diff options
-rw-r--r-- | base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java | 57 | ||||
-rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java | 47 |
2 files changed, 52 insertions, 52 deletions
diff --git a/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java b/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java index 81ebe3e88..39f2d33a3 100644 --- a/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java +++ b/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java @@ -19,10 +19,8 @@ package org.dogtagpki.server.kra.rest; import java.lang.reflect.InvocationTargetException; -import java.math.BigInteger; import java.net.URI; import java.net.URISyntaxException; -import java.security.cert.CertificateException; import java.util.HashMap; import java.util.Map; @@ -51,19 +49,12 @@ import com.netscape.certsrv.key.KeyRequestInfoCollection; import com.netscape.certsrv.key.KeyRequestResource; import com.netscape.certsrv.key.KeyRequestResponse; import com.netscape.certsrv.key.SymKeyGenerationRequest; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.kra.IKeyService; import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.request.IRequest; -import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.request.RequestNotFoundException; import com.netscape.cms.servlet.base.PKIService; import com.netscape.cms.servlet.key.KeyRequestDAO; import com.netscape.cmsutil.ldap.LDAPUtil; -import com.netscape.cmsutil.util.Utils; - -import netscape.security.x509.X509CertImpl; /** * @author alee @@ -103,10 +94,6 @@ public class KeyRequestService extends PKIService implements KeyRequestResource public static final int DEFAULT_MAXRESULTS = 100; public static final int DEFAULT_MAXTIME = 10; - private IKeyRecoveryAuthority kra; - private IRequestQueue queue; - private IKeyService service; - public static final Map<String, SymmetricKey.Type> SYMKEY_TYPES; static { SYMKEY_TYPES = new HashMap<String, SymmetricKey.Type>(); @@ -118,12 +105,6 @@ public class KeyRequestService extends PKIService implements KeyRequestResource SYMKEY_TYPES.put(KeyRequestResource.AES_ALGORITHM, SymmetricKey.AES); } - public KeyRequestService() { - kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( "kra" ); - queue = kra.getRequestQueue(); - service = (IKeyService) kra; - } - /** * Used to retrieve key request info for a specific request */ @@ -221,7 +202,9 @@ public class KeyRequestService extends PKIService implements KeyRequestResource throw new UnauthorizedException("Recovery must be initiated by an agent"); } response = (data.getCertificate() != null)? - requestKeyRecovery(data): dao.submitRequest(data, uriInfo, requestor); + dao.submitAsyncKeyRecoveryRequest(data, uriInfo, requestor): + dao.submitRequest(data, uriInfo, requestor); + auditRecoveryRequestMade(response.getRequestInfo().getRequestId(), ILogger.SUCCESS, data.getKeyId()); @@ -234,40 +217,18 @@ public class KeyRequestService extends PKIService implements KeyRequestResource } } - private KeyRequestResponse requestKeyRecovery(KeyRecoveryRequest data) { - KeyRequestResponse response = null; - if (data == null) { - throw new BadRequestException("Invalid request."); - } - String keyId = data.getKeyId().toString(); - String b64Certificate = data.getCertificate(); - byte[] certData = Utils.base64decode(b64Certificate); - String agentID = servletRequest.getUserPrincipal().getName(); - String requestId = null; - try { - requestId = service.initAsyncKeyRecovery(new BigInteger(keyId), new X509CertImpl(certData), agentID); - } catch (EBaseException | CertificateException e) { - e.printStackTrace(); - throw new PKIException(e.toString()); - } - IRequest request = null; - try { - request = queue.findRequest(new RequestId(requestId)); - } catch (EBaseException e) { - } - KeyRequestDAO dao = new KeyRequestDAO(); - response = dao.createCMSRequestResponse(request, uriInfo); - - return response; - } - @Override public Response approveRequest(RequestId id) { if (id == null) { throw new BadRequestException("Invalid request id."); } + KeyRequestDAO dao = new KeyRequestDAO(); + String requestor = servletRequest.getUserPrincipal().getName(); + if (requestor == null) { + throw new UnauthorizedException("Request approval must be initiated by an agent"); + } try { - service.addAgentAsyncKeyRecovery(id.toString(), servletRequest.getUserPrincipal().getName()); + dao.approveRequest(id, requestor); auditRecoveryRequestChange(id, ILogger.SUCCESS, "approve"); } catch (EBaseException e) { e.printStackTrace(); diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java index 3d5300370..bdb1269a8 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java +++ b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java @@ -17,6 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; +import java.math.BigInteger; +import java.security.cert.CertificateException; import java.util.Arrays; import java.util.Collection; import java.util.Enumeration; @@ -53,6 +55,7 @@ import com.netscape.certsrv.key.KeyRequestResponse; import com.netscape.certsrv.key.KeyResource; import com.netscape.certsrv.key.SymKeyGenerationRequest; import com.netscape.certsrv.kra.IKeyRecoveryAuthority; +import com.netscape.certsrv.kra.IKeyService; import com.netscape.certsrv.profile.IEnrollProfile; import com.netscape.certsrv.request.CMSRequestInfo; import com.netscape.certsrv.request.CMSRequestInfos; @@ -60,6 +63,9 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.request.CMSRequestDAO; +import com.netscape.cmsutil.util.Utils; + +import netscape.security.x509.X509CertImpl; /** * @author alee @@ -94,11 +100,13 @@ public class KeyRequestDAO extends CMSRequestDAO { private IKeyRepository repo; private IKeyRecoveryAuthority kra; + private IKeyService service; public KeyRequestDAO() { super("kra"); kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( "kra" ); repo = kra.getKeyRepository(); + service = (IKeyService) kra; } /** @@ -277,6 +285,39 @@ public class KeyRequestDAO extends CMSRequestDAO { return createKeyRequestResponse(request, uriInfo); } + public KeyRequestResponse submitAsyncKeyRecoveryRequest(KeyRecoveryRequest data, UriInfo uriInfo, + String requestor) throws EBaseException { + if (data == null) { + throw new BadRequestException("Invalid request."); + } + + KeyId keyId = data.getKeyId(); + IKeyRecord rec = null; + try { + rec = repo.readKeyRecord(keyId.toBigInteger()); + } catch (EDBRecordNotFoundException e) { + throw new KeyNotFoundException(keyId); + } + + String b64Certificate = data.getCertificate(); + byte[] certData = Utils.base64decode(b64Certificate); + String requestId = null; + try { + requestId = service.initAsyncKeyRecovery(new BigInteger(keyId.toString()), new X509CertImpl(certData), requestor); + // TODO - update request with realm + } catch (EBaseException | CertificateException e) { + e.printStackTrace(); + throw new PKIException(e.toString()); + } + IRequest request = null; + try { + request = queue.findRequest(new RequestId(requestId)); + } catch (EBaseException e) { + } + return createCMSRequestResponse(request, uriInfo); + } + + public KeyRequestResponse submitRequest(SymKeyGenerationRequest data, UriInfo uriInfo, String owner) throws EBaseException { String clientKeyId = data.getClientKeyId(); @@ -429,10 +470,8 @@ public class KeyRequestDAO extends CMSRequestDAO { return createKeyRequestResponse(request, uriInfo); } - public void approveRequest(RequestId id) throws EBaseException { - IRequest request = queue.findRequest(id); - request.setRequestStatus(RequestStatus.APPROVED); - queue.updateRequest(request); + public void approveRequest(RequestId id, String requestor) throws EBaseException { + service.addAgentAsyncKeyRecovery(id.toString(), requestor); } public void rejectRequest(RequestId id) throws EBaseException { |