.certsrv.kra.IKeyService mService = null; - private String mFormPath = null; - - /** - * Constructs EA servlet. - */ - public RecoverBySerial() { - super(); - } - - /** - * Initializes the servlet. - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - mService = (com.netscape.certsrv.kra.IKeyService) mAuthority; - - mTemplates.remove(CMSRequest.SUCCESS); - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Serves HTTP request. The format of this request is as follows: - * recoverBySerial? - * [serialNumber=<number>] - * [uid#=<uid>] - * [pwd#=<password>] - * [localAgents=yes|null] - * [recoveryID=recoveryID] - * [pkcs12Password=<password of pkcs12>] - * [pkcs12PasswordAgain=<password of pkcs12>] - * [pkcs12Delivery=<delivery mechanism for pkcs12>] - * [cert=<encryption certificate>] - */ - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "recover"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - cmsReq.setStatus(CMSRequest.SUCCESS); - IArgBlock header = CMS.createArgBlock(); - IArgBlock fixed = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - - // set host name and port. - HttpServletRequest httpReq = cmsReq.getHttpReq(); - String host = httpReq.getServerName(); - int port = httpReq.getServerPort(); - String scheme = httpReq.getScheme(); - - fixed.set(HOST, host); - fixed.set(PORT, Integer.valueOf(port)); - fixed.set(SCHEME, scheme); - - SessionContext ctx = null; - - try { - String initAsyncRecovery = req.getParameter("initAsyncRecovery"); - - // this information is needed within the server for - // various signed audit log messages to report - ctx = SessionContext.getContext(); - - /* - When Recovery is first initiated, if it is in asynch mode, - no pkcs#12 password is needed. - The initiating agent uid will be recorded in the recovery - request. - Later, as approving agents submit their approvals, they will - also be listed in the request. - */ - if ((initAsyncRecovery != null) && - initAsyncRecovery.equalsIgnoreCase("ON")) { - process(form, argSet, header, - req.getParameter(IN_SERIALNO), - req.getParameter(IN_CERT), - req, resp, locale[0]); - - int requiredNumber = mService.getNoOfRequiredAgents(); - header.addIntegerValue("noOfRequiredAgents", requiredNumber); - } else { - String recoveryID = req.getParameter("recoveryID"); - - if (recoveryID != null && !recoveryID.equals("")) { - ctx.put(SessionContext.RECOVERY_ID, - req.getParameter("recoveryID")); - } - byte pkcs12[] = process(form, argSet, header, - req.getParameter(IN_SERIALNO), - req.getParameter("localAgents"), - req.getParameter(IN_PASSWORD), - req.getParameter(IN_PASSWORD_AGAIN), - req.getParameter(IN_CERT), - req.getParameter(IN_DELIVERY), - req.getParameter(IN_NICKNAME), - req, resp, locale[0]); - - if (pkcs12 != null) { - //resp.setStatus(HttpServletResponse.SC_OK); - resp.setContentType("application/x-pkcs12"); - //resp.setContentLength(pkcs12.length); - resp.getOutputStream().write(pkcs12); - mRenderResult = false; - return; - } - } - } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); - } catch (IOException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); - } finally { - SessionContext.releaseContext(); - } - - // return status page - try { - ServletOutputStream out = resp.getOutputStream(); - - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - cmsReq.setStatus(CMSRequest.SUCCESS); - } - - /** - * Async Key Recovery - request initiation - */ - private void process(CMSTemplate form, CMSTemplateParams argSet, - IArgBlock header, String seq, String cert, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { - - // seq is the key id - if (seq == null) { - header.addStringValue(OUT_ERROR, "sequence number not found"); - return; - } - X509CertImpl x509cert = null; - - if (cert == null || cert.trim().length() == 0) { - header.addStringValue(OUT_ERROR, "certificate not found"); - return; - } else { - try { - x509cert = Cert.mapCert(cert); - } catch (IOException e) { - header.addStringValue(OUT_ERROR, e.toString()); - } - } - if (x509cert == null) { - header.addStringValue(OUT_ERROR, "invalid X.509 certificate"); - return; - } - - SessionContext sContext = SessionContext.getContext(); - - try { - String reqID = mService.initAsyncKeyRecovery( - new BigInteger(seq), x509cert, - (String) sContext.get(SessionContext.USER_ID)); - header.addStringValue(OUT_SERIALNO, req.getParameter(IN_SERIALNO)); - header.addStringValue("requestID", reqID); - } catch (EBaseException e) { - String error = - "Failed to recover key for key id " + - seq + ".\nException: " + e.toString(); - - CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, error); - try { - ((IKeyRecoveryAuthority) mService).createError(seq, error); - } catch (EBaseException eb) { - CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); - } - } - return; - } - - /** - * Recovers a key. The p12 will be protected by the password - * provided by the administrator. - */ - private byte[] process(CMSTemplate form, CMSTemplateParams argSet, - IArgBlock header, String seq, String localAgents, - String password, String passwordAgain, - String cert, String delivery, String nickname, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { - if (seq == null) { - header.addStringValue(OUT_ERROR, "sequence number not found"); - return null; - } - if (password == null || password.equals("")) { - header.addStringValue(OUT_ERROR, "PKCS12 password not found"); - return null; - } - if (passwordAgain == null || !passwordAgain.equals(password)) { - header.addStringValue(OUT_ERROR, "PKCS12 password not matched"); - return null; - } - X509CertImpl x509cert = null; - - if (cert == null || cert.trim().length() == 0) { - // perform recovery - header.addStringValue(OUT_ERROR, "certificate not found"); - return null; - } else { - try { - x509cert = Cert.mapCert(cert); - } catch (IOException e) { - header.addStringValue(OUT_ERROR, e.toString()); - } - } - if (x509cert == null) { - header.addStringValue(OUT_ERROR, "invalid X.509 certificate"); - return null; - } - try { - Credential creds[] = null; - - SessionContext sContext = SessionContext.getContext(); - String agent = null; - - if (sContext != null) { - agent = (String) sContext.get(SessionContext.USER_ID); - } - if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { - if (localAgents == null) { - String recoveryID = req.getParameter("recoveryID"); - - if (recoveryID == null || recoveryID.equals("")) { - header.addStringValue(OUT_ERROR, "No recovery ID specified"); - return null; - } - Hashtable<String, Object> params = mService.createRecoveryParams(recoveryID); - - params.put("keyID", req.getParameter(IN_SERIALNO)); - - header.addStringValue("recoveryID", recoveryID); - - params.put("agent", agent); - - // new thread to wait for pk12 - Thread waitThread = new WaitApprovalThread(recoveryID, - seq, password, x509cert, delivery, nickname, - SessionContext.getContext()); - - waitThread.start(); - return null; - } else { - Vector<Credential> v = new Vector<Credential>(); - - for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) { - String uid = req.getParameter(IN_UID + i); - String pwd = req.getParameter(IN_PWD + i); - - if (uid != null && pwd != null && !uid.equals("") && - !pwd.equals("")) { - v.addElement(new Credential(uid, pwd)); - } else { - header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided"); - return null; - } - } - if (v.size() != mService.getNoOfRequiredAgents()) { - header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided"); - return null; - } - creds = new Credential[v.size()]; - v.copyInto(creds); - } - - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addBigIntegerValue(OUT_SERIALNO, - new BigInteger(seq), 10); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - byte pkcs12[] = mService.doKeyRecovery( - new BigInteger(seq), - creds, password, x509cert, - delivery, nickname, agent); - - return pkcs12; - } else { - String recoveryID = req.getParameter("recoveryID"); - - if (recoveryID == null || recoveryID.equals("")) { - header.addStringValue(OUT_ERROR, "No recovery ID specified"); - return null; - } - Hashtable<String, Object> params = mService.createRecoveryParams(recoveryID); - - params.put("keyID", req.getParameter(IN_SERIALNO)); - - header.addStringValue("recoveryID", recoveryID); - - params.put("agent", agent); - - // new thread to wait for pk12 - Thread waitThread = new WaitApprovalThread(recoveryID, - seq, password, x509cert, delivery, nickname, - SessionContext.getContext()); - - waitThread.start(); - return null; - } - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale)); - } catch (Exception e) { - header.addStringValue(OUT_ERROR, e.toString()); - } - return null; - } - - /** - * Wait approval thread. Wait for recovery agents' approval - * exit when required number of approval received - */ - final class WaitApprovalThread extends Thread { - String theRecoveryID = null; - String theSeq = null; - String thePassword = null; - X509CertImpl theCert = null; - String theDelivery = null; - String theNickname = null; - SessionContext theSc = null; - - /** - * Wait approval thread constructor including thread name - */ - public WaitApprovalThread(String recoveryID, String seq, - String password, X509CertImpl cert, - String delivery, String nickname, SessionContext sc) { - super(); - super.setName("waitApproval." + recoveryID + "-" + - (Thread.activeCount() + 1)); - theRecoveryID = recoveryID; - theSeq = seq; - thePassword = password; - theCert = cert; - theDelivery = delivery; - theNickname = nickname; - theSc = sc; - } - - public void run() { - SessionContext.setContext(theSc); - Credential creds[] = null; - - try { - creds = mService.getDistributedCredentials(theRecoveryID); - } catch (EBaseException e) { - String error = - "Failed to get required approvals for recovery id " + - theRecoveryID + ".\nException: " + e.toString(); - - CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, error); - try { - ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error); - } catch (EBaseException eb) { - CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); - } - return; - } - - SessionContext sContext = SessionContext.getContext(); - - try { - byte pkcs12[] = mService.doKeyRecovery( - new BigInteger(theSeq), - creds, thePassword, theCert, - theDelivery, theNickname, - (String) sContext.get(SessionContext.USER_ID)); - - ((IKeyRecoveryAuthority) mService).createPk12(theRecoveryID, pkcs12); - } catch (EBaseException e) { - String error = - "Failed to recover key for recovery id " + - theRecoveryID + ".\nException: " + e.toString(); - - CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, error); - try { - ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error); - } catch (EBaseException eb) { - CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); - } - } - return; - } - } - -} diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java deleted file mode 100644 index bff14e9f2..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java +++ /dev/null @@ -1,297 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import netscape.security.x509.X500Name; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.dbs.keydb.IKeyRecord; -import com.netscape.certsrv.dbs.keydb.IKeyRepository; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * Retrieve archived keys matching search criteria - * - * @version $Revision$, $Date$ - */ -public class SrchKey extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = -6404955402865756665L; - private final static String TPL_FILE = "srchKey.template"; - private final static String INFO = "srchKey"; - private final static String PROP_MAX_SEARCH_RETURNS = "maxSearchReturns"; - - // input parameters - private final static String IN_MAXCOUNT = "maxCount"; - private final static String IN_FILTER = "queryFilter"; - private final static String IN_SENTINEL = "querySentinel"; - - // output parameters - private final static String OUT_FILTER = IN_FILTER; - private final static String OUT_MAXCOUNT = IN_MAXCOUNT; - private final static String OUT_SENTINEL = IN_SENTINEL; - private final static String OUT_OP = "op"; - private final static String OUT_ERROR = "errorDetails"; - private final static String OUT_ARCHIVER = "archiverName"; - private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_TOTAL_COUNT = "totalRecordCount"; - private final static String OUT_TEMPLATE = "templateName"; - - private IKeyRepository mKeyDB = null; - private X500Name mAuthName = null; - private String mFormPath = null; - private int mMaxReturns = 100; - private int mTimeLimits = 30; /* in seconds */ - - /** - * Constructs query key servlet. - */ - public SrchKey() { - super(); - } - - /** - * initialize the servlet. This servlet uses the template file - * "srchKey.template" to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - - /* maxReturns doesn't seem to do anything useful in this - servlet!!! */ - try { - String tmp = - sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); - - if (tmp == null) - mMaxReturns = 100; - else - mMaxReturns = Integer.parseInt(tmp); - } catch (Exception e) { - // do nothing - } - - mKeyDB = ((IKeyRecoveryAuthority) mAuthority).getKeyRepository(); - mAuthName = ((IKeyRecoveryAuthority) mAuthority).getX500Name(); - - mTemplates.remove(CMSRequest.SUCCESS); - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; - - /* Server-Side time limit */ - try { - mTimeLimits = Integer.parseInt(sc.getInitParameter("timeLimits")); - } catch (Exception e) { - /* do nothing, just use the default if integer parsing failed */ - } - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param maxCount maximum number of matches to show in result - * <li>http.param maxResults maximum number of matches to run in ldapsearch - * <li>http.param queryFilter ldap-style filter to search with - * <li>http.param querySentinel ID of first request to show - * <li>http.param timeLimit number of seconds to limit ldap search to - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "list"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - // process query if authentication is successful - IArgBlock header = CMS.createArgBlock(); - IArgBlock ctx = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, ctx); - - int maxCount = -1; - int sentinel = 0; - int maxResults = -1; - int timeLimit = -1; - - try { - if (req.getParameter(IN_MAXCOUNT) != null) { - maxCount = Integer.parseInt( - req.getParameter(IN_MAXCOUNT)); - } - if (req.getParameter(IN_SENTINEL) != null) { - sentinel = Integer.parseInt( - req.getParameter(IN_SENTINEL)); - } - String maxResultsStr = req.getParameter("maxResults"); - - if (maxResultsStr != null && maxResultsStr.length() > 0) - maxResults = Integer.parseInt(maxResultsStr); - String timeLimitStr = req.getParameter("timeLimit"); - - if (timeLimitStr != null && timeLimitStr.length() > 0) - timeLimit = Integer.parseInt(timeLimitStr); - process(argSet, header, ctx, maxCount, maxResults, - timeLimit, sentinel, - req.getParameter(IN_FILTER), req, resp, locale[0]); - } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); - } - - try { - ServletOutputStream out = resp.getOutputStream(); - - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - cmsReq.setStatus(CMSRequest.SUCCESS); - } - - /** - * Process the key search. - */ - private void process(CMSTemplateParams argSet, - IArgBlock header, IArgBlock ctx, - int maxCount, int maxResults, int timeLimit, int sentinel, String filter, - HttpServletRequest req, HttpServletResponse resp, Locale locale) { - - try { - // Fill header - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue(OUT_ARCHIVER, - mAuthName.toString()); - // STRANGE: IE does not like the following: - // header.addStringValue(OUT_SERVICE_URL, - // req.getRequestURI()); - // XXX - header.addStringValue(OUT_SERVICE_URL, - "/kra?"); - header.addStringValue(OUT_TEMPLATE, - TPL_FILE); - header.addStringValue(OUT_FILTER, - filter); - - if (timeLimit == -1 || timeLimit > mTimeLimits) { - CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits); - timeLimit = mTimeLimits; - } - CMS.debug("Start searching ... timelimit=" + timeLimit); - Enumeration<IKeyRecord> e = mKeyDB.searchKeys(filter, - maxResults, timeLimit); - int count = 0; - - if (e == null) { - header.addStringValue(OUT_SENTINEL, - null); - } else { - while (e.hasMoreElements()) { - IKeyRecord rec = e.nextElement(); - // rec is null when we specify maxResults - // DS will return an err=4, which triggers - // a LDAPException.SIZE_LIMIT_ExCEEDED - // in DSSearchResults.java - if (rec != null) { - IArgBlock rarg = CMS.createArgBlock(); - - KeyRecordParser.fillRecordIntoArg(rec, rarg); - argSet.addRepeatRecord(rarg); - count++; - } - } - } - - header.addIntegerValue("maxSize", mMaxReturns); - header.addIntegerValue(OUT_TOTAL_COUNT, count); - ctx.addIntegerValue(OUT_MAXCOUNT, maxCount); - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale)); - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java deleted file mode 100644 index 95c777701..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java +++ /dev/null @@ -1,318 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import netscape.security.x509.X500Name; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.dbs.keydb.IKeyRecord; -import com.netscape.certsrv.dbs.keydb.IKeyRepository; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * Retrieve archived keys matching given public key material - * - * - * @version $Revision$, $Date$ - */ -public class SrchKeyForRecovery extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = 5426987963811540460L; - private final static String TPL_FILE = "srchKeyForRecovery.template"; - private final static String INFO = "srchKey"; - private final static String PROP_MAX_SEARCH_RETURNS = "maxSearchReturns"; - - // input parameters - private final static String IN_MAXCOUNT = "maxCount"; - private final static String IN_FILTER = "queryFilter"; - private final static String IN_SENTINEL = "querySentinel"; - - // output parameters - private final static String OUT_FILTER = IN_FILTER; - private final static String OUT_MAXCOUNT = IN_MAXCOUNT; - private final static String OUT_SENTINEL = IN_SENTINEL; - private final static String OUT_OP = "op"; - private final static String OUT_ERROR = "errorDetails"; - private final static String OUT_ARCHIVER = "archiverName"; - private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_TOTAL_COUNT = "totalRecordCount"; - private final static String OUT_TEMPLATE = "templateName"; - - private IKeyRepository mKeyDB = null; - private X500Name mAuthName = null; - private String mFormPath = null; - private int mMaxReturns = 100; - private int mTimeLimits = 30; /* in seconds */ - - /** - * Constructs query key servlet. - */ - public SrchKeyForRecovery() { - super(); - } - - /** - * initialize the servlet. This servlet uses the template file - * "srchKeyForRecovery.template" to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - - try { - String tmp = - sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); - - if (tmp == null) - mMaxReturns = 100; - else - mMaxReturns = Integer.parseInt(tmp); - } catch (Exception e) { - // do nothing - } - - mKeyDB = ((IKeyRecoveryAuthority) mAuthority).getKeyRepository(); - mAuthName = ((IKeyRecoveryAuthority) mAuthority).getX500Name(); - - mTemplates.remove(CMSRequest.SUCCESS); - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; - - /* Server-Side time limit */ - try { - mTimeLimits = Integer.parseInt(sc.getInitParameter("timeLimits")); - } catch (Exception e) { - /* do nothing, just use the default if integer parsing failed */ - } - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param maxCount maximum number of matches to show in result - * <li>http.param maxResults maximum number of matches to run in ldapsearch - * <li>http.param publicKeyData public key data to search on - * <li>http.param querySentinel ID of first request to show - * <li>http.param timeLimit number of seconds to limit ldap search to - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "list"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - // process query if authentication is successful - IArgBlock header = CMS.createArgBlock(); - IArgBlock ctx = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, ctx); - EBaseException error = null; - - int maxCount = -1; - int sentinel = 0; - int maxResults = -1; - int timeLimit = -1; - - try { - if (req.getParameter(IN_MAXCOUNT) != null) { - maxCount = Integer.parseInt( - req.getParameter(IN_MAXCOUNT)); - } - if (req.getParameter(IN_SENTINEL) != null) { - sentinel = Integer.parseInt( - req.getParameter(IN_SENTINEL)); - } - String maxResultsStr = req.getParameter("maxResults"); - - if (maxResultsStr != null && maxResultsStr.length() > 0) - maxResults = Integer.parseInt(maxResultsStr); - String timeLimitStr = req.getParameter("timeLimit"); - - if (timeLimitStr != null && timeLimitStr.length() > 0) - timeLimit = Integer.parseInt(timeLimitStr); - process(argSet, header, ctx, maxCount, maxResults, timeLimit, sentinel, - req.getParameter("publicKeyData"), req.getParameter(IN_FILTER), req, resp, locale[0]); - } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); - } - - /* - catch (Exception e) { - error = new EBaseException(BaseResources.INTERNAL_ERROR_1, e); - } - */ - - try { - if (error == null) { - String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - ServletOutputStream out = resp.getOutputStream(); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } - } else { - cmsReq.setStatus(CMSRequest.ERROR); - cmsReq.setError(error); - } - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - } - - /** - * Process the key search. - */ - private void process(CMSTemplateParams argSet, - IArgBlock header, IArgBlock ctx, - int maxCount, int maxResults, int timeLimit, int sentinel, String publicKeyData, - String filter, - HttpServletRequest req, HttpServletResponse resp, Locale locale) - throws EBaseException { - - try { - // Fill header - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue(OUT_ARCHIVER, - mAuthName.toString()); - // STRANGE: IE does not like the following: - // header.addStringValue(OUT_SERVICE_URL, - // req.getRequestURI()); - // XXX - header.addStringValue(OUT_SERVICE_URL, - "/kra?"); - header.addStringValue(OUT_TEMPLATE, - TPL_FILE); - header.addStringValue(OUT_FILTER, - filter); - if (publicKeyData != null) { - header.addStringValue("publicKeyData", - publicKeyData); - } - - if (timeLimit == -1 || timeLimit > mTimeLimits) { - CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits); - timeLimit = mTimeLimits; - } - CMS.debug("Start searching ... timelimit=" + timeLimit); - Enumeration<IKeyRecord> e = mKeyDB.searchKeys(filter, maxResults, timeLimit); - int count = 0; - - if (e == null) { - header.addStringValue(OUT_SENTINEL, - null); - } else { - while (e.hasMoreElements()) { - IKeyRecord rec = e.nextElement(); - // rec is null when we specify maxResults - // DS will return an err=4, which triggers - // a LDAPException.SIZE_LIMIT_ExCEEDED - // in DSSearchResults.java - if (rec != null) { - IArgBlock rarg = CMS.createArgBlock(); - - KeyRecordParser.fillRecordIntoArg(rec, rarg); - argSet.addRepeatRecord(rarg); - count++; - } - } - } - - header.addIntegerValue("maxSize", mMaxReturns); - header.addIntegerValue(OUT_TOTAL_COUNT, count); - ctx.addIntegerValue(OUT_MAXCOUNT, maxCount); - } catch (EBaseException e) { - log(ILogger.LL_FAILURE, "Error " + e); - throw e; - } - } -} diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyDAO.java b/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyDAO.java deleted file mode 100644 index f479c6f0d..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyDAO.java +++ /dev/null @@ -1,202 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2011 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key.model; - -import java.math.BigInteger; -import java.util.ArrayList; -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.List; - -import javax.ws.rs.Path; -import javax.ws.rs.core.UriBuilder; -import javax.ws.rs.core.UriInfo; -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.dbs.keydb.IKeyRecord; -import com.netscape.certsrv.dbs.keydb.IKeyRepository; -import com.netscape.certsrv.dbs.keydb.KeyId; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.request.IRequest; -import com.netscape.certsrv.request.IRequestQueue; -import com.netscape.certsrv.request.RequestId; -import com.netscape.certsrv.request.RequestStatus; -import com.netscape.cms.servlet.key.KeyResource; -import com.netscape.cms.servlet.request.model.RecoveryRequestData; - -/** - * @author alee - * - */ -public class KeyDAO { - - private IKeyRepository repo; - private IKeyRecoveryAuthority kra; - private IRequestQueue queue; - - public KeyDAO() { - kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( "kra" ); - repo = kra.getKeyRepository(); - queue = kra.getRequestQueue(); - } - /** - * Returns list of keys meeting specified search filter. - * Currently, vlv searches are not used for keys. - * - * @param filter - * @param maxResults - * @param maxTime - * @param uriInfo - * @return - * @throws EBaseException - */ - public KeyDataInfos listKeys(String filter, int maxResults, int maxTime, UriInfo uriInfo) - throws EBaseException { - List <KeyDataInfo> list = new ArrayList<KeyDataInfo>(); - Enumeration<IKeyRecord> e = null; - - e = repo.searchKeys(filter, maxResults, maxTime); - if (e == null) { - throw new EBaseException("search results are null"); - } - - while (e.hasMoreElements()) { - IKeyRecord rec = e.nextElement(); - if (rec != null) { - list.add(createKeyDataInfo(rec, uriInfo)); - } - } - - KeyDataInfos ret = new KeyDataInfos(); - ret.setKeyInfos(list); - - return ret; - } - - public KeyData getKey(KeyId keyId, RecoveryRequestData data) throws EBaseException { - KeyData keyData; - - RequestId rId = data.getRequestId(); - - String transWrappedSessionKey; - String sessionWrappedPassphrase; - - IRequest request = queue.findRequest(rId); - - if (request == null) { - return null; - } - - // get wrapped key - IKeyRecord rec = repo.readKeyRecord(keyId.toBigInteger()); - if (rec == null) { - return null; - } - - Hashtable<String, Object> requestParams = kra.getVolatileRequest( - request.getRequestId()); - - if(requestParams == null) { - throw new EBaseException("Can't obtain Volatile requestParams in KeyDAO.getKey!"); - } - - String sessWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_SESS_WRAPPED_DATA); - String passWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_PASS_WRAPPED_DATA); - String nonceData = (String) requestParams.get(IRequest.SECURITY_DATA_IV_STRING_OUT); - - if (sessWrappedKeyData != null || passWrappedKeyData != null) { - //The recovery process has already placed a valid recovery - //package, either session key wrapped or pass wrapped, into the request. - //Request already has been processed. - keyData = new KeyData(); - - } else { - // The request has not yet been processed, let's see if the RecoveryRequestData contains - // the info now needed to process the recovery request. - - transWrappedSessionKey = data.getTransWrappedSessionKey(); - sessionWrappedPassphrase = data.getSessionWrappedPassphrase(); - nonceData = data.getNonceData(); - - if (transWrappedSessionKey == null) { - //There must be at least a transWrappedSessionKey input provided. - //The command AND the request have provided insufficient data, end of the line. - throw new EBaseException("Can't retrieve key, insufficient input data!"); - } - - if (sessionWrappedPassphrase != null) { - requestParams.put(IRequest.SECURITY_DATA_SESS_PASS_PHRASE, sessionWrappedPassphrase); - } - - if (transWrappedSessionKey != null) { - requestParams.put(IRequest.SECURITY_DATA_TRANS_SESS_KEY, transWrappedSessionKey); - } - - if (nonceData != null) { - requestParams.put(IRequest.SECURITY_DATA_IV_STRING_IN, nonceData); - } - - try { - // Has to be in this state or it won't go anywhere. - request.setRequestStatus(RequestStatus.BEGIN); - queue.processRequest(request); - } catch (EBaseException e) { - kra.destroyVolatileRequest(request.getRequestId()); - throw new EBaseException(e.toString()); - } - - nonceData = null; - keyData = new KeyData(); - - sessWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_SESS_WRAPPED_DATA); - passWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_PASS_WRAPPED_DATA); - nonceData = (String) requestParams.get(IRequest.SECURITY_DATA_IV_STRING_OUT); - - } - - if (sessWrappedKeyData != null) { - keyData.setWrappedPrivateData(sessWrappedKeyData); - } - if (passWrappedKeyData != null) { - keyData.setWrappedPrivateData(passWrappedKeyData); - } - if (nonceData != null) { - keyData.setNonceData(nonceData); - } - - kra.destroyVolatileRequest(request.getRequestId()); - - queue.markAsServiced(request); - - return keyData; - } - - public KeyDataInfo createKeyDataInfo(IKeyRecord rec, UriInfo uriInfo) throws EBaseException { - KeyDataInfo ret = new KeyDataInfo(); - - Path keyPath = KeyResource.class.getAnnotation(Path.class); - BigInteger serial = rec.getSerialNumber(); - - UriBuilder keyBuilder = uriInfo.getBaseUriBuilder(); - keyBuilder.path(keyPath.value() + "/" + serial); - ret.setKeyURL(keyBuilder.build().toString()); - - return ret; - } - -} diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyData.java b/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyData.java deleted file mode 100644 index 4f303e27d..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyData.java +++ /dev/null @@ -1,76 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2011 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -/** - * - */ -package com.netscape.cms.servlet.key.model; - -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlRootElement; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; - -/** - * @author alee - * - */ -@XmlRootElement(name="SecurityData") -@XmlAccessorType(XmlAccessType.FIELD) -public class KeyData { - @XmlElement - String wrappedPrivateData; - - @XmlElement - String nonceData; - - public KeyData() { - // required for JAXB (defaults) - } - - /** - * @return the wrappedPrivateData - */ - public String getWrappedPrivateData() { - return wrappedPrivateData; - } - - /** - * @param wrappedPrivateData the wrappedPrivateData to set - */ - public void setWrappedPrivateData(String wrappedPrivateData) { - this.wrappedPrivateData = wrappedPrivateData; - } - - /** - * @return the nonceData - */ - - public String getNonceData() { - return nonceData; - } - - /** - * @param nonceData the nonceData to set - */ - - public void setNonceData(String nonceData) { - this.nonceData = nonceData; - } - -} diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyDataInfo.java b/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyDataInfo.java deleted file mode 100644 index 88b31b4d1..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyDataInfo.java +++ /dev/null @@ -1,85 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2011 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -/** - * - */ -package com.netscape.cms.servlet.key.model; - - -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlRootElement; -import javax.xml.bind.annotation.XmlAccessorType; - -import com.netscape.certsrv.dbs.keydb.KeyId; - -/** - * @author alee - * - */ -@XmlRootElement(name="SecurityDataInfo") -@XmlAccessorType(XmlAccessType.FIELD) -public class KeyDataInfo { - - @XmlElement - protected String keyURL; - - @XmlElement - protected String clientID; - - public KeyDataInfo() { - // required for JAXB (defaults) - } - - /** - * @return the keyURL - */ - public String getKeyURL() { - return keyURL; - } - - /** - * @param keyURL the keyURL to set - */ - public void setKeyURL(String keyURL) { - this.keyURL = keyURL; - } - - /** - * @return the key ID in the keyURL - */ - public KeyId getKeyId() { - String id = keyURL.substring(keyURL.lastIndexOf("/") + 1); - return new KeyId(id); - } - - /** - * @return the clientID - */ - public String getClientID() { - return clientID; - } - - /** - * @param clientID the clientID to set - */ - public void setClientID(String clientID) { - this.clientID = clientID; - } - -} diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyDataInfos.java b/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyDataInfos.java deleted file mode 100644 index b01184708..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyDataInfos.java +++ /dev/null @@ -1,87 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2012 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key.model; - -import java.util.Collection; -import java.util.List; - -import javax.xml.bind.annotation.XmlElementRef; -import javax.xml.bind.annotation.XmlRootElement; -import javax.xml.bind.annotation.XmlTransient; - -import com.netscape.cms.servlet.base.model.Link; - -@XmlRootElement(name = "SecurityDataInfos") -public class KeyDataInfos { - - protected Collection<KeyDataInfo> keyInfos; - protected List<Link> links; - - /** - * @return the keyInfos - */ - @XmlElementRef - public Collection<KeyDataInfo> getKeyInfos() { - return keyInfos; - } - /** - * @param keyInfos the keyInfos to set - */ - public void setKeyInfos(Collection<KeyDataInfo> keyInfos) { - this.keyInfos = keyInfos; - } - /** - * @return the links - */ - @XmlElementRef - public List<Link> getLinks() { - return links; - } - /** - * @param links the links to set - */ - public void setLinks(List<Link> links) { - this.links = links; - } - - @XmlTransient - public String getNext() { - if (links == null) { - return null; - } - for (Link link : links) { - if ("next".equals(link.getRelationship())) { - return link.getHref(); - } - } - return null; - } - - @XmlTransient - public String getPrevious() { - if (links == null) { - return null; - } - for (Link link : links) { - if ("previous".equals(link.getRelationship())) { - return link.getHref(); - } - } - return null; - } -} |