diff options
Diffstat (limited to 'base/common/src/com/netscape/cms/servlet/key')
| -rw-r--r-- | base/common/src/com/netscape/cms/servlet/key/KeyRequestDAO.java | 272 | ||||
| -rw-r--r-- | base/common/src/com/netscape/cms/servlet/key/KeyResource.java | 48 | ||||
| -rw-r--r-- | base/common/src/com/netscape/cms/servlet/key/KeyService.java (renamed from base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java) | 26 | ||||
| -rw-r--r-- | base/common/src/com/netscape/cms/servlet/key/model/KeyData.java | 76 | ||||
| -rw-r--r-- | base/common/src/com/netscape/cms/servlet/key/model/KeyDataInfo.java | 85 | ||||
| -rw-r--r-- | base/common/src/com/netscape/cms/servlet/key/model/KeyDataInfos.java | 87 |
6 files changed, 285 insertions, 309 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/key/KeyRequestDAO.java b/base/common/src/com/netscape/cms/servlet/key/KeyRequestDAO.java new file mode 100644 index 000000000..e64bcb2dc --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/key/KeyRequestDAO.java @@ -0,0 +1,272 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.key; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.List; + +import javax.ws.rs.Path; +import javax.ws.rs.core.UriBuilder; +import javax.ws.rs.core.UriInfo; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.dbs.keydb.IKeyRecord; +import com.netscape.certsrv.dbs.keydb.IKeyRepository; +import com.netscape.certsrv.dbs.keydb.KeyId; +import com.netscape.certsrv.key.KeyArchivalRequest; +import com.netscape.certsrv.key.KeyRecoveryRequest; +import com.netscape.certsrv.key.KeyRequestInfo; +import com.netscape.certsrv.key.KeyRequestInfos; +import com.netscape.certsrv.key.KeyRequestResource; +import com.netscape.certsrv.key.KeyResource; +import com.netscape.certsrv.kra.IKeyRecoveryAuthority; +import com.netscape.certsrv.profile.IEnrollProfile; +import com.netscape.certsrv.request.CMSRequestInfo; +import com.netscape.certsrv.request.CMSRequestInfos; +import com.netscape.certsrv.request.IRequest; +import com.netscape.certsrv.request.RequestId; +import com.netscape.certsrv.request.RequestStatus; +import com.netscape.cms.servlet.request.CMSRequestDAO; + +/** + * @author alee + * + */ +public class KeyRequestDAO extends CMSRequestDAO { + + private static String REQUEST_ARCHIVE_OPTIONS = IEnrollProfile.REQUEST_ARCHIVE_OPTIONS; + public static final String ATTR_SERIALNO = "serialNumber"; + + private IKeyRepository repo; + private IKeyRecoveryAuthority kra; + + public KeyRequestDAO() { + super("kra"); + kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( "kra" ); + repo = kra.getKeyRepository(); + } + + /** + * Finds list of requests matching the specified search filter. + * + * If the filter corresponds to a VLV search, then that search is executed and the pageSize + * and start parameters are used. Otherwise, the maxResults and maxTime parameters are + * used in the regularly indexed search. + * + * @param filter - ldap search filter + * @param start - start position for VLV search + * @param pageSize - page size for VLV search + * @param maxResults - max results to be returned in normal search + * @param maxTime - max time for normal search + * @param uriInfo - uri context of request + * @return collection of key request info + * @throws EBaseException + */ + @SuppressWarnings("unchecked") + public KeyRequestInfos listRequests(String filter, RequestId start, int pageSize, int maxResults, int maxTime, + UriInfo uriInfo) throws EBaseException { + + CMSRequestInfos cmsInfos = listCMSRequests(filter, start, pageSize, maxResults, maxTime, uriInfo); + KeyRequestInfos ret = new KeyRequestInfos(); + + if (cmsInfos == null) { + ret.setRequests(null); + ret.setLinks(null); + return ret; + } + + List<KeyRequestInfo> list = new ArrayList<KeyRequestInfo>(); + ; + Collection<? extends CMSRequestInfo> cmsList = cmsInfos.getRequests(); + + // We absolutely know 100% that this list is a list + // of KeyRequestInfo objects. This is because the method + // createCMSRequestInfo. Is the only one adding to it + + list = (List<KeyRequestInfo>) cmsList; + + ret.setLinks(cmsInfos.getLinks()); + ret.setRequests(list); + + return ret; + + } + + /** + * Gets info for a specific request + * + * @param id + * @return info for specific request + * @throws EBaseException + */ + public KeyRequestInfo getRequest(RequestId id, UriInfo uriInfo) throws EBaseException { + IRequest request = queue.findRequest(id); + if (request == null) { + return null; + } + KeyRequestInfo info = createKeyRequestInfo(request, uriInfo); + return info; + } + + /** + * Submits an archival request and processes it. + * + * @param data + * @return info for the request submitted. + * @throws EBaseException + */ + public KeyRequestInfo submitRequest(KeyArchivalRequest data, UriInfo uriInfo) throws EBaseException { + String clientId = data.getClientId(); + String wrappedSecurityData = data.getWrappedPrivateData(); + String dataType = data.getDataType(); + + boolean keyExists = doesKeyExist(clientId, "active", uriInfo); + + if (keyExists == true) { + throw new EBaseException("Can not archive already active existing key!"); + } + + IRequest request = queue.newRequest(IRequest.SECURITY_DATA_ENROLLMENT_REQUEST); + + request.setExtData(REQUEST_ARCHIVE_OPTIONS, wrappedSecurityData); + request.setExtData(IRequest.SECURITY_DATA_CLIENT_ID, clientId); + request.setExtData(IRequest.SECURITY_DATA_TYPE, dataType); + + queue.processRequest(request); + + queue.markAsServiced(request); + + return createKeyRequestInfo(request, uriInfo); + } + + /** + * Submits a key recovery request. + * + * @param data + * @return info on the recovery request created + * @throws EBaseException + */ + public KeyRequestInfo submitRequest(KeyRecoveryRequest data, UriInfo uriInfo) throws EBaseException { + // set data using request.setExtData(field, data) + + String wrappedSessionKeyStr = data.getTransWrappedSessionKey(); + String wrappedPassPhraseStr = data.getSessionWrappedPassphrase(); + String nonceDataStr = data.getNonceData(); + + IRequest request = queue.newRequest(IRequest.SECURITY_DATA_RECOVERY_REQUEST); + + KeyId keyId = data.getKeyId(); + + Hashtable<String, Object> requestParams; + + requestParams = ((IKeyRecoveryAuthority) authority).createVolatileRequest(request.getRequestId()); + + if (requestParams == null) { + throw new EBaseException("Can not create Volatile params in submitRequest!"); + } + + CMS.debug("Create volatile params for recovery request. " + requestParams); + + if (wrappedPassPhraseStr != null) { + requestParams.put(IRequest.SECURITY_DATA_SESS_PASS_PHRASE, wrappedPassPhraseStr); + } + + if (wrappedSessionKeyStr != null) { + requestParams.put(IRequest.SECURITY_DATA_TRANS_SESS_KEY, wrappedSessionKeyStr); + } + + if (nonceDataStr != null) { + requestParams.put(IRequest.SECURITY_DATA_IV_STRING_IN, nonceDataStr); + } + + request.setExtData(ATTR_SERIALNO, keyId.toString()); + + queue.processRequest(request); + + return createKeyRequestInfo(request, uriInfo); + } + + public void approveRequest(RequestId id) throws EBaseException { + IRequest request = queue.findRequest(id); + request.setRequestStatus(RequestStatus.APPROVED); + queue.updateRequest(request); + } + + public void rejectRequest(RequestId id) throws EBaseException { + IRequest request = queue.findRequest(id); + request.setRequestStatus(RequestStatus.CANCELED); + queue.updateRequest(request); + } + + public void cancelRequest(RequestId id) throws EBaseException { + IRequest request = queue.findRequest(id); + request.setRequestStatus(RequestStatus.REJECTED); + queue.updateRequest(request); + } + + private KeyRequestInfo createKeyRequestInfo(IRequest request, UriInfo uriInfo) { + KeyRequestInfo ret = new KeyRequestInfo(); + + ret.setRequestType(request.getRequestType()); + ret.setRequestStatus(request.getRequestStatus()); + + Path keyRequestPath = KeyRequestResource.class.getAnnotation(Path.class); + RequestId rid = request.getRequestId(); + + UriBuilder reqBuilder = uriInfo.getBaseUriBuilder(); + reqBuilder.path(keyRequestPath.value() + "/" + rid); + ret.setRequestURL(reqBuilder.build().toString()); + + Path keyPath = KeyResource.class.getAnnotation(Path.class); + String kid = request.getExtDataInString("keyrecord"); + + UriBuilder keyBuilder = uriInfo.getBaseUriBuilder(); + keyBuilder.path(keyPath.value() + "/" + kid); + ret.setKeyURL(keyBuilder.build().toString()); + + return ret; + } + + @Override + public KeyRequestInfo createCMSRequestInfo(IRequest request, UriInfo uriInfo) { + return createKeyRequestInfo(request, uriInfo); + } + + //We only care if the key exists or not + private boolean doesKeyExist(String clientId, String keyStatus, UriInfo uriInfo) { + String state = "active"; + String filter = "(&(" + IRequest.SECURITY_DATA_CLIENT_ID + "=" + clientId + ")" + + "(" + IRequest.SECURITY_DATA_STATUS + "=" + state + "))"; + try { + Enumeration<IKeyRecord> existingKeys = null; + + existingKeys = repo.searchKeys(filter, 1, 10); + if (existingKeys != null && existingKeys.hasMoreElements()) { + return true; + } + } catch (EBaseException e) { + return false; + } + + return false; + } +} diff --git a/base/common/src/com/netscape/cms/servlet/key/KeyResource.java b/base/common/src/com/netscape/cms/servlet/key/KeyResource.java deleted file mode 100644 index 4d352eaea..000000000 --- a/base/common/src/com/netscape/cms/servlet/key/KeyResource.java +++ /dev/null @@ -1,48 +0,0 @@ -package com.netscape.cms.servlet.key; - -import javax.ws.rs.Consumes; -import javax.ws.rs.DefaultValue; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.Path; -import javax.ws.rs.Produces; -import javax.ws.rs.QueryParam; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.MultivaluedMap; - -import com.netscape.cms.servlet.key.model.KeyData; -import com.netscape.cms.servlet.key.model.KeyDataInfos; -import com.netscape.cms.servlet.request.model.RecoveryRequestData; - -@Path("agent/keys") -public interface KeyResource { - - public static final int DEFAULT_MAXTIME = 10; - public static final int DEFAULT_MAXRESULTS = 100; - - @GET - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - public KeyDataInfos listKeys(@QueryParam("clientID") String clientID, - @QueryParam("status") String status, - @DefaultValue(""+DEFAULT_MAXRESULTS) @QueryParam("maxResults") int maxResults, - @DefaultValue(""+DEFAULT_MAXTIME) @QueryParam("maxTime") int maxTime); - - - /** - * Used to retrieve a key - * @param data - * @return - */ - @POST - @Path("retrieve") - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - public KeyData retrieveKey(RecoveryRequestData data); - - // retrieval - used to test integration with a browser - @POST - @Path("retrieve") - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @Consumes({ MediaType.APPLICATION_FORM_URLENCODED }) - public KeyData retrieveKey(MultivaluedMap<String, String> form); -} diff --git a/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java b/base/common/src/com/netscape/cms/servlet/key/KeyService.java index 560d7f9f8..4db2fed0a 100644 --- a/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java +++ b/base/common/src/com/netscape/cms/servlet/key/KeyService.java @@ -36,31 +36,31 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.dbs.keydb.IKeyRecord; import com.netscape.certsrv.dbs.keydb.IKeyRepository; import com.netscape.certsrv.dbs.keydb.KeyId; +import com.netscape.certsrv.key.KeyData; +import com.netscape.certsrv.key.KeyDataInfo; +import com.netscape.certsrv.key.KeyDataInfos; +import com.netscape.certsrv.key.KeyRecoveryRequest; +import com.netscape.certsrv.key.KeyRequestInfo; +import com.netscape.certsrv.key.KeyResource; import com.netscape.certsrv.kra.IKeyRecoveryAuthority; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.request.RequestStatus; -import com.netscape.cms.servlet.base.CMSResourceService; -import com.netscape.cms.servlet.key.model.KeyData; -import com.netscape.cms.servlet.key.model.KeyDataInfo; -import com.netscape.cms.servlet.key.model.KeyDataInfos; -import com.netscape.cms.servlet.request.model.KeyRequestDAO; -import com.netscape.cms.servlet.request.model.KeyRequestInfo; -import com.netscape.cms.servlet.request.model.RecoveryRequestData; +import com.netscape.cms.servlet.base.PKIService; import com.netscape.cmsutil.ldap.LDAPUtil; /** * @author alee * */ -public class KeyResourceService extends CMSResourceService implements KeyResource{ +public class KeyService extends PKIService implements KeyResource{ private IKeyRepository repo; private IKeyRecoveryAuthority kra; private IRequestQueue queue; - public KeyResourceService() { + public KeyService() { kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( "kra" ); repo = kra.getKeyRepository(); queue = kra.getRequestQueue(); @@ -71,7 +71,7 @@ public class KeyResourceService extends CMSResourceService implements KeyResourc * @param data * @return */ - public KeyData retrieveKey(RecoveryRequestData data) { + public KeyData retrieveKey(KeyRecoveryRequest data) { // auth and authz KeyId keyId = validateRequest(data); KeyData keyData; @@ -90,11 +90,11 @@ public class KeyResourceService extends CMSResourceService implements KeyResourc // retrieval - used to test integration with a browser public KeyData retrieveKey(MultivaluedMap<String, String> form) { - RecoveryRequestData data = new RecoveryRequestData(form); + KeyRecoveryRequest data = new KeyRecoveryRequest(form); return retrieveKey(data); } - public KeyData getKey(KeyId keyId, RecoveryRequestData data) throws EBaseException { + public KeyData getKey(KeyId keyId, KeyRecoveryRequest data) throws EBaseException { KeyData keyData; RequestId rId = data.getRequestId(); @@ -192,7 +192,7 @@ public class KeyResourceService extends CMSResourceService implements KeyResourc return keyData; } - private KeyId validateRequest(RecoveryRequestData data) { + private KeyId validateRequest(KeyRecoveryRequest data) { // confirm request exists RequestId reqId = data.getRequestId(); diff --git a/base/common/src/com/netscape/cms/servlet/key/model/KeyData.java b/base/common/src/com/netscape/cms/servlet/key/model/KeyData.java deleted file mode 100644 index 2ff2b5d0c..000000000 --- a/base/common/src/com/netscape/cms/servlet/key/model/KeyData.java +++ /dev/null @@ -1,76 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2011 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -/** - * - */ -package com.netscape.cms.servlet.key.model; - -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlRootElement; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; - -/** - * @author alee - * - */ -@XmlRootElement(name="SecurityData") -@XmlAccessorType(XmlAccessType.FIELD) -public class KeyData { - @XmlElement - String wrappedPrivateData; - - @XmlElement - String nonceData; - - public KeyData() { - // required for JAXB (defaults) - } - - /** - * @return the wrappedPrivateData - */ - public String getWrappedPrivateData() { - return wrappedPrivateData; - } - - /** - * @param wrappedPrivateData the wrappedPrivateData to set - */ - public void setWrappedPrivateData(String wrappedPrivateData) { - this.wrappedPrivateData = wrappedPrivateData; - } - - /** - * @return the nonceData - */ - - public String getNonceData() { - return nonceData; - } - - /** - * @param nonceData the nonceData to set - */ - - public void setNonceData(String nonceData) { - this.nonceData = nonceData; - } - -} diff --git a/base/common/src/com/netscape/cms/servlet/key/model/KeyDataInfo.java b/base/common/src/com/netscape/cms/servlet/key/model/KeyDataInfo.java deleted file mode 100644 index 6fd9649fb..000000000 --- a/base/common/src/com/netscape/cms/servlet/key/model/KeyDataInfo.java +++ /dev/null @@ -1,85 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2011 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -/** - * - */ -package com.netscape.cms.servlet.key.model; - - -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlRootElement; -import javax.xml.bind.annotation.XmlAccessorType; - -import com.netscape.certsrv.dbs.keydb.KeyId; - -/** - * @author alee - * - */ -@XmlRootElement(name="SecurityDataInfo") -@XmlAccessorType(XmlAccessType.FIELD) -public class KeyDataInfo { - - @XmlElement - protected String keyURL; - - @XmlElement - protected String clientID; - - public KeyDataInfo() { - // required for JAXB (defaults) - } - - /** - * @return the keyURL - */ - public String getKeyURL() { - return keyURL; - } - - /** - * @param keyURL the keyURL to set - */ - public void setKeyURL(String keyURL) { - this.keyURL = keyURL; - } - - /** - * @return the key ID in the keyURL - */ - public KeyId getKeyId() { - String id = keyURL.substring(keyURL.lastIndexOf("/") + 1); - return new KeyId(id); - } - - /** - * @return the clientID - */ - public String getClientID() { - return clientID; - } - - /** - * @param clientID the clientID to set - */ - public void setClientID(String clientID) { - this.clientID = clientID; - } - -} diff --git a/base/common/src/com/netscape/cms/servlet/key/model/KeyDataInfos.java b/base/common/src/com/netscape/cms/servlet/key/model/KeyDataInfos.java deleted file mode 100644 index 79e5add95..000000000 --- a/base/common/src/com/netscape/cms/servlet/key/model/KeyDataInfos.java +++ /dev/null @@ -1,87 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2012 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key.model; - -import java.util.Collection; -import java.util.List; - -import javax.xml.bind.annotation.XmlElementRef; -import javax.xml.bind.annotation.XmlRootElement; -import javax.xml.bind.annotation.XmlTransient; - -import com.netscape.cms.servlet.base.model.Link; - -@XmlRootElement(name = "SecurityDataInfos") -public class KeyDataInfos { - - protected Collection<KeyDataInfo> keyInfos; - protected List<Link> links; - - /** - * @return the keyInfos - */ - @XmlElementRef - public Collection<KeyDataInfo> getKeyInfos() { - return keyInfos; - } - /** - * @param keyInfos the keyInfos to set - */ - public void setKeyInfos(Collection<KeyDataInfo> keyInfos) { - this.keyInfos = keyInfos; - } - /** - * @return the links - */ - @XmlElementRef - public List<Link> getLinks() { - return links; - } - /** - * @param links the links to set - */ - public void setLinks(List<Link> links) { - this.links = links; - } - - @XmlTransient - public String getNext() { - if (links == null) { - return null; - } - for (Link link : links) { - if ("next".equals(link.getRelationship())) { - return link.getHref(); - } - } - return null; - } - - @XmlTransient - public String getPrevious() { - if (links == null) { - return null; - } - for (Link link : links) { - if ("previous".equals(link.getRelationship())) { - return link.getHref(); - } - } - return null; - } -} |