6 files changed, 438 insertions, 0 deletions
diff --git a/base/ca/shared/conf/CS.cfg.in b/base/ca/shared/conf/CS.cfg.in
index 564ee3a6b..f44d4ee12 100644
--- a/base/ca/shared/conf/CS.cfg.in
+++ b/base/ca/shared/conf/CS.cfg.in
@@ -802,6 +802,9 @@ debug.filename=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/debug
 debug.hashkeytypes=
 debug.level=0
 debug.showcaller=false
+features.authority.description=Lightweight CAs
+features.authority.enable=true
+features.authority.version=1.0
 keys.ecc.curve.list=nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2
 keys.ecc.curve.display.list=nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2
 keys.ecc.curve.default=nistp256
diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java b/base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java
index 235ea105b..b0fc73ce9 100644
--- a/base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java
+++ b/base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java
@@ -8,6 +8,7 @@ import javax.ws.rs.core.Application;
 import org.dogtagpki.server.rest.ACLInterceptor;
 import org.dogtagpki.server.rest.AccountService;
 import org.dogtagpki.server.rest.AuthMethodInterceptor;
+import org.dogtagpki.server.rest.FeatureService;
 import org.dogtagpki.server.rest.GroupService;
 import org.dogtagpki.server.rest.MessageFormatInterceptor;
 import org.dogtagpki.server.rest.PKIExceptionMapper;
@@ -57,6 +58,9 @@ public class CAApplication extends Application {
         // kra connector
         classes.add(KRAConnectorService.class);
 
+        // features
+        classes.add(FeatureService.class);
+
         // security domain
         IConfigStore cs = CMS.getConfigStore();
 
diff --git a/base/common/python/pki/feature.py b/base/common/python/pki/feature.py
new file mode 100644
index 000000000..fd9d40551
--- /dev/null
+++ b/base/common/python/pki/feature.py
@@ -0,0 +1,170 @@
+#!/usr/bin/python
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2014 Red Hat, Inc.
+# All rights reserved.
+#
+# Author:
+#     Ade Lee <alee@redhat.com>
+
+from __future__ import absolute_import
+from __future__ import print_function
+
+from six import iteritems
+
+import pki
+import pki.client as client
+import pki.encoder as encoder
+
+
+class Feature(object):
+    """Class containing data about Features advertised by the CS server
+    """
+
+    json_attribute_names = {
+        'id': 'feature_id',
+        'description': 'description',
+        'enabled': 'enabled',
+        'version': 'version'
+    }
+
+    def __init__(self, feature_id=None, version=None, description=None,
+                 enabled="False"):
+        self.feature_id = feature_id
+        self.version = version
+        self.description = description
+        self.enabled = (enabled.lower() == "true")
+
+    def __repr__(self):
+        attributes = {
+            "Feature": {
+                "feature_id": self.feature_id,
+                "description": self.description,
+                "version": self.version,
+                "enabled": self.enabled
+            }
+        }
+        return str(attributes)
+
+    @classmethod
+    def from_json(cls, attr_list):
+        """ Return Feature object from JSON dict """
+        feature = cls()
+
+        for k, v in iteritems(attr_list):
+            if k in Feature.json_attribute_names:
+                setattr(feature, Feature.json_attribute_names[k], v)
+            else:
+                setattr(feature, k, v)
+
+        return feature
+
+
+class FeatureCollection(object):
+    """
+    Class containing list of Feature objects.
+    This data is returned when listing features.
+    """
+
+    def __init__(self):
+        """ Constructor """
+        self.feature_list = []
+        self.links = []
+
+    def __iter__(self):
+        return iter(self.feature_list)
+
+    @classmethod
+    def from_json(cls, json_value):
+        """ Populate object from JSON input """
+        ret = cls()
+        features = json_value
+        if not isinstance(features, list):
+            ret.feature_list.append(Feature.from_json(features))
+        else:
+            for feature in features:
+                ret.feature_list.append(
+                    Feature.from_json(feature))
+
+        return ret
+
+
+class FeatureClient(object):
+    """
+    Class encapsulating and mirroring the functionality in the
+    AuthorityResource Java interface class defining the REST API for
+    subordinate CA (authority) resources.
+    """
+
+    def __init__(self, connection):
+        """ Constructor """
+        self.connection = connection
+        self.headers = {'Content-type': 'application/json',
+                        'Accept': 'application/json'}
+        self.feature_url = '/rest/config/features'
+
+    @pki.handle_exceptions()
+    def get_feature(self, feature_id):
+        """ Return a Feature object. """
+        if feature_id is None:
+            raise ValueError("Feature ID must be specified")
+
+        url = self.feature_url + '/' + str(feature_id)
+        r = self.connection.get(url, self.headers)
+        return Feature.from_json(r.json())
+
+    @pki.handle_exceptions()
+    def list_features(self):
+        """ Return a FeatureCollection object of all available features
+        """
+        response = self.connection.get(
+            path=self.feature_url,
+            headers=self.headers)
+        return FeatureCollection.from_json(response.json())
+
+encoder.NOTYPES['Feature'] = Feature
+
+
+def main():
+    # Create a PKIConnection object that stores the details of the CA.
+    connection = client.PKIConnection('https', 'localhost', '8453', 'ca')
+
+    # Instantiate the FeatureClient
+    feature_client = FeatureClient(connection)
+
+    # List all features
+    print("Listing all features")
+    print("-----------------------")
+    features = feature_client.list_features()
+    for feature in features.feature_list:
+        print(str(feature))
+
+    # Get authority feature
+    print("Getting authority feature")
+    print("-------------------------")
+    feature = feature_client.get_feature("authority")
+    print(str(feature))
+
+    # Get non-existent feature
+    print("Get non-existent feature")
+    print("------------------------")
+    try:
+        feature_client.get_feature("foobar")
+    except pki.ResourceNotFoundException as e:
+        print(e.message)
+
+
+if __name__ == "__main__":
+    main()
diff --git a/base/common/src/com/netscape/certsrv/system/Feature.java b/base/common/src/com/netscape/certsrv/system/Feature.java
new file mode 100644
index 000000000..59b88d2f6
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/system/Feature.java
@@ -0,0 +1,151 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2015 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.system;
+
+import java.io.StringReader;
+import java.io.StringWriter;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlRootElement;
+
+@XmlRootElement(name="Feature")
+@XmlAccessorType(XmlAccessType.NONE)
+public class Feature {
+
+    String id;
+    String description;
+    String version;
+    boolean enabled;
+
+    @XmlAttribute(name="id")
+    public String getId() {
+        return id;
+    }
+
+    public void setId(String id) {
+        this.id = id;
+    }
+
+    @XmlAttribute(name="description")
+    public String getDescription() {
+        return description;
+    }
+
+    public void setDescription(String description) {
+        this.description = description;
+    }
+
+    @XmlAttribute(name="enabled")
+    public boolean getEnabled() {
+        return enabled;
+    }
+
+    public void setEnabled(String enabled) {
+        this.enabled = enabled.equalsIgnoreCase("true");
+    }
+
+    @XmlAttribute(name="version")
+    public String getVersion() {
+        return version;
+    }
+
+    public void setVersion(String version) {
+        this.version = version;
+    }
+
+    public String toString() {
+        try {
+            StringWriter sw = new StringWriter();
+            Marshaller marshaller = JAXBContext.newInstance(Feature.class).createMarshaller();
+            marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
+            marshaller.marshal(this, sw);
+            return sw.toString();
+
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    public static Feature valueOf(String string) throws Exception {
+        try {
+            Unmarshaller unmarshaller = JAXBContext.newInstance(Feature.class).createUnmarshaller();
+            return (Feature)unmarshaller.unmarshal(new StringReader(string));
+        } catch (Exception e) {
+            return null;
+        }
+    }
+
+    @Override
+    public int hashCode() {
+        final int prime = 31;
+        int result = 1;
+        result = prime * result + ((description == null) ? 0 : description.hashCode());
+        result = prime * result + (enabled ? 1231 : 1237);
+        result = prime * result + ((id == null) ? 0 : id.hashCode());
+        result = prime * result + ((version == null) ? 0 : version.hashCode());
+        return result;
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+        if (this == obj)
+            return true;
+        if (obj == null)
+            return false;
+        if (getClass() != obj.getClass())
+            return false;
+        Feature other = (Feature) obj;
+        if (description == null) {
+            if (other.description != null)
+                return false;
+        } else if (!description.equals(other.description))
+            return false;
+        if (enabled != other.enabled)
+            return false;
+        if (id == null) {
+            if (other.id != null)
+                return false;
+        } else if (!id.equals(other.id))
+            return false;
+        if (version == null) {
+            if (other.version != null)
+                return false;
+        } else if (!version.equals(other.version))
+            return false;
+        return true;
+    }
+
+    public static void main(String args[]) throws Exception {
+        Feature before = new Feature();
+        before.setId("authority");
+        before.setEnabled("true");
+        before.setDescription("Subordinate CA Feature");
+        before.setVersion("1.0");
+
+        String string = before.toString();
+        System.out.println(string);
+
+        Feature after = Feature.valueOf(string);
+        System.out.println(before.equals(after));
+    }
+}
+\ No newline at end of file
diff --git a/base/common/src/com/netscape/certsrv/system/FeatureResource.java b/base/common/src/com/netscape/certsrv/system/FeatureResource.java
new file mode 100644
index 000000000..16413f755
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/system/FeatureResource.java
@@ -0,0 +1,44 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2015 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.system;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.core.Response;
+
+import org.jboss.resteasy.annotations.ClientResponseType;
+
+/**
+ * @author alee
+ */
+@Path("config/features")
+public interface FeatureResource {
+
+    @GET
+    @ClientResponseType(entityType=Feature.class)
+    // @ACLMapping("features.list")
+    public Response listFeatures();
+
+    @GET
+    @Path("{id}")
+    @ClientResponseType(entityType=Feature.class)
+    // @ACLMapping("feature.read")
+    public Response getFeature(@PathParam("id") String id);
+
+}
+\ No newline at end of file
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/FeatureService.java b/base/server/cms/src/org/dogtagpki/server/rest/FeatureService.java
new file mode 100644
index 000000000..0361d6b0a
--- /dev/null
+++ b/base/server/cms/src/org/dogtagpki/server/rest/FeatureService.java
@@ -0,0 +1,66 @@
+package org.dogtagpki.server.rest;
+
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Map;
+
+import javax.ws.rs.core.GenericEntity;
+import javax.ws.rs.core.Response;
+
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.base.ResourceNotFoundException;
+import com.netscape.certsrv.system.Feature;
+import com.netscape.certsrv.system.FeatureResource;
+import com.netscape.cms.servlet.base.PKIService;
+
+public class FeatureService extends PKIService implements FeatureResource {
+    IConfigStore cs;
+
+    @Override
+    public Response listFeatures() {
+        IConfigStore cs = CMS.getConfigStore().getSubStore("features");
+        ArrayList<Feature> features = new ArrayList<Feature>();
+        Enumeration<String> tags = cs.getSubStoreNames();
+        while (tags.hasMoreElements()) {
+            String tag = tags.nextElement();
+            Feature feature = createFeature(cs, tag);
+            features.add(feature);
+        }
+        GenericEntity<List<Feature>> entity = new GenericEntity<List<Feature>>(features) {};
+        return Response.ok(entity).build();
+    }
+
+    @Override
+    public Response getFeature(String id) {
+        IConfigStore cs = CMS.getConfigStore().getSubStore("features");
+        Enumeration<String> tags = cs.getSubStoreNames();
+        while(tags.hasMoreElements()) {
+            String tag = tags.nextElement();
+            if (tag.equals(id)) {
+                Feature feature = createFeature(cs, tag);
+                return createOKResponse(feature);
+            }
+        }
+
+        throw new ResourceNotFoundException("Feature " + id + " not supported");
+    }
+
+    private Feature createFeature(IConfigStore cs, String tag) {
+        Map<String, String> props;
+        try {
+            props = cs.getSubStore(tag).getProperties();
+            Feature feature = new Feature();
+            feature.setId(tag);
+            feature.setEnabled(props.getOrDefault("enabled", "false"));
+            feature.setDescription(props.getOrDefault("description", ""));
+            feature.setVersion(props.getOrDefault("version", ""));
+            return feature;
+        } catch (EBaseException e) {
+            throw new PKIException(e);
+        }
+    }
+}