diff options
Diffstat (limited to 'base/common/src/com/netscape/certsrv/request')
22 files changed, 3137 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/certsrv/request/ARequestNotifier.java b/base/common/src/com/netscape/certsrv/request/ARequestNotifier.java new file mode 100644 index 000000000..a50996f2b --- /dev/null +++ b/base/common/src/com/netscape/certsrv/request/ARequestNotifier.java @@ -0,0 +1,546 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + +import java.math.BigInteger; +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.Vector; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.ca.ICertificateAuthority; +import com.netscape.certsrv.ldap.ILdapConnFactory; +import com.netscape.certsrv.ldap.ILdapConnModule; +import com.netscape.certsrv.publish.IPublisherProcessor; + +/** + * The ARequestNotifier class implements the IRequestNotifier interface, + * which notifies all registered request listeners. + * + * @version $Revision$, $Date$ + */ +public class ARequestNotifier implements IRequestNotifier { + private Hashtable<String, IRequestListener> mListeners = new Hashtable<String, IRequestListener>(); + private Vector<Thread> mNotifierThreads = new Vector<Thread>(); + private Vector<String> mRequests = new Vector<String>(); + private int mMaxRequests = 100; + private boolean mSearchForRequests = false; + private int mMaxThreads = 1; + private ICertificateAuthority mCA = null; + private boolean mIsPublishingQueueEnabled = false; + private int mPublishingQueuePriority = 0; + private int mMaxPublishingQueuePageSize = 1; + private IRequestQueue mRequestQueue = null; + private String mPublishingStatus = null; + private int mSavePublishingStatus = 0; + private int mSavePublishingCounter = 0; + + public ARequestNotifier() { + mPublishingQueuePriority = Thread.currentThread().getPriority(); + } + + public ARequestNotifier(ICertificateAuthority ca) { + mCA = ca; + if (mCA != null) + mRequestQueue = mCA.getRequestQueue(); + } + + public void setPublishingQueue(boolean isPublishingQueueEnabled, + int publishingQueuePriorityLevel, + int maxNumberOfPublishingThreads, + int publishingQueuePageSize, + int savePublishingStatus) { + CMS.debug("setPublishingQueue: Publishing Queue Enabled: " + isPublishingQueueEnabled + + " Priority Level: " + publishingQueuePriorityLevel + + " Maximum Number of Threads: " + maxNumberOfPublishingThreads + + " Page Size: " + publishingQueuePageSize); + mIsPublishingQueueEnabled = isPublishingQueueEnabled; + mMaxThreads = maxNumberOfPublishingThreads; + mMaxRequests = publishingQueuePageSize; + mSavePublishingStatus = savePublishingStatus; + + // Publishing Queue Priority Levels: 2 - maximum, 1 - higher, 0 - normal, -1 - lower, -2 - minimum + if (publishingQueuePriorityLevel > 1) { + mPublishingQueuePriority = Thread.MAX_PRIORITY; + } else if (publishingQueuePriorityLevel > 0) { + mPublishingQueuePriority = (Thread.currentThread().getPriority() + Thread.MAX_PRIORITY) / 2; + } else if (publishingQueuePriorityLevel < -1) { + mPublishingQueuePriority = Thread.MIN_PRIORITY; + } else if (publishingQueuePriorityLevel < 0) { + mPublishingQueuePriority = (Thread.currentThread().getPriority() + Thread.MIN_PRIORITY) / 2; + } else { + mPublishingQueuePriority = Thread.currentThread().getPriority(); + } + + if (mCA != null && mRequestQueue == null) + mRequestQueue = mCA.getRequestQueue(); + if (mIsPublishingQueueEnabled && mSavePublishingStatus > 0 && mRequestQueue != null) { + mPublishingStatus = mRequestQueue.getPublishingStatus(); + BigInteger status = new BigInteger("-2"); + try { + status = new BigInteger(mPublishingStatus); + if (status.compareTo(BigInteger.ZERO) > -1) { + recoverPublishingQueue(mPublishingStatus); + } + } catch (Exception e) { + } + } + + } + + /** + * Registers a request listener. + * + * @param listener listener to be registered + */ + public void registerListener(IRequestListener listener) { + // XXX should check for duplicates here or allow listeners + // to register twice and call twice ? + mListeners.put(listener.getClass().getName(), listener); + } + + /** + * Registers a request listener. + * + * @param name listener name + * @param listener listener to be registered + */ + public void registerListener(String name, IRequestListener listener) { + mListeners.put(name, listener); + } + + /** + * Removes listener from the list of registered listeners. + * + * @param listener listener to be removed from the list + */ + public void removeListener(IRequestListener listener) { + // XXX should check for duplicates here or allow listeners + // to register twice and call twice ? + mListeners.remove(listener.getClass().getName()); + } + + /** + * Gets list of listener names. + * + * @return enumeration of listener names + */ + public Enumeration<String> getListenerNames() { + return mListeners.keys(); + } + + /** + * Removes listener from the list of registered listeners. + * + * @param name listener name to be removed from the list + */ + public void removeListener(String name) { + mListeners.remove(name); + } + + /** + * Gets listener from the list of registered listeners. + * + * @param name listener name + * @return listener + */ + public IRequestListener getListener(String name) { + return (IRequestListener) mListeners.get(name); + } + + /** + * Gets list of listeners. + * + * @return enumeration of listeners + */ + public Enumeration<IRequestListener> getListeners() { + return mListeners.elements(); + } + + private Object publishingCounterMonitor = new Object(); + + public void updatePublishingStatus(String id) { + if (mRequestQueue != null) { + synchronized (publishingCounterMonitor) { + if (mSavePublishingCounter == 0) { + CMS.debug("updatePublishingStatus requestId: " + id); + mRequestQueue.setPublishingStatus(id); + } + mSavePublishingCounter++; + CMS.debug("updatePublishingStatus mSavePublishingCounter: " + mSavePublishingCounter + + " mSavePublishingStatus: " + mSavePublishingStatus); + if (mSavePublishingCounter >= mSavePublishingStatus) { + mSavePublishingCounter = 0; + } + } + } else { + CMS.debug("updatePublishingStatus mRequestQueue == null"); + } + } + + /** + * Gets request from publishing queue. + * + * @return request + */ + public synchronized IRequest getRequest() { + IRequest r = null; + String id = null; + + CMS.debug("getRequest mRequests=" + mRequests.size() + " mSearchForRequests=" + mSearchForRequests); + if (mSearchForRequests && mRequests.size() == 1) { + id = (String) mRequests.elementAt(0); + if (mCA != null && mRequestQueue == null) + mRequestQueue = mCA.getRequestQueue(); + if (id != null && mRequestQueue != null) { + CMS.debug("getRequest request id=" + id); + IRequestVirtualList list = mRequestQueue.getPagedRequestsByFilter( + new RequestId(id), + "(requeststate=complete)", mMaxRequests, "requestId"); + int s = list.getSize() - list.getCurrentIndex(); + CMS.debug("getRequest list size: " + s); + for (int i = 0; i < s; i++) { + r = null; + try { + r = list.getElementAt(i); + } catch (Exception e) { + // handled below + } + if (r == null) { + continue; + } + String requestType = r.getRequestType(); + if (requestType == null) { + continue; + } + if (!(requestType.equals(IRequest.ENROLLMENT_REQUEST) || + requestType.equals(IRequest.RENEWAL_REQUEST) || + requestType.equals(IRequest.REVOCATION_REQUEST) || + requestType.equals(IRequest.CMCREVOKE_REQUEST) || + requestType.equals(IRequest.UNREVOCATION_REQUEST))) { + continue; + } + if (i == 0 && id.equals(r.getRequestId().toString())) { + if (s == 1) { + break; + } else { + continue; + } + } + if (mRequests.size() < mMaxRequests) { + mRequests.addElement(r.getRequestId().toString()); + CMS.debug("getRequest added " + + r.getRequestType() + " request " + r.getRequestId().toString() + + " to mRequests: " + mRequests.size() + " (" + mMaxRequests + ")"); + } else { + break; + } + } + CMS.debug("getRequest done with adding requests to mRequests: " + mRequests.size()); + } else { + CMS.debug("getRequest has no access to the request queue"); + } + } + if (mRequests.size() > 0) { + id = (String) mRequests.elementAt(0); + if (id != null) { + CMS.debug("getRequest getting request: " + id); + if (mCA != null && mRequestQueue == null) + mRequestQueue = mCA.getRequestQueue(); + if (mRequestQueue != null) { + try { + r = mRequestQueue.findRequest(new RequestId(id)); + mRequests.remove(0); + CMS.debug("getRequest request " + id + ((r != null) ? " found" : " not found")); + //updatePublishingStatus(id); + } catch (EBaseException e) { + CMS.debug("getRequest EBaseException " + e.toString()); + } + } else { + CMS.debug("getRequest has no access to the request queue"); + } + } + if (mRequests.size() == 0) { + mSearchForRequests = false; + } + } + CMS.debug("getRequest mRequests=" + mRequests.size() + " mSearchForRequests=" + mSearchForRequests + " done"); + + return r; + } + + /** + * Gets number of requests in publishing queue. + * + * @return number of requests in publishing queue + */ + public int getNumberOfRequests() { + return mRequests.size(); + } + + /** + * Checks if publishing queue is enabled. + * + * @return true if publishing queue is enabled, false otherwise + */ + public boolean isPublishingQueueEnabled() { + return mIsPublishingQueueEnabled; + } + + /** + * Removes a notifier thread from the pool of publishing queue threads. + * + * @param notifierThread Thread + */ + public void removeNotifierThread(Thread notifierThread) { + if (mNotifierThreads.size() > 0) { + mNotifierThreads.remove(notifierThread); + if (mNotifierThreads.size() == 0) { + mRequestQueue.setPublishingStatus("-1"); + } + } + CMS.debug("Number of publishing threads: " + mNotifierThreads.size()); + } + + /** + * Notifies all registered listeners about request. + * + * @param r request + */ + public void notify(IRequest r) { + CMS.debug("ARequestNotifier notify mIsPublishingQueueEnabled=" + mIsPublishingQueueEnabled + + " mMaxThreads=" + mMaxThreads); + if (mIsPublishingQueueEnabled) { + addToNotify(r); + } else if (mMaxThreads == 0) { + Enumeration<IRequestListener> listeners = mListeners.elements(); + if (listeners != null && r != null) { + while (listeners.hasMoreElements()) { + IRequestListener l = (IRequestListener) listeners.nextElement(); + CMS.debug("RunListeners: IRequestListener = " + l.getClass().getName()); + l.accept(r); + } + } + } else { + // spawn a seperate thread to call the listeners and return. + try { + new Thread(new RunListeners(r, mListeners.elements())).start(); + } catch (Throwable e) { + + /* + CMS.getLogger().log( + ILogger.EV_SYSTEM, ILogger.S_REQQUEUE, ILogger.LL_FAILURE, + "Could not run listeners for request " + r.getRequestId() + + ". Error " + e + ";" + e.getMessage()); + */ + } + } + } + + /** + * Checks for available publishing connections + * + * @return true if there are available publishing connections, false otherwise + */ + private boolean checkAvailablePublishingConnections() { + boolean availableConnections = false; + + IPublisherProcessor pp = null; + if (mCA != null) + pp = mCA.getPublisherProcessor(); + if (pp != null && pp.enabled()) { + ILdapConnModule ldapConnModule = pp.getLdapConnModule(); + if (ldapConnModule != null) { + ILdapConnFactory ldapConnFactory = ldapConnModule.getLdapConnFactory(); + if (ldapConnFactory != null) { + CMS.debug("checkAvailablePublishingConnections maxConn: " + ldapConnFactory.maxConn() + + " totalConn: " + ldapConnFactory.totalConn()); + if (ldapConnFactory.maxConn() > ldapConnFactory.totalConn()) { + availableConnections = true; + } + } else { + CMS.debug("checkAvailablePublishingConnections ldapConnFactory is not accessible"); + } + } else { + CMS.debug("checkAvailablePublishingConnections ldapConnModule is not accessible"); + } + } else { + CMS.debug("checkAvailablePublishingConnections PublisherProcessor is not " + + ((pp != null) ? "enabled" : "accessible")); + } + + return availableConnections; + } + + /** + * Checks if more publishing threads can be added. + * + * @return true if more publishing threads can be added, false otherwise + */ + private boolean morePublishingThreads() { + boolean moreThreads = false; + + if (mNotifierThreads.size() == 0) { + moreThreads = true; + } else if (mNotifierThreads.size() < mMaxThreads) { + CMS.debug("morePublishingThreads (" + mRequests.size() + ">" + + ((mMaxRequests * mNotifierThreads.size()) / mMaxThreads) + + " " + "(" + mMaxRequests + "*" + mNotifierThreads.size() + "):" + mMaxThreads); + // gradually add new publishing threads + if (mRequests.size() > ((mMaxRequests * mNotifierThreads.size()) / mMaxThreads)) { + // check for available publishing connections + if (checkAvailablePublishingConnections()) { + moreThreads = true; + } + } + } + CMS.debug("morePublishingThreads moreThreads: " + moreThreads); + + return moreThreads; + } + + /** + * Notifies all registered listeners about request. + * + * @param r request + */ + public synchronized void addToNotify(IRequest r) { + if (!mSearchForRequests) { + if (mRequests.size() < mMaxRequests) { + mRequests.addElement(r.getRequestId().toString()); + CMS.debug("addToNotify extended buffer to " + mRequests.size() + "(" + mMaxRequests + ")" + + " requests by adding request " + r.getRequestId().toString()); + if (morePublishingThreads()) { + try { + Thread notifierThread = new Thread(new RunListeners((IRequestNotifier) this)); + if (notifierThread != null) { + mNotifierThreads.addElement(notifierThread); + CMS.debug("Number of publishing threads: " + mNotifierThreads.size()); + if (mPublishingQueuePriority > 0) { + notifierThread.setPriority(mPublishingQueuePriority); + } + notifierThread.start(); + } + } catch (Throwable e) { + CMS.debug("addToNotify exception: " + e.toString()); + } + } + } else { + mSearchForRequests = true; + } + } + } + + /** + * Recovers publishing queue. + * + * @param id request request + */ + public void recoverPublishingQueue(String id) { + CMS.debug("recoverPublishingQueue mRequests.size()=" + mRequests.size() + "(" + mMaxRequests + ")" + + " requests by adding request " + id); + if (mRequests.size() == 0) { + mRequests.addElement(id); + CMS.debug("recoverPublishingQueue extended buffer to " + mRequests.size() + "(" + mMaxRequests + ")" + + " requests by adding request " + id); + if (morePublishingThreads()) { + mSearchForRequests = true; + try { + Thread notifierThread = new Thread(new RunListeners((IRequestNotifier) this)); + if (notifierThread != null) { + mNotifierThreads.addElement(notifierThread); + CMS.debug("Number of publishing threads: " + mNotifierThreads.size()); + if (mPublishingQueuePriority > 0) { + notifierThread.setPriority(mPublishingQueuePriority); + } + notifierThread.start(); + } + } catch (Throwable e) { + CMS.debug("recoverPublishingQueue exception: " + e.toString()); + } + } + } + } +} + +/** + * The RunListeners class implements Runnable interface. + * This class executes notification of registered listeners. + */ +class RunListeners implements Runnable { + IRequest mRequest = null; + Enumeration<IRequestListener> mListeners = null; + IRequestNotifier mRequestNotifier = null; + + /** + * RunListeners class constructor. + * + * @param r request + * @param listeners list of listeners + */ + public RunListeners(IRequest r, Enumeration<IRequestListener> listeners) { + mRequest = r; + mListeners = listeners; + } + + /** + * RunListeners class constructor. + * + * @param r request + * @param listeners list of listeners + */ + public RunListeners(IRequestNotifier requestNotifier) { + mRequestNotifier = requestNotifier; + mListeners = mRequestNotifier.getListeners(); + } + + /** + * RunListeners thread implementation. + */ + public void run() { + CMS.debug("RunListeners::" + + ((mRequestNotifier != null && mRequestNotifier.getNumberOfRequests() > 0) ? " Queue: " + + mRequestNotifier.getNumberOfRequests() : " noQueue") + + " " + ((mRequest != null) ? " SingleRequest" : " noSingleRequest")); + do { + if (mRequestNotifier != null) + mRequest = (IRequest) mRequestNotifier.getRequest(); + if (mListeners != null && mRequest != null) { + while (mListeners.hasMoreElements()) { + IRequestListener l = (IRequestListener) mListeners.nextElement(); + CMS.debug("RunListeners: IRequestListener = " + l.getClass().getName()); + l.accept(mRequest); + } + if (mRequestNotifier != null) { + CMS.debug("RunListeners: mRequest = " + mRequest.getRequestId().toString()); + mRequestNotifier.updatePublishingStatus(mRequest.getRequestId().toString()); + } + } + CMS.debug("RunListeners: " + + ((mRequestNotifier != null && mRequestNotifier.getNumberOfRequests() > 0) ? " Queue: " + + mRequestNotifier.getNumberOfRequests() : " noQueue") + + " " + ((mRequest != null) ? " SingleRequest" : " noSingleRequest")); + if (mRequestNotifier != null) + mListeners = mRequestNotifier.getListeners(); + } while (mRequestNotifier != null && mRequestNotifier.getNumberOfRequests() > 0); + + if (mRequestNotifier != null) + mRequestNotifier.removeNotifierThread(Thread.currentThread()); + } +} diff --git a/base/common/src/com/netscape/certsrv/request/AgentApproval.java b/base/common/src/com/netscape/certsrv/request/AgentApproval.java new file mode 100644 index 000000000..eb3ca06a8 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/request/AgentApproval.java @@ -0,0 +1,66 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + +import java.io.Serializable; +import java.util.Date; + +/** + * The AgentApproval class contains the record of a + * single agent approval. + * + * @version $Revision$, $Date$ + */ +public class AgentApproval + implements Serializable { + + /** + * + */ + private static final long serialVersionUID = -3444654917454805225L; + + /** + * Returns the approving agent's user name. + * + * @return an identifier for the agent + */ + public String getUserName() { + return mUserName; + } + + /** + * Returns the date of the approval + * + * @return date and time of the approval + */ + public Date getDate() { + return mDate; + } + + /** + * AgentApproval class constructor + * + * @param userName user name of the approving agent + */ + AgentApproval(String userName) { + mUserName = userName; + } + + String mUserName; + Date mDate = new Date(); /* CMS.getCurrentDate(); */ +} diff --git a/base/common/src/com/netscape/certsrv/request/AgentApprovals.java b/base/common/src/com/netscape/certsrv/request/AgentApprovals.java new file mode 100644 index 000000000..d6fa41b8f --- /dev/null +++ b/base/common/src/com/netscape/certsrv/request/AgentApprovals.java @@ -0,0 +1,159 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + +import java.io.Serializable; +import java.util.Date; +import java.util.Enumeration; +import java.util.Vector; + +/** + * A collection of AgentApproval objects. + * <single-threaded> + * + * @version $Revision$, $Date$ + */ +public class AgentApprovals + implements Serializable { + + /** + * + */ + private static final long serialVersionUID = -3827259076159153561L; + + /** + * Adds an approval to approval's list. + * <p> + * If an approval is already present for this user, it is updated with a new date. Otherwise a new value is + * inserted. + * + * @param userName user name of the approving agent + */ + public void addApproval(String userName) { + AgentApproval a = findApproval(userName); + + // update existing approval + if (a != null) { + a.mDate = new Date(); /* CMS.getCurrentDate(); */ + return; + } + + a = new AgentApproval(userName); + mVector.addElement(a); + } + + /** + * Removes an approval from approval's list. + * <p> + * If there is no approval for this userName, this call does nothing. + * + * @param userName user name of the approving agent + */ + public void removeApproval(String userName) { + AgentApproval a = findApproval(userName); + + if (a != null) + mVector.removeElement(a); + } + + /** + * Finds an existing AgentApproval for the named user. + * + * @param userName user name of the approving agent + * @return an AgentApproval object + */ + public AgentApproval findApproval(String userName) { + AgentApproval a = null; + + // search + for (int i = 0; i < mVector.size(); i++) { + a = mVector.elementAt(i); + + if (a.mUserName.equals(userName)) + break; + } + + return a; + } + + /** + * Returns an enumeration of the agent approvals + * + * @return an enumeration of the agent approvals + */ + public Enumeration<AgentApproval> elements() { + return mVector.elements(); + } + + /** + * Returns the AgentApprovals as a Vector of strings. + * Each entry in the vector is of the format: + * epoch;username + * where epoch is the date.getTime() + * <p> + * This is used for serialization in Request.setExtData(). + * + * @return The string vector. + */ + public Vector<String> toStringVector() { + Vector<String> retval = new Vector<String>(mVector.size()); + for (int i = 0; i < mVector.size(); i++) { + AgentApproval a = (AgentApproval) mVector.elementAt(i); + retval.add(a.getDate().getTime() + ";" + a.getUserName()); + } + + return retval; + } + + /** + * Recreates an AgentApprovals instance from a Vector of strings that + * was created by toStringVector(). + * + * @param stringVector The vector of strings to translate + * @return the AgentApprovals instance or null if it can't be translated. + */ + public static AgentApprovals fromStringVector(Vector<String> stringVector) { + if (stringVector == null) { + return null; + } + AgentApprovals approvals = new AgentApprovals(); + for (int i = 0; i < stringVector.size(); i++) { + try { + String approvalString = stringVector.get(i); + String[] parts = approvalString.split(";", 2); + if (parts.length != 2) { + return null; + } + Long epoch = new Long(parts[0]); + Date date = new Date(epoch.longValue()); + + AgentApproval approval = new AgentApproval(parts[1]); + approval.mDate = date; + + approvals.mVector.add(approval); + } catch (ClassCastException e) { + return null; + } catch (NumberFormatException e) { + return null; + } + } + return approvals; + } + + protected Vector<AgentApproval> mVector = new Vector<AgentApproval>(); +} diff --git a/base/common/src/com/netscape/certsrv/request/IEnrollmentRequest.java b/base/common/src/com/netscape/certsrv/request/IEnrollmentRequest.java new file mode 100644 index 000000000..32c3f53a9 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/request/IEnrollmentRequest.java @@ -0,0 +1,30 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + +/** + * An example of a more specialized request interface. + * This version (currently) doesn't supply any additional + * data, but is implementated only for testing and + * demonstration purposes. + * + * @version $Revision$, $Date$ + */ +public interface IEnrollmentRequest + extends IRequest { +} diff --git a/base/common/src/com/netscape/certsrv/request/INotify.java b/base/common/src/com/netscape/certsrv/request/INotify.java new file mode 100644 index 000000000..938cd855b --- /dev/null +++ b/base/common/src/com/netscape/certsrv/request/INotify.java @@ -0,0 +1,40 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + +/** + * The INotify interface defines operations that are invoked + * when a request is completely processed. A class implementing + * this interface may be registered with a IRequestQueue. + * The interface will be invoked when a request is completely + * serviced by the IService object. + * + * @version $Revision$ $Date$ + */ +public interface INotify { + + /** + * Provides notification that a request has been completed. + * The implementation may use values stored in the IRequest + * object, and may implement any type publishing (such as email + * or writing values into a directory) + * + * @param request the request that is completed. + */ + public void notify(IRequest request); +} diff --git a/base/common/src/com/netscape/certsrv/request/IPolicy.java b/base/common/src/com/netscape/certsrv/request/IPolicy.java new file mode 100644 index 000000000..9998abee7 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/request/IPolicy.java @@ -0,0 +1,53 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + +/** + * Interface to a policy. The policy evaluates the request for + * correctness and completeness. It may change or add to values + * stored in the request. The policy object also decides + * whether a request should be queue to await approval by + * an agent. + * FUTURE: In this case, the policy should set the + * 'agentGroup' entry in the request to indicate the group + * of agents allowed to perform further processing. If none + * is set, a default value ("defaultAgentGroup") will be + * set instead. + * + * @version $Revision$, $Date$ + */ +public interface IPolicy { + + /** + * Applies the policy check to the request. The policy should + * determine whether the request can be processed immediately, + * or should be held pending manual approval. + * <p> + * The policy can update fields in the request, to add additional values or to restrict the values to pre-determined + * ranges. + * <p> + * + * @param request + * the request to check + * @return + * a result code indicating the result of the evaluation. The + * processor will determine the next request processing step based + * on this value + */ + PolicyResult apply(IRequest request); +} diff --git a/base/common/src/com/netscape/certsrv/request/IRequest.java b/base/common/src/com/netscape/certsrv/request/IRequest.java new file mode 100644 index 000000000..e43856e2d --- /dev/null +++ b/base/common/src/com/netscape/certsrv/request/IRequest.java @@ -0,0 +1,764 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + +//import java.io.Serializable; + +import java.math.BigInteger; +import java.util.Date; +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.Locale; +import java.util.Vector; + +import netscape.security.x509.CertificateExtensions; +import netscape.security.x509.CertificateSubjectName; +import netscape.security.x509.RevokedCertImpl; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; + +import com.netscape.certsrv.authentication.IAuthToken; +import com.netscape.certsrv.base.IAttrSet; + +/** + * An interface that defines abilities of request objects, + * + * @version $Revision$, $Date$ + */ +public interface IRequest { + + public static final String REQ_VERSION = "requestVersion"; + + public static final String REQ_STATUS = "requestStatus"; + public static final String REQ_TYPE = "requestType"; + public static final String REQ_FORMAT = "requestFormat"; + + // request type values. + public static final String ENROLLMENT_REQUEST = "enrollment"; + public static final String RENEWAL_REQUEST = "renewal"; + public static final String REVOCATION_REQUEST = "revocation"; + public static final String CMCREVOKE_REQUEST = "CMCRevReq"; + public static final String UNREVOCATION_REQUEST = "unrevocation"; + public static final String KEYARCHIVAL_REQUEST = "archival"; + public static final String KEYRECOVERY_REQUEST = "recovery"; + public static final String KEY_RECOVERY_REQUEST = "keyRecovery"; + public static final String KEY_ARCHIVAL_REQUEST = "keyArchival"; + public static final String GETCACHAIN_REQUEST = "getCAChain"; + public static final String GETREVOCATIONINFO_REQUEST = "getRevocationInfo"; + public static final String GETCRL_REQUEST = "getCRL"; + public static final String GETCERTS_REQUEST = "getCertificates"; + public static final String REVOCATION_CHECK_CHALLENGE_REQUEST = "revocationChallenge"; + public static final String GETCERT_STATUS_REQUEST = "getCertStatus"; + public static final String GETCERTS_FOR_CHALLENGE_REQUEST = "getCertsForChallenge"; + public static final String CLA_CERT4CRL_REQUEST = "cert4crl"; + public static final String CLA_UNCERT4CRL_REQUEST = "uncert4crl"; + public static final String NETKEY_KEYGEN_REQUEST = "netkeyKeygen"; + public static final String NETKEY_KEYRECOVERY_REQUEST = "netkeyKeyRecovery"; + + public static final String REQUESTOR_NAME = "csrRequestorName"; + public static final String REQUESTOR_PHONE = "csrRequestorPhone"; + public static final String REQUESTOR_EMAIL = "csrRequestorEmail"; + public static final String REQUESTOR_COMMENTS = "csrRequestorComments"; + + // request attributes for all + public static final String AUTH_TOKEN = "AUTH_TOKEN"; + public static final String HTTP_PARAMS = "HTTP_PARAMS"; + public static final String HTTP_HEADERS = "HTTP_HEADERS"; + // Params added by agents on agent approval page + public static final String AGENT_PARAMS = "AGENT_PARAMS"; + // server attributes: attributes generated by server modules. + public static final String SERVER_ATTRS = "SERVER_ATTRS"; + + public static final String RESULT = "Result"; // service result. + public static final Integer RES_SUCCESS = Integer.valueOf(1); // result value + public static final Integer RES_ERROR = Integer.valueOf(2); // result value + public static final String REMOTE_SERVICE_AUTHORITY = "RemServiceAuthority"; + public static final String SVCERRORS = "serviceErrors"; + public static final String REMOTE_STATUS = "remoteStatus"; + public static final String REMOTE_REQID = "remoteReqID"; + public static final String CERT_STATUS = "certStatus"; + + // enrollment request attributes (from http request) + public static final String CERT_TYPE = "certType"; + public static final String CRMF_REQID = "crmfReqId"; + public static final String PKCS10_REQID = "pkcs10ReqId"; + // CMC request attributes + public static final String CMC_REQIDS = "cmcReqIds"; + public static final String CMC_TRANSID = "transactionId"; + public static final String CMC_SENDERNONCE = "senderNonce"; + public static final String CMC_RECIPIENTNONCE = "recipientNonce"; + public static final String CMC_REGINFO = "regInfo"; + + // enrollment request attributes (generated internally) + // also used for renewal + public static final String CERT_INFO = "CERT_INFO"; + public static final String ISSUED_CERTS = "issuedCerts"; + public static final String REQUEST_TRUSTEDMGR_PRIVILEGE = "requestTrustedManagerPrivilege"; + public static final String FINGERPRINTS = "fingerprints"; + + // enrollment request values + public static final String SERVER_CERT = "server"; + public static final String CLIENT_CERT = "client"; + public static final String CA_CERT = "ca"; + public static final String RA_CERT = "ra"; + public static final String OCSP_CERT = "ocsp"; + public static final String OBJECT_SIGNING_CERT = "objSignClient"; + public static final String OTHER_CERT = "other"; + public static final String ROUTER_CERT = "router"; // deprecated + public static final String CEP_CERT = "CEP-Request"; + + // renewal request attributes. (internally set) + // also used for revocation + public static final String OLD_CERTS = "OLD_CERTS"; + public static final String OLD_SERIALS = "OLD_SERIALS"; + public static final String ISSUERDN = "issuerDN"; + + // revocation request attributes (internally set) + public static final String REVOKED_CERTS = "revokedCerts"; + public static final String REVOKED_REASON = "revocationReason"; + // CCA -> CLA request attributes + public static final String REVOKED_CERT_RECORDS = "revokedCertRecs"; + // crl update status after a revocation. + public final static String CRL_UPDATE_STATUS = "crlUpdateStatus"; + public final static String CRL_UPDATE_ERROR = "crlUpdateError"; + public final static String CRL_PUBLISH_STATUS = "crlPublishStatus"; + public final static String CRL_PUBLISH_ERROR = "crlPublishError"; + public static final String REQUESTOR_TYPE = "requestorType"; + + // Netkey request attributes + public final static String NETKEY_ATTR_CUID = "CUID"; + public final static String NETKEY_ATTR_USERID = "USERID"; + public final static String NETKEY_ATTR_DRMTRANS_DES_KEY = "drm_trans_desKey"; + public final static String NETKEY_ATTR_ARCHIVE_FLAG = "archive"; + public final static String NETKEY_ATTR_SERVERSIDE_MUSCLE_FLAG = "serverSideMuscle"; + public final static String NETKEY_ATTR_ENC_PRIVKEY_FLAG = "encryptPrivKey"; + public final static String NETKEY_ATTR_USER_CERT = "cert"; + public final static String NETKEY_ATTR_KEY_SIZE = "keysize"; + + //Security Data request attributes + public static final String SECURITY_DATA_ENROLLMENT_REQUEST = "securityDataEnrollment"; + public static final String SECURITY_DATA_RECOVERY_REQUEST = "securityDataRecovery"; + public static final String SECURITY_DATA_CLIENT_ID = "clientID"; + public static final String SECURITY_DATA_TYPE = "dataType"; + public static final String SECURITY_DATA_STATUS = "status"; + public static final String SECURITY_DATA_TRANS_SESS_KEY = "transWrappedSessionKey"; + public static final String SECURITY_DATA_SESS_PASS_PHRASE = "sessionWrappedPassphrase"; + public static final String SECURITY_DATA_IV_STRING_IN = "iv_in"; + public static final String SECURITY_DATA_IV_STRING_OUT = "iv_out"; + public static final String SECURITY_DATA_SESS_WRAPPED_DATA = "sessWrappedSecData"; + public static final String SECURITY_DATA_PASS_WRAPPED_DATA = "passPhraseWrappedData"; + + + // requestor type values. + public static final String REQUESTOR_EE = "EE"; + public static final String REQUESTOR_RA = "RA"; + public static final String REQUESTOR_NETKEY_RA = "NETKEY_RA"; + public static final String REQUESTOR_KRA = "KRA"; + public static final String REQUESTOR_AGENT = "Agent"; + + // others (internally set) + public final static String CACERTCHAIN = "CACertChain"; + public final static String CRL = "CRL"; + public final static String DOGETCACHAIN = "doGetCAChain"; + public final static String CERT_FILTER = "certFilter"; + + // used by policy + public static final String ERRORS = "errors"; + public static final String SMIME = "SMIME"; + public static final String OBJECT_SIGNING = "ObjectSigning"; + public static final String SSL_CLIENT = "SSLClient"; + + /** + * Gets the primary identifier for this request. + * + * @return request id + */ + RequestId getRequestId(); + + /** + * Gets the current state of this request. + * + * @return request status + */ + RequestStatus getRequestStatus(); + + /** + * Gets the "sourceId" for the request. The sourceId is + * assigned by the originator of the request (for example, + * the EE servlet or the RA servlet. + * <p> + * The sourceId should be unique so that it can be used to retrieve request later without knowing the locally + * assigned primary id (RequestID) + * <p> + * + * @return + * the sourceId value (or null if none has been set) + */ + public String getSourceId(); + + /** + * Sets the "sourceId" for this request. The request must be updated + * in the database for this change to take effect. This can be done + * by calling IRequestQueue.update() or by performing one of the + * other operations like processRequest or approveRequest. + * + * @param id source id for this request + */ + public void setSourceId(String id); + + /** + * Gets the current owner of this request. + * + * @return request owner + */ + public String getRequestOwner(); + + /** + * Sets the current owner of this request. + * + * @param owner + * The new owner of this request. If this value is set to null + * there will be no current owner + */ + public void setRequestOwner(String owner); + + /** + * Gets the type of this request. + * + * @return request type + */ + public String getRequestType(); + + /** + * Sets the type or this request. + * + * @param type request type + */ + public void setRequestType(String type); + + /** + * Gets the version of this request. + * + * @return request version + */ + public String getRequestVersion(); + + /** + * Gets the time this request was created. + * + * @return request creation time + */ + Date getCreationTime(); + + /** + * Gets the time this request was last modified (defined + * as updated in the queue) (See IRequestQueue.update) + * + * @return request last modification time + */ + Date getModificationTime(); + + /* + * Attribute names for performing searches. + */ + public final static String ATTR_REQUEST_OWNER = "requestOwner"; + public final static String ATTR_REQUEST_STATUS = "requestStatus"; + public final static String ATTR_SOURCE_ID = "requestSourceId"; + public final static String ATTR_REQUEST_TYPE = "requestType"; + + /* + * Other attributes stored in the attribute set + */ + public final static String UPDATED_BY = "updatedBy"; + // String error messages + public static final String ERROR = "Error"; + + /** + * Copies meta attributes (excluding request Id, etc.) of another request + * to this request. + * + * @param req another request + */ + public void copyContents(IRequest req); + + /** + * Gets context of this request. + * + * @return request context + */ + public String getContext(); + + /** + * Sets context of this request. + * + * @param ctx request context + */ + public void setContext(String ctx); + + /** + * Sets status of this request. + * + * @param s request status + */ + public void setRequestStatus(RequestStatus s); + + /** + * Gets status of connector transfer. + * + * @return status of connector transfer + */ + public boolean isSuccess(); + + /** + * Gets localized error message from connector transfer. + * + * @param locale request locale + * @return error message from connector transfer + */ + public String getError(Locale locale); + + /************************************************************** + * ExtData data methods: + * + * These methods should be used in place of the mAttrData methods + * deprecated above. + * + * These methods all store Strings in LDAP. This means they can no longer + * be used as a garbage dump for all sorts of objects. A limited number + * of helper methods are provided for Vectors/Arrays/Hashtables but the + * keys and values for all of these should be Strings. + * + * The keys are used in the LDAP attribute names, and so much obey LDAP + * key syntax rules: A-Za-z0-9 and hyphen. + */ + + /** + * Sets an Extended Data string-key string-value pair. + * All keys are lower cased because LDAP does not preserve case. + * + * @param key The extended data key + * @param value The extended data value + * @return false if key is invalid. + */ + public boolean setExtData(String key, String value); + + /** + * Sets an Extended Data string-key string-value pair. + * The key and hashtable keys are all lowercased because LDAP does not + * preserve case. + * + * @param key The extended data key + * @param value The extended data value + * the Hashtable contains an illegal key. + * @return false if the key or hashtable keys are invalid + */ + public boolean setExtData(String key, Hashtable<String, String> value); + + /** + * Checks whether the key is storing a simple String value, or a complex + * (Vector/hashtable) structure. + * + * @param key The key to check for. + * @return True if the key maps to a string. False if it maps to a + * hashtable. + */ + public boolean isSimpleExtDataValue(String key); + + /** + * Returns the String value stored for the String key. Returns null + * if not found. Throws exception if key stores a complex data structure + * (Vector/Hashtable). + * + * @param key The key to lookup (case-insensitive) + * @return The value associated with the key. null if not found or if the + * key is associated with a non-string value. + */ + public String getExtDataInString(String key); + + /** + * Returns the Hashtable value for the String key. Returns null if not + * found. Throws exception if the key stores a String value. + * + * The Hashtable returned is actually a subclass of Hashtable that + * lowercases all keys used to access the hashtable. Its purpose is to + * to make lookups seemless, but be aware it is not a normal hashtable and + * might behave strangely in some cases (e.g., iterating keys) + * + * @param key The key to lookup (case-insensitive) + * @return The hashtable value associated with the key. null if not found + * or if the key is associated with a string-value. + */ + public Hashtable<String, String> getExtDataInHashtable(String key); + + /** + * Returns all the keys stored in ExtData + * + * @return Enumeration of all the keys. + */ + public Enumeration<String> getExtDataKeys(); + + /** + * Stores an array of Strings in ExtData. + * The indices of the array are used as subkeys. + * + * @param key the ExtData key + * @param values the array of string values to store + * @return False if the key is invalid + */ + public boolean setExtData(String key, String[] values); + + /** + * Retrieves an array of Strings stored with the key. + * This only works if the data was stored as an array. If the data + * is not correct, this method will return null. + * + * @param key The ExtData key + * @return The value. Null if not found or the data isn't an array. + */ + public String[] getExtDataInStringArray(String key); + + /** + * Removes the value of an extdata attribute. + * + * @param type key to delete + */ + void deleteExtData(String type); + + /***************************** + * Helper methods for ExtData + ****************************/ + + /** + * Helper method to add subkey/value pair to a ExtData hashtable. + * If the hashtable it exists, the subkey/value are added to it. Otherwise + * a new hashtable is created. + * + * The key and subkey are lowercased because LDAP does not preserve case. + * + * @param key The top level key + * @param subkey The hashtable data key + * @param value The hashtable value + * @return False if the key or subkey are invalid + */ + public boolean setExtData(String key, String subkey, String value); + + /** + * Helper method to retrieve an individual value from a Hashtable value. + * + * @param key the ExtData key + * @param subkey the key in the Hashtable value (case insensitive) + * @return the value corresponding to the key/subkey + */ + public String getExtDataInString(String key, String subkey); + + /** + * Helper method to store an Integer value. It converts the integer value + * to a String and stores it. + * + * @param key the ExtData key + * @param value the Integer to store (as a String) + * @return False if the key or value are invalid + */ + public boolean setExtData(String key, Integer value); + + /** + * Retrieves an integer value. Returns null if not found or + * the value can't be represented as an Integer. + * + * @param key The ExtData key to lookup + * @return The integer value or null if not possible. + */ + public Integer getExtDataInInteger(String key); + + /** + * Stores an array of Integers + * + * @param key The extdata key + * @param values The array of Integers to store + * @return false if the key is invalid + */ + public boolean setExtData(String key, Integer[] values); + + /** + * Retrieves an array of Integers + * + * @param key The extdata key + * @return The array of Integers or null on error. + */ + public Integer[] getExtDataInIntegerArray(String key); + + /** + * Helper method to store a BigInteger value. It converts the integer value + * to a String and stores it. + * + * @param key the ExtData key + * @param value the BigInteger to store (as a String) + * @return False if the key or value are invalid + */ + public boolean setExtData(String key, BigInteger value); + + /** + * Retrieves a BigInteger value. Returns null if not found or + * the value can't be represented as a BigInteger. + * + * @param key The ExtData key to lookup + * @return The integer value or null if not possible. + */ + public BigInteger getExtDataInBigInteger(String key); + + /** + * Stores an array of BigIntegers + * + * @param key The extdata key + * @param values The array of BigIntegers to store + * @return false if the key is invalid + */ + public boolean setExtData(String key, BigInteger[] values); + + /** + * Retrieves an array of BigIntegers + * + * @param key The extdata key + * @return The array of BigIntegers or null on error. + */ + public BigInteger[] getExtDataInBigIntegerArray(String key); + + /** + * Helper method to store an exception. + * It actually stores the e.toString() value. + * + * @param key The ExtData key to store under + * @param e The throwable to store + * @return False if the key is invalid. + */ + public boolean setExtData(String key, Throwable e); + + /** + * Stores a byte array as base64 encoded text + * + * @param key The ExtData key + * @param data The byte array to store + * @return False if the key is invalid. + */ + public boolean setExtData(String key, byte[] data); + + /** + * Retrieves the data, which should be base64 encoded as a byte array. + * + * @param key The ExtData key + * @return The data, or null if an error occurs. + */ + public byte[] getExtDataInByteArray(String key); + + /** + * Stores a X509CertImpl as base64 encoded text using the getEncode() + * method. + * + * @param key The ExtData key + * @param data certificate + * @return False if the key is invalid. + */ + public boolean setExtData(String key, X509CertImpl data); + + /** + * Retrieves the data, which should be base64 encoded as a byte array. + * + * @param key The ExtData key + * @return The data, or null if an error occurs. + */ + public X509CertImpl getExtDataInCert(String key); + + /** + * Stores an array of X509CertImpls as a base64 encoded text. + * + * @param key The ExtData key + * @param data The array of certs to store + * @return False if the key or data is invalid. + */ + public boolean setExtData(String key, X509CertImpl[] data); + + /** + * Retrieves an array of X509CertImpl. + * + * @param key The ExtData key + * @return Array of certs, or null if not found or invalid data. + */ + public X509CertImpl[] getExtDataInCertArray(String key); + + /** + * Stores a X509CertInfo as base64 encoded text using the getEncodedInfo() + * method. + * + * @param key The ExtData key + * @param data certificate + * @return False if the key is invalid. + */ + public boolean setExtData(String key, X509CertInfo data); + + /** + * Retrieves the data, which should be base64 encoded as a byte array. + * + * @param key The ExtData key + * @return The data, or null if an error occurs. + */ + public X509CertInfo getExtDataInCertInfo(String key); + + /** + * Stores an array of X509CertInfos as a base64 encoded text. + * + * @param key The ExtData key + * @param data The array of cert infos to store + * @return False if the key or data is invalid. + */ + public boolean setExtData(String key, X509CertInfo[] data); + + /** + * Retrieves an array of X509CertInfo. + * + * @param key The ExtData key + * @return Array of cert infos, or null if not found or invalid data. + */ + public X509CertInfo[] getExtDataInCertInfoArray(String key); + + /** + * Stores an array of RevokedCertImpls as a base64 encoded text. + * + * @param key The ExtData key + * @param data The array of cert infos to store + * @return False if the key or data is invalid. + */ + public boolean setExtData(String key, RevokedCertImpl[] data); + + /** + * Retrieves an array of RevokedCertImpl. + * + * @param key The ExtData key + * @return Array of cert infos, or null if not found or invalid data. + */ + public RevokedCertImpl[] getExtDataInRevokedCertArray(String key); + + /** + * Stores the contents of the String Vector in ExtData. + * TODO - as soon as we're allowed to use JDK5 this should be changed + * to use Vector<String> data. + * + * Note that modifications to the Vector are not automatically reflected + * after it is stored. You must call set() again to make the changes. + * + * @param key The extdata key to store + * @param data A vector of Strings to store + * @return False on key error or invalid data. + */ + public boolean setExtData(String key, Vector<?> data); + + /** + * Returns a vector of strings for the key. + * Note that the returned vector, if modified, does not make changes + * in ExtData. You must call setExtData() to propogate changes back + * into ExtData. + * + * @param key The extdata key + * @return A Vector of strings, or null on error. + */ + public Vector<String> getExtDataInStringVector(String key); + + /** + * Gets boolean value for given type or default value + * if attribute is absent. + * + * @param type attribute type + * @param defVal default attribute value + * @return attribute value + */ + boolean getExtDataInBoolean(String type, boolean defVal); + + /** + * Gets extdata boolean value for given type or default value + * if attribute is absent for this request with this prefix. + * + * @param prefix request prefix + * @param type attribute type + * @param defVal default attribute value + * @return attribute value + */ + public boolean getExtDataInBoolean(String prefix, String type, boolean defVal); + + /** + * Stores an AuthToken the same as a Hashtable. + * + * @param key The ExtData key + * @param data The authtoken to store + * @return False if the key or data is invalid. + */ + public boolean setExtData(String key, IAuthToken data); + + /** + * Retrieves an authtoken. + * + * @param key The ExtData key + * @return AuthToken, or null if not found or invalid data. + */ + public IAuthToken getExtDataInAuthToken(String key); + + /** + * Stores a CertificateExtensions in extdata. + * + * @param key The ExtData key + * @param data The CertificateExtensions to store + * @return False if the key or data is invalid. + */ + public boolean setExtData(String key, CertificateExtensions data); + + /** + * Retrieves the CertificateExtensions associated with the key. + * + * @param key The ExtData key + * @return the object, or null if not found or invalid data. + */ + public CertificateExtensions getExtDataInCertExts(String key); + + /** + * Stores a CertificateSubjectName in extdata. + * + * @param key The ExtData key + * @param data The CertificateSubjectName to store + * @return False if the key or data is invalid. + */ + public boolean setExtData(String key, CertificateSubjectName data); + + /** + * Retrieves the CertificateSubjectName associated with the key. + * + * @param key The ExtData key + * @return the object, or null if not found or invalid data. + */ + public CertificateSubjectName getExtDataInCertSubjectName(String key); + + /** + * This method returns an IAttrSet wrapper for the IRequest. + * Use of this method is strongly discouraged. It provides extremely + * limited functionality, and is only provided for the two places IRequest + * is being used as such in the code. If you are considering using this + * method, please don't. + * + * @return IAttrSet wrapper with basic "get" functionality. + * @deprecated + */ + public IAttrSet asIAttrSet(); + +} diff --git a/base/common/src/com/netscape/certsrv/request/IRequestList.java b/base/common/src/com/netscape/certsrv/request/IRequestList.java new file mode 100644 index 000000000..5f265941a --- /dev/null +++ b/base/common/src/com/netscape/certsrv/request/IRequestList.java @@ -0,0 +1,56 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + +import java.util.Enumeration; + +/** + * An interface providing a list of RequestIds that match + * some criteria. It could be a list of all elements in a + * queue, or just some defined sub-set. + * + * @version $Revision$, $Date$ + */ +public interface IRequestList + extends Enumeration<RequestId> { + + /** + * Gets the next RequestId from this list. null is + * returned when there are no more elements in the list. + * <p> + * Callers should be sure there is another element in the list by calling hasMoreElements first. + * <p> + * + * @return next request id + */ + RequestId nextRequestId(); + + /** + * Gets next request from the list. + * + * @return next request + */ + public Object nextRequest(); + + /** + * Gets next request Object from the list. + * + * @return next request + */ + public IRequest nextRequestObject(); +} diff --git a/base/common/src/com/netscape/certsrv/request/IRequestListener.java b/base/common/src/com/netscape/certsrv/request/IRequestListener.java new file mode 100644 index 000000000..8dc8a42a9 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/request/IRequestListener.java @@ -0,0 +1,54 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.ISubsystem; + +/** + * An interface that defines abilities of request listener, + * + * @version $Revision$, $Date$ + */ +public interface IRequestListener { + + /** + * Initializes request listener for the specific subsystem + * and configuration store. + * + * @param sub subsystem + * @param config configuration store + */ + public void init(ISubsystem sub, IConfigStore config) throws EBaseException; + + /** + * Accepts request. + * + * @param request request + */ + public void accept(IRequest request); + + /** + * Sets attribute. + * + * @param name attribute name + * @param val attribute value + */ + public void set(String name, String val); +} diff --git a/base/common/src/com/netscape/certsrv/request/IRequestNotifier.java b/base/common/src/com/netscape/certsrv/request/IRequestNotifier.java new file mode 100644 index 000000000..66bd35432 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/request/IRequestNotifier.java @@ -0,0 +1,130 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + +import java.util.Enumeration; + +/** + * IRequestNotifier interface defines methods to register listeners, + * + * @version $Revision$, $Date$ + */ +public interface IRequestNotifier extends INotify { + + /** + * Registers a request listener. + * + * @param listener listener to be registered + */ + public void registerListener(IRequestListener listener); + + /** + * Registers a request listener. + * + * @param name listener name + * @param listener listener to be registered + */ + public void registerListener(String name, IRequestListener listener); + + /** + * Removes listener from the list of registered listeners. + * + * @param listener listener to be removed from the list + */ + public void removeListener(IRequestListener listener); + + /** + * Removes listener from the list of registered listeners. + * + * @param name listener name to be removed from the list + */ + public void removeListener(String name); + + /** + * Gets list of listener names. + * + * @return enumeration of listener names + */ + public Enumeration<String> getListenerNames(); + + /** + * Gets listener from the list of registered listeners. + * + * @param name listener name + * @return listener + */ + public IRequestListener getListener(String name); + + /** + * Gets list of listeners. + * + * @return enumeration of listeners + */ + public Enumeration<IRequestListener> getListeners(); + + /** + * Gets request from publishing queue. + * + * @return request + */ + public IRequest getRequest(); + + /** + * Gets number of requests in publishing queue. + * + * @return number of requests in publishing queue + */ + public int getNumberOfRequests(); + + /** + * Checks if publishing queue is enabled. + * + * @return true if publishing queue is enabled, false otherwise + */ + public boolean isPublishingQueueEnabled(); + + /** + * Removes a notifier thread from the pool of publishing queue threads. + * + * @param notifierThread Thread + */ + public void removeNotifierThread(Thread notifierThread); + + /** + * Notifies all registered listeners about request. + * + * @param r request + */ + public void addToNotify(IRequest r); + + /** + * Sets publishing queue parameters. + * + * @param isPublishingQueueEnabled publishing queue switch + * @param publishingQueuePriorityLevel publishing queue priority level + * @param maxNumberOfPublishingThreads maximum number of publishing threads + * @param publishingQueuePageSize publishing queue page size + */ + public void setPublishingQueue(boolean isPublishingQueueEnabled, + int publishingQueuePriorityLevel, + int maxNumberOfPublishingThreads, + int publishingQueuePageSize, + int savePublishingStatus); + + public void updatePublishingStatus(String id); +} diff --git a/base/common/src/com/netscape/certsrv/request/IRequestQueue.java b/base/common/src/com/netscape/certsrv/request/IRequestQueue.java new file mode 100644 index 000000000..a8f5f7332 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/request/IRequestQueue.java @@ -0,0 +1,403 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + +import java.math.BigInteger; + +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.dbs.repository.IRepository; + +/** + * The IRequestQueue interface defines the operations on + * a collection of requests within the certificate server. + * There are may several collections, such as KRA, RA and CA + * requests. Each of these request collection has a defined + * set of policies, a notification service (for request + * completion) and a service routine. The request queue + * provides an interface for creating and viewing requests, + * as well as performing operations on them. + * <p> + * + * @version $Revision$ $Date$ + */ +public interface IRequestQueue { + + /** + * Creates a new request object. A request id is + * assigned to it - see IRequest.getRequestId, and + * the status is set to RequestStatus.BEGIN + * <p> + * The request is LOCKED. The caller MUST release the request object by calling releaseRequest(). + * <p> + * TODO: provide other required values (such as type and sourceId) + * + * @param requestType request type + * @return new request + * @exception EBaseException failed to create new request + */ + public IRequest newRequest(String requestType) + throws EBaseException; + + /** + * Clones a request object. A new request id is assigned + * and all attributes of the request is copied to cloned request, + * except for the sourceID of the original request + * (remote authority's request Id). + * <p> + * The cloned request that is returned is LOCKED. The caller MUST release the request object by calling + * releaseRequest(). + * + * @param r request to be cloned + * @return cloned request + * @exception EBaseException failed to clone request + */ + public IRequest cloneRequest(IRequest r) + throws EBaseException; + + /** + * Gets the Request corresponding to id. + * Returns null if the id does not correspond + * to a valid request id. + * <p> + * Errors may be generated for other conditions. + * + * @param id request id + * @return found request + * @exception EBaseException failed to access request queue + */ + public IRequest findRequest(RequestId id) + throws EBaseException; + + /** + * Begins processing for this request. This call + * is valid only on requests with status BEGIN + * An error is generated for other cases. + * + * @param req request to be processed + * @exception EBaseException failed to process request + */ + public void processRequest(IRequest req) + throws EBaseException; + + /** + * Sets request scheduler. + * + * @param scheduler request scheduler + */ + public void setRequestScheduler(IRequestScheduler scheduler); + + /** + * Gets request scheduler. + * + * @return request scheduler + */ + public IRequestScheduler getRequestScheduler(); + + /** + * Puts a new request into the PENDING state. This call is + * only valid for requests with status BEGIN. An error is + * generated for other cases. + * <p> + * This call might be used by agent servlets that want to copy a previous request, and resubmit it. By putting it + * into PENDING state, the normal agent screens can be used for further processing. + * + * @param req + * the request to mark PENDING + * @exception EBaseException failed to mark request as pending + */ + public void markRequestPending(IRequest req) + throws EBaseException; + + /** + * Clones a request object and mark it pending. A new request id is assigned + * and all attributes of the request is copied to cloned request, + * except for the sourceID of the original request + * (remote authority's request Id). + * <p> + * The cloned request that is returned is LOCKED. The caller MUST release the request object by calling + * releaseRequest(). + * + * @param r request to be cloned + * @return cloned request mark PENDING + * @exception EBaseException failed to clone or mark request + */ + public IRequest cloneAndMarkPending(IRequest r) + throws EBaseException; + + /** + * Approves a request. The request must be locked. + * <p> + * This call will fail if: the request is not in PENDING state the policy modules do not accept the request + * <p> + * If the policy modules reject the request, then the request will remain in the PENDING state. Messages from the + * policy module can be display to the agent to indicate the source of the problem. + * <p> + * The request processing code adds an AgentApproval to this request that contains the authentication id of the + * agent. This data is retrieved from the Session object (qv). + * + * @param request + * the request that is being approved + * @exception EBaseException failed to approve request + */ + public void approveRequest(IRequest request) + throws EBaseException; + + /** + * Rejects a request. The request must be locked. + * <p> + * This call will fail if: the request is not in PENDING state + * <p> + * The agent servlet (or other application) may wish to store AgentMessage values to indicate the reason for the + * action + * + * @param request + * the request that is being rejected + * @exception EBaseException failed to reject request + */ + public void rejectRequest(IRequest request) + throws EBaseException; + + /** + * Cancels a request. The request must be locked. + * <p> + * This call will fail if: the request is not in PENDING state + * <p> + * The agent servlet (or other application) may wish to store AgentMessage values to indicate the reason for the + * action + * + * @param request + * the request that is being canceled + * @exception EBaseException failed to cancel request + */ + public void cancelRequest(IRequest request) + throws EBaseException; + + /** + * Updates the request in the permanent data store. + * <p> + * This call can be made after changing a value like source id or owner, to force the new value to be written. + * <p> + * The request must be locked to make this call. + * + * @param request + * the request that is being updated + * @exception EBaseException failed to update request + */ + public void updateRequest(IRequest request) + throws EBaseException; + + /** + * Returns an enumerator that lists all RequestIds in the + * queue. The caller should use the RequestIds to locate + * each request by calling findRequest(). + * <p> + * NOTE: This interface will not be useful for large databases. This needs to be replace by a VLV (paged) search + * object. + * + * @return request list + */ + public IRequestList listRequests(); + + /** + * Returns an enumerator that lists all RequestIds for requests + * that are in the given status. For example, all the PENDING + * requests could be listed by specifying RequestStatus.PENDING + * as the <i>status</i> argument + * <p> + * NOTE: This interface will not be useful for large databases. This needs to be replace by a VLV (paged) search + * object. + * + * @param status request status + * @return request list + */ + public IRequestList listRequestsByStatus(RequestStatus status); + + /** + * Returns an enumerator that lists all RequestIds for requests + * that match the filter. + * <p> + * NOTE: This interface will not be useful for large databases. This needs to be replace by a VLV (paged) search + * object. + * + * @param filter search filter + * @return request list + */ + public IRequestList listRequestsByFilter(String filter); + + /** + * Returns an enumerator that lists all RequestIds for requests + * that match the filter. + * <p> + * NOTE: This interface will not be useful for large databases. This needs to be replace by a VLV (paged) search + * object. + * + * @param filter search filter + * @param maxSize max size to return + * @return request list + */ + public IRequestList listRequestsByFilter(String filter, int maxSize); + + /** + * Returns an enumerator that lists all RequestIds for requests + * that match the filter. + * <p> + * NOTE: This interface will not be useful for large databases. This needs to be replace by a VLV (paged) search + * object. + * + * @param filter search filter + * @param maxSize max size to return + * @param timeLimit timeout value for the search + * @return request list + */ + public IRequestList listRequestsByFilter(String filter, int maxSize, int timeLimit); + + /** + * Gets requests that are pending on handling by the service + * <p> + * + * @return list of pending requests + */ + // public IRequestList listServicePendingRequests(); + + /** + * Locates a request from the SourceId. + * + * @param id + * a unique identifier for the record that is based on the source + * of the request, and possibly an identify assigned by the source. + * @return + * The requestid corresponding to this source id. null is + * returned if the source id does not exist. + */ + public RequestId findRequestBySourceId(String id); + + /** + * Locates all requests with a particular SourceId. + * <p> + * + * @param id + * an identifier for the record that is based on the source + * of the request + * @return + * A list of requests corresponding to this source id. null is + * returned if the source id does not exist. + */ + public IRequestList findRequestsBySourceId(String id); + + /** + * Releases the LOCK on a request obtained from findRequest() or + * newRequest() + * <p> + * + * @param r request + */ + public void releaseRequest(IRequest r); + + /** + * Marks as serviced after destination authority has serviced request. + * Used by connector. + * + * @param r request + */ + public void markAsServiced(IRequest r); + + /** + * Resends requests + */ + public void recover(); + + /** + * Gets a pageable list of IRequest entries in this queue. + * + * @param pageSize page size + * @return request list + */ + public IRequestVirtualList getPagedRequests(int pageSize); + + /** + * Gets a pageable list of IRequest entries in this queue. + * + * @param filter search filter + * @param pageSize page size + * @param sortKey the attributes to sort by + * @return request list + */ + public IRequestVirtualList getPagedRequestsByFilter(String filter, + int pageSize, + String sortKey); + + /** + * Gets a pageable list of IRequest entries in this queue. + * + * @param fromId request id to start with + * @param filter search filter + * @param pageSize page size + * @param sortKey the attributes to sort by + * @return request list + */ + public IRequestVirtualList getPagedRequestsByFilter(RequestId fromId, + String filter, + int pageSize, + String sortKey); + + /** + * Gets a pageable list of IRequest entries in this queue. This + * jumps right to the end of the list + * + * @param fromId request id to start with + * @param jumpToEnd jump to end of list (set fromId to null) + * @param filter search filter + * @param pageSize page size + * @param sortKey the attributes to sort by + * @return request list + */ + public IRequestVirtualList getPagedRequestsByFilter(RequestId fromId, + boolean jumpToEnd, String filter, + int pageSize, + String sortKey); + + /** + * Retrieves the notifier for pending request. + * + * @return notifier for pending request + */ + public INotify getPendingNotify(); + + public BigInteger getLastRequestIdInRange(BigInteger reqId_low_bound, BigInteger reqId_upper_bound); + + /** + * Resets serial number. + */ + public void resetSerialNumber(BigInteger serial) throws EBaseException; + + /** + * Removes all objects with this repository. + */ + public void removeAllObjects() throws EBaseException; + + /** + * Gets request repository. + * + * @return request repository + */ + public IRepository getRequestRepository(); + + public String getPublishingStatus(); + + public void setPublishingStatus(String status); +} diff --git a/base/common/src/com/netscape/certsrv/request/IRequestRecord.java b/base/common/src/com/netscape/certsrv/request/IRequestRecord.java new file mode 100644 index 000000000..53531b133 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/request/IRequestRecord.java @@ -0,0 +1,112 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + +import java.util.Enumeration; + +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.dbs.IDBObj; + +/** + * A request record is the stored version of a request. + * It has a set of attributes that are mapped into LDAP + * attributes for actual directory operations. + * <p> + * + * @version $Revision$ $Date$ + */ +public interface IRequestRecord + extends IDBObj { + // + // The names of the attributes stored in this record + // + + // RequestId - identifies the record + public final static String ATTR_REQUEST_ID = "requestId"; + + // RequestStatus - indicates the current state + public final static String ATTR_REQUEST_STATE = "requestState"; + + // CreateTime - indicates the current state + public final static String ATTR_CREATE_TIME = "requestCreateTime"; + + // ModifyTime - indicates the current state + public final static String ATTR_MODIFY_TIME = "requestModifyTime"; + + // SourceId - indicates the current state + public final static String ATTR_SOURCE_ID = "requestSourceId"; + + // SourceId - indicates the current state + public final static String ATTR_REQUEST_OWNER = "requestOwner"; + + public final static String ATTR_REQUEST_TYPE = "requestType"; + + // Placeholder for ExtAttr data. this attribute is not in LDAP, but + // is used to trigger the ExtAttrDynMapper during conversion between LDAP + // and the RequestRecord. + public final static String ATTR_EXT_DATA = "requestExtData"; + + /** + * Gets the request id. + * + * @return request id + */ + public RequestId getRequestId(); + + /** + * Gets attribute names of the request. + * + * @return list of attribute names + */ + public Enumeration<String> getAttrNames(); + + /** + * Gets the request attribute value by the name. + * + * @param name attribute name + * @return attribute value + */ + public Object get(String name); + + /** + * Sets new attribute for the request. + * + * @param name attribute name + * @param o attribute value + */ + public void set(String name, Object o); + + /** + * Removes attribute from the request. + * + * @param name attribute name + */ + public void delete(String name) + throws EBaseException; + + /** + * Gets attribute list of the request. + * + * @return attribute list + */ + public Enumeration<String> getElements(); + + // IDBObj.getSerializableAttrNames + //public Enumeration getSerializableAttrNames(); + +} diff --git a/base/common/src/com/netscape/certsrv/request/IRequestScheduler.java b/base/common/src/com/netscape/certsrv/request/IRequestScheduler.java new file mode 100644 index 000000000..5012f5b0c --- /dev/null +++ b/base/common/src/com/netscape/certsrv/request/IRequestScheduler.java @@ -0,0 +1,45 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + +//import java.io.Serializable; + +/** + * This is an interface to a request scheduler that prioritizes + * the threads based on the request processing order. + * The request that enters the request queue first should + * be processed first. + * + * @version $Revision$ $Date$ + */ +public interface IRequestScheduler { + + /** + * Request entered the request queue processing. + * + * @param r request + */ + public void requestIn(IRequest r); + + /** + * Request exited the request queue processing. + * + * @param r request + */ + public void requestOut(IRequest r); +} diff --git a/base/common/src/com/netscape/certsrv/request/IRequestSubsystem.java b/base/common/src/com/netscape/certsrv/request/IRequestSubsystem.java new file mode 100644 index 000000000..164e84a37 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/request/IRequestSubsystem.java @@ -0,0 +1,105 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + +import com.netscape.certsrv.base.EBaseException; + +/** + * This interface defines storage of request objects + * in the local database. + * <p> + * + * @version $Revision$, $Date$ + */ +public interface IRequestSubsystem { + public static final String SUB_ID = "request"; + + /** + * Creates a new request queue. + * (Currently unimplemented. Just use getRequestQueue to create + * an in-memory queue.) + * <p> + * + * @param name The name of the queue object. This name can be used + * in getRequestQueue to retrieve the queue later. + * @exception EBaseException failed to create request queue + */ + public void createRequestQueue(String name) + throws EBaseException; + + /** + * Retrieves a request queue. This operation should only be done + * once on each queue. For example, the RA subsystem should retrieve + * its queue, and store it somewhere for use by related services, and + * servlets. + * <p> + * WARNING: retrieving the same queue twice with result in multi-thread race conditions. + * <p> + * + * @param name + * the name of the request queue. (Ex: "ca" "ra") + * @param p + * A policy enforcement module. This object is called to make + * adjustments to the request, and decide whether it needs agent + * approval. + * @param s + * The service object. This object actually performs the request + * after it is finalized and approved. + * @param n + * A notifier object (optional). The notify() method of this object + * is invoked when the request is completed (COMPLETE, REJECTED or + * CANCELED states). + * @exception EBaseException failed to retrieve request queue + */ + public IRequestQueue + getRequestQueue(String name, int increment, IPolicy p, IService s, INotify n) + throws EBaseException; + + /** + * Retrieves a request queue. This operation should only be done + * once on each queue. For example, the RA subsystem should retrieve + * its queue, and store it somewhere for use by related services, and + * servlets. + * <p> + * WARNING: retrieving the same queue twice with result in multi-thread race conditions. + * <p> + * + * @param name + * the name of the request queue. (Ex: "ca" "ra") + * @param p + * A policy enforcement module. This object is called to make + * adjustments to the request, and decide whether it needs agent + * approval. + * @param s + * The service object. This object actually performs the request + * after it is finalized and approved. + * @param n + * A notifier object (optional). The notify() method of this object + * is invoked when the request is completed (COMPLETE, REJECTED or + * CANCELED states). + * @param pendingNotifier + * A notifier object (optional). Like the 'n' argument, except the + * notification happens if the request is made PENDING. May be the + * same as the 'n' argument if desired. + * @exception EBaseException failed to retrieve request queue + */ + public IRequestQueue + getRequestQueue(String name, int increment, IPolicy p, IService s, INotify n, + INotify pendingNotifier) + throws EBaseException; +} diff --git a/base/common/src/com/netscape/certsrv/request/IRequestVirtualList.java b/base/common/src/com/netscape/certsrv/request/IRequestVirtualList.java new file mode 100644 index 000000000..540ec679c --- /dev/null +++ b/base/common/src/com/netscape/certsrv/request/IRequestVirtualList.java @@ -0,0 +1,50 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + +/** + * This interface defines access to request virtual list. + * <p> + * + * @version $Revision$, $Date$ + */ +public interface IRequestVirtualList { + + /** + * Gets the total size of the result set. Elements of the + * list are numbered from 0..(size-1) + * + * @return size of the result set + */ + int getSize(); + + /** + * Gets the element at the specified index + * + * @param index index of the element + * @return specified request + */ + IRequest getElementAt(int index); + + /** + * Gets the current index + * + * @return current index + */ + int getCurrentIndex(); +} diff --git a/base/common/src/com/netscape/certsrv/request/IService.java b/base/common/src/com/netscape/certsrv/request/IService.java new file mode 100644 index 000000000..adf2c5095 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/request/IService.java @@ -0,0 +1,48 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + +import com.netscape.certsrv.base.EBaseException; + +/** + * This interface defines how requests are serviced. + * This covers certificate generation, revocation, renewals, + * revocation checking, and much more. + * <p> + * + * @version $Revision$, $Date$ + */ +public interface IService { + + /** + * Performs the service (such as certificate generation) + * represented by this request. + * <p> + * + * @param request + * The request that needs service. The service may use + * attributes stored in the request, and may update the + * values, or store new ones. + * @return + * an indication of whether this request is still pending. + * 'false' means the request will wait for further notification. + * @exception EBaseException indicates major processing failure. + */ + boolean serviceRequest(IRequest request) + throws EBaseException; +} diff --git a/base/common/src/com/netscape/certsrv/request/PolicyMessage.java b/base/common/src/com/netscape/certsrv/request/PolicyMessage.java new file mode 100644 index 000000000..c21b8ca4d --- /dev/null +++ b/base/common/src/com/netscape/certsrv/request/PolicyMessage.java @@ -0,0 +1,46 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + +import com.netscape.certsrv.base.EBaseException; + +/** + * A (localizable) message recorded by a policy module that describes + * the reason for rejecting a request. + * <p> + * + * @version $Revision$, $Date$ + */ +public class PolicyMessage + extends EBaseException { + + /** + * + */ + private static final long serialVersionUID = -8129371562473386912L; + + /** + * Class constructor that registers policy message. + * <p> + * + * @param message message string + */ + public PolicyMessage(String message) { + super(message); + } +} diff --git a/base/common/src/com/netscape/certsrv/request/PolicyResult.java b/base/common/src/com/netscape/certsrv/request/PolicyResult.java new file mode 100644 index 000000000..c7cad94f2 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/request/PolicyResult.java @@ -0,0 +1,35 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + +/** + * This class defines results for policy actions. + * + * @version $Revision$, $Date$ + */ +public final class PolicyResult { + public final static PolicyResult REJECTED = new PolicyResult(); + public final static PolicyResult DEFERRED = new PolicyResult(); + public final static PolicyResult ACCEPTED = new PolicyResult(); + + /** + * Class constructor. + */ + private PolicyResult() { + } +} diff --git a/base/common/src/com/netscape/certsrv/request/RequestId.java b/base/common/src/com/netscape/certsrv/request/RequestId.java new file mode 100644 index 000000000..da61f2bc0 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/request/RequestId.java @@ -0,0 +1,121 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + +import java.math.BigInteger; + +/** + * The RequestId class represents the identifier for a particular + * request within a request queue. This identifier may be used to + * retrieve the request object itself from the request queue. + * <p> + * + * @version $Revision$ $Date$ + */ +public class RequestId { + + protected BigInteger value; + + /** + * Creates a new RequestId from its string representation. + * <p> + * + * @param id + * a string containing the decimal or hex value for the identifier. + */ + public RequestId(String id) { + if (id != null) { + id = id.trim(); + if (id.startsWith("0x")) { // hex + value = new BigInteger(id.substring(2), 16); + } else { // decimal + value = new BigInteger(id); + } + } + } + + /** + * Creates a new RequestId from its BigInteger representation. + * <p> + * + * @param id + * a BigInteger containing the identifier. + */ + public RequestId(BigInteger id) { + value = id; + } + + /** + * Creates a new RequestId from its integer representation. + * <p> + * + * @param id + * an integer containing the identifier. + */ + public RequestId(int id) { + value = BigInteger.valueOf(id); + } + + /** + * Converts the RequestId into its BigInteger representation. + * <p> + * + * @return + * a BigInteger containing the identifier. + */ + public BigInteger toBigInteger() { + return value; + } + + /** + * Converts the RequestId into its string representation. The string + * form can be stored in a database (such as the LDAP directory) + * <p> + * + * @return + * a string containing the decimal (base 10) value for the identifier. + */ + public String toString() { + return value.toString(); + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((value == null) ? 0 : value.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RequestId other = (RequestId) obj; + if (value == null) { + if (other.value != null) + return false; + } else if (!value.equals(other.value)) + return false; + return true; + } +} diff --git a/base/common/src/com/netscape/certsrv/request/RequestIdAdapter.java b/base/common/src/com/netscape/certsrv/request/RequestIdAdapter.java new file mode 100644 index 000000000..1780bc337 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/request/RequestIdAdapter.java @@ -0,0 +1,37 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + +import javax.xml.bind.annotation.adapters.XmlAdapter; + +/** + * The RequestIdAdapter class provides custom marshaling for RequestId. + * + * @author Endi S. Dewata + * @version $Revision$ $Date$ + */ +public class RequestIdAdapter extends XmlAdapter<String, RequestId> { + + public RequestId unmarshal(String value) throws Exception { + return new RequestId(value); + } + + public String marshal(RequestId value) throws Exception { + return value.toString(); + } +}
\ No newline at end of file diff --git a/base/common/src/com/netscape/certsrv/request/RequestStatus.java b/base/common/src/com/netscape/certsrv/request/RequestStatus.java new file mode 100644 index 000000000..f58a568d8 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/request/RequestStatus.java @@ -0,0 +1,182 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + +/** + * The RequestStatus class represents the current state of a request + * in a request queue. The state of the request changes as actions + * are performed on it. + * + * The request is created in the BEGIN state, then general progresses + * through the PENDING, APPROVED, SVC_PENDING, and COMPLETE states. + * Some requests may bypass the PENDING state if no agent action is + * required. + * + * Requests may be CANCELED (not implemented) or REJECTED. These are + * error conditions, and usually result because the request was invalid + * or was not approved by an agent. + * + * @version $Revision$ $Date$ + */ +public final class RequestStatus { + public static String BEGIN_STRING = "begin"; + public static String PENDING_STRING = "pending"; + public static String APPROVED_STRING = "approved"; + public static String SVC_PENDING_STRING = "svc_pending"; + public static String CANCELED_STRING = "canceled"; + public static String REJECTED_STRING = "rejected"; + public static String COMPLETE_STRING = "complete"; + + /** + * The initial state of a request. Requests in this state have not + * been review by policy. + * + * While in this state the source of the request (usually the servlet, + * but it could be some other protocol module, such as email) + * should populate the request with data need to service it. + */ + public static RequestStatus BEGIN = new RequestStatus(BEGIN_STRING); + + /** + * The state of a request that is waiting for action by an agent. + * When the agent approves or rejects the request, process will + * continue as appropriate. + * + * In this state there may be PolicyMessages present that indicate + * the reason for the pending status. + */ + public static RequestStatus PENDING = new RequestStatus(PENDING_STRING); + + /** + * The state of a request that has been approved by an agent, or + * automatically by the policy engine, but have not been successfully + * transmitted to the service module. + * + * These requests are resent to the service during the recovery + * process that runs at server startup. + */ + public static RequestStatus APPROVED = new RequestStatus(APPROVED_STRING); + + /** + * The state of a request that has been sent to the service, but + * has not been fully processed. The service will invoke the + * serviceComplete() method to cause processing to continue. + */ + public static RequestStatus SVC_PENDING = + new RequestStatus(SVC_PENDING_STRING); + + /** + * Not implemented. This is intended to be a final state that is + * reached when a request is removed from the processing queue without + * normal notification occurring. (see REJECTED) + */ + public static RequestStatus CANCELED = new RequestStatus(CANCELED_STRING); + + /** + * The state of a request after it is rejected. When a request is + * rejected, the notifier is called prior to making the finl status + * change. + * + * Rejected requests may have PolicyMessages indicating the reason for + * the rejection, or AgentMessages, which allow the agent to give + * reasons for the action. + */ + public static RequestStatus REJECTED = new RequestStatus(REJECTED_STRING); + + /** + * The normal final state of a request. The completion status attribute + * gives other information about the request. The request is not + * necessarily successful, but may indicated that service processing + * did not succeed. + */ + public static RequestStatus COMPLETE = new RequestStatus(COMPLETE_STRING); + + /** + * Converts a string name for a request status into the + * request status enum object. + * <p> + * + * @param s + * The string representation of the state. + * @return + * request status + */ + public static RequestStatus fromString(String s) { + if (s.equals(BEGIN_STRING)) + return BEGIN; + if (s.equals(PENDING_STRING)) + return PENDING; + if (s.equals(APPROVED_STRING)) + return APPROVED; + if (s.equals(SVC_PENDING_STRING)) + return SVC_PENDING; + if (s.equals(CANCELED_STRING)) + return CANCELED; + if (s.equals(REJECTED_STRING)) + return REJECTED; + if (s.equals(COMPLETE_STRING)) + return COMPLETE; + + return null; + } + + /** + * Returns the string form of the RequestStatus, which may be used + * to record the status in a database. + * + * @return request status + */ + public String toString() { + return mString; + } + + /** + * Class constructor. Creates request status from the string. + * + * @param string string describing request status + */ + private RequestStatus(String string) { + mString = string; + } + + private String mString; + + /** + * Compares request status with specified string. + * + * @param string string describing request status + */ + public boolean equals(String string) { + if (string.equals(mString)) + return true; + else + return false; + } + + /** + * Compares current request status with request status. + * + * @param rs request status + */ + public boolean equals(RequestStatus rs) { + if (mString.equals(rs.mString)) + return true; + else + return false; + } +} diff --git a/base/common/src/com/netscape/certsrv/request/ldap/IRequestMod.java b/base/common/src/com/netscape/certsrv/request/ldap/IRequestMod.java new file mode 100644 index 000000000..c1e153a81 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/request/ldap/IRequestMod.java @@ -0,0 +1,55 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request.ldap; + +import java.util.Date; + +import com.netscape.certsrv.request.IRequest; +import com.netscape.certsrv.request.RequestStatus; + +/** + * This interface defines how to update request record. + * <p> + * + * @version $Revision$, $Date$ + */ +public interface IRequestMod { + /** + * Modifies request status. + * + * @param r request + * @param s request status + */ + void modRequestStatus(IRequest r, RequestStatus s); + + /** + * Modifies request creation time. + * + * @param r request + * @param d date + */ + void modCreationTime(IRequest r, Date d); + + /** + * Modifies request modification time. + * + * @param r request + * @param d date + */ + void modModificationTime(IRequest r, Date d); +} |