From 2f730b62e589cd829c5fcb021a2a92d436073eac Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Sat, 16 Apr 2016 14:19:50 -0400 Subject: Added realm to methods for listing requests and keys 1. Added query parameters for the realm. If a realm is specified, then only the key requests and keys associated with the realm are returned. If no realm is specified, then only those requests and keys without a realm are returned. 2. Added parameters to keyClient and the CLI Part of Trac Ticket #2041 --- .../src/com/netscape/certsrv/key/KeyClient.java | 34 +++++++++++++++++++--- .../netscape/certsrv/key/KeyRequestResource.java | 3 +- .../src/com/netscape/certsrv/key/KeyResource.java | 3 +- .../src/com/netscape/cmstools/key/KeyFindCLI.java | 7 ++++- .../netscape/cmstools/key/KeyRequestFindCLI.java | 7 ++++- .../server/kra/rest/KeyRequestService.java | 20 +++++++++---- .../org/dogtagpki/server/kra/rest/KeyService.java | 25 ++++++++++++---- .../cms/servlet/request/CMSRequestDAO.java | 6 ++++ 8 files changed, 85 insertions(+), 20 deletions(-) diff --git a/base/common/src/com/netscape/certsrv/key/KeyClient.java b/base/common/src/com/netscape/certsrv/key/KeyClient.java index 04eb6539f..1c8a76bfe 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyClient.java +++ b/base/common/src/com/netscape/certsrv/key/KeyClient.java @@ -86,11 +86,19 @@ public class KeyClient extends Client { * @param maxTime -- Maximum time for the operation to take * @param start -- Start index of list * @param size -- Size of the list to be returned. + * @param realm - authz realm * @return a KeyInfoCollection object. */ + public KeyInfoCollection listKeys(String clientKeyID, String status, Integer maxSize, Integer maxTime, + Integer start, Integer size, String realm) { + Response response = keyClient.listKeys(clientKeyID, status, maxSize, maxTime, start, size, realm); + return client.getEntity(response, KeyInfoCollection.class); + } + + /* for backward compatibility */ public KeyInfoCollection listKeys(String clientKeyID, String status, Integer maxSize, Integer maxTime, Integer start, Integer size) { - Response response = keyClient.listKeys(clientKeyID, status, maxSize, maxTime, start, size); + Response response = keyClient.listKeys(clientKeyID, status, maxSize, maxTime, start, size, null); return client.getEntity(response, KeyInfoCollection.class); } @@ -99,8 +107,22 @@ public class KeyClient extends Client { * * @param requestState -- State of the requests to be queried. * @param requestType -- Type of the requests to be queried. + * @param realm -- Authz Realm * @return a KeyRequestCollection object. */ + public KeyRequestInfoCollection listRequests(String requestState, String requestType, String realm) { + return listRequests( + requestState, + requestType, + null, + new RequestId(0), + 100, + 100, + 10, + realm); + } + + /* method for backwards compatibility */ public KeyRequestInfoCollection listRequests(String requestState, String requestType) { return listRequests( requestState, @@ -109,7 +131,8 @@ public class KeyClient extends Client { new RequestId(0), 100, 100, - 10); + 10, + null); } /** @@ -122,6 +145,7 @@ public class KeyClient extends Client { * @param pageSize -- Size of the list to be returned. * @param maxResults -- Maximum number of requests to be fetched * @param maxTime -- Maximum time for the operation to take + * @param realm -- Authz Realm * @return a KeyRequestInfoCollection object. */ public KeyRequestInfoCollection listRequests( @@ -131,7 +155,8 @@ public class KeyClient extends Client { RequestId start, Integer pageSize, Integer maxResults, - Integer maxTime) { + Integer maxTime, + String realm) { Response response = keyRequestClient.listRequests( requestState, requestType, @@ -139,7 +164,8 @@ public class KeyClient extends Client { start, pageSize, maxResults, - maxTime); + maxTime, + realm); return client.getEntity(response, KeyRequestInfoCollection.class); } diff --git a/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java b/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java index 768127e42..26ab9908f 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java +++ b/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java @@ -51,7 +51,8 @@ public interface KeyRequestResource { @QueryParam("start") RequestId start, @QueryParam("pageSize") Integer pageSize, @QueryParam("maxResults") Integer maxResults, - @QueryParam("maxTime") Integer maxTime); + @QueryParam("maxTime") Integer maxTime, + @QueryParam("realm") String realm); @POST @ClientResponseType(entityType=KeyRequestResponse.class) diff --git a/base/common/src/com/netscape/certsrv/key/KeyResource.java b/base/common/src/com/netscape/certsrv/key/KeyResource.java index 77c9a587e..71a355673 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyResource.java +++ b/base/common/src/com/netscape/certsrv/key/KeyResource.java @@ -32,7 +32,8 @@ public interface KeyResource { @QueryParam("maxResults") Integer maxResults, @QueryParam("maxTime") Integer maxTime, @QueryParam("start") Integer start, - @QueryParam("size") Integer size); + @QueryParam("size") Integer size, + @QueryParam("realm") String realm); @GET @Path("active/{clientKeyID}") diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyFindCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyFindCLI.java index 8ec7db4d9..954246f7e 100644 --- a/base/java-tools/src/com/netscape/cmstools/key/KeyFindCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/key/KeyFindCLI.java @@ -72,6 +72,10 @@ public class KeyFindCLI extends CLI { option = new Option(null, "size", true, "Page size"); option.setArgName("size"); options.addOption(option); + + option = new Option(null, "realm", true, "Realm"); + option.setArgName("realm"); + options.addOption(option); } public void execute(String[] args) { @@ -103,6 +107,7 @@ public class KeyFindCLI extends CLI { String clientKeyID = cmd.getOptionValue("clientKeyID"); String status = cmd.getOptionValue("status"); + String realm = cmd.getOptionValue("realm"); String s = cmd.getOptionValue("maxResults"); Integer maxResults = s == null ? null : Integer.valueOf(s); @@ -116,7 +121,7 @@ public class KeyFindCLI extends CLI { s = cmd.getOptionValue("size"); Integer size = s == null ? null : Integer.valueOf(s); - KeyInfoCollection keys = keyCLI.keyClient.listKeys(clientKeyID, status, maxResults, maxTime, start, size); + KeyInfoCollection keys = keyCLI.keyClient.listKeys(clientKeyID, status, maxResults, maxTime, start, size, realm); Collection entries = keys.getEntries(); diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyRequestFindCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyRequestFindCLI.java index 92c98f042..de061d630 100644 --- a/base/java-tools/src/com/netscape/cmstools/key/KeyRequestFindCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/key/KeyRequestFindCLI.java @@ -77,6 +77,10 @@ public class KeyRequestFindCLI extends CLI { option = new Option(null, "pageSize", true, "Page size"); option.setArgName("page size"); options.addOption(option); + + option = new Option(null, "realm", true, "Authorization Realm"); + option.setArgName("realm"); + options.addOption(option); } public void execute(String[] args) { @@ -109,6 +113,7 @@ public class KeyRequestFindCLI extends CLI { String status = cmd.getOptionValue("status"); String type = cmd.getOptionValue("type"); String clientKeyID = cmd.getOptionValue("client"); + String realm = cmd.getOptionValue("realm"); String s = cmd.getOptionValue("start"); RequestId start = s == null ? null : new RequestId(s); @@ -123,7 +128,7 @@ public class KeyRequestFindCLI extends CLI { Integer maxTime = s == null ? null : Integer.valueOf(s); KeyRequestInfoCollection keys = keyCLI.keyClient.listRequests( - status, type, clientKeyID, start, pageSize, maxResults, maxTime); + status, type, clientKeyID, start, pageSize, maxResults, maxTime, realm); MainCLI.printMessage(keys.getTotal() + " entries matched"); if (keys.getTotal() == 0) return; diff --git a/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java b/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java index a67ce08a5..81ebe3e88 100644 --- a/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java +++ b/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java @@ -34,8 +34,6 @@ import javax.ws.rs.core.Request; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; -import netscape.security.x509.X509CertImpl; - import org.mozilla.jss.crypto.SymmetricKey; import com.netscape.certsrv.apps.CMS; @@ -65,6 +63,8 @@ import com.netscape.cms.servlet.key.KeyRequestDAO; import com.netscape.cmsutil.ldap.LDAPUtil; import com.netscape.cmsutil.util.Utils; +import netscape.security.x509.X509CertImpl; + /** * @author alee * @@ -321,11 +321,11 @@ public class KeyRequestService extends PKIService implements KeyRequestResource */ @Override public Response listRequests(String requestState, String requestType, String clientKeyID, - RequestId start, Integer pageSize, Integer maxResults, Integer maxTime) { + RequestId start, Integer pageSize, Integer maxResults, Integer maxTime, String realm) { // auth and authz // get ldap filter - String filter = createSearchFilter(requestState, requestType, clientKeyID); + String filter = createSearchFilter(requestState, requestType, clientKeyID, realm); CMS.debug("listRequests: filter is " + filter); start = start == null ? new RequestId(KeyRequestService.DEFAULT_START) : start; @@ -345,13 +345,13 @@ public class KeyRequestService extends PKIService implements KeyRequestResource return createOKResponse(requests); } - private String createSearchFilter(String requestState, String requestType, String clientKeyID) { + private String createSearchFilter(String requestState, String requestType, String clientKeyID, String realm) { String filter = ""; int matches = 0; if ((requestState == null) && (requestType == null) && (clientKeyID == null)) { filter = "(requeststate=*)"; - return filter; + matches ++; } if (requestState != null) { @@ -369,6 +369,14 @@ public class KeyRequestService extends PKIService implements KeyRequestResource matches ++; } + if (realm != null) { + filter += "(realm=" + LDAPUtil.escapeFilter(realm) + ")"; + matches++; + } else { + filter += "(!(realm=*))"; + matches++; + } + if (matches > 1) { filter = "(&" + filter + ")"; } diff --git a/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java b/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java index f4445bb65..43a5f540a 100644 --- a/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java +++ b/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java @@ -399,15 +399,15 @@ public class KeyService extends PKIService implements KeyResource { */ @Override public Response listKeys(String clientKeyID, String status, Integer maxResults, Integer maxTime, - Integer start, Integer size) { + Integer start, Integer size, String realm) { String method = "KeyService.listKeys: "; CMS.debug(method + "begins."); - return createOKResponse(listKeyInfos(clientKeyID, status, maxResults, maxTime, start, size)); + return createOKResponse(listKeyInfos(clientKeyID, status, maxResults, maxTime, start, size, realm)); } public KeyInfoCollection listKeyInfos(String clientKeyID, String status, Integer maxResults, Integer maxTime, - Integer start, Integer size) { + Integer start, Integer size, String realm) { String method = "KeyService.listKeyInfos: "; String auditInfo = "KeyService.listKeyInfos; status =" + status; CMS.debug(method + "begins."); @@ -416,7 +416,7 @@ public class KeyService extends PKIService implements KeyResource { size = size == null ? DEFAULT_SIZE : size; // get ldap filter - String filter = createSearchFilter(status, clientKeyID); + String filter = createSearchFilter(status, clientKeyID, realm); CMS.debug("listKeys: filter is " + filter); maxResults = maxResults == null ? DEFAULT_MAXRESULTS : maxResults; @@ -479,6 +479,7 @@ public class KeyService extends PKIService implements KeyResource { null, null, null, + null, null ); @@ -513,6 +514,10 @@ public class KeyService extends PKIService implements KeyResource { if (rec.getPublicKeyData() != null && getPublicKey) { ret.setPublicKey(rec.getPublicKeyData()); } + String realm = rec.getRealm(); + if (realm != null) { + ret.setRealm(realm); + } Path keyPath = KeyResource.class.getAnnotation(Path.class); BigInteger serial = rec.getSerialNumber(); @@ -524,13 +529,13 @@ public class KeyService extends PKIService implements KeyResource { return ret; } - private String createSearchFilter(String status, String clientKeyID) { + private String createSearchFilter(String status, String clientKeyID, String realm) { String filter = ""; int matches = 0; if ((status == null) && (clientKeyID == null)) { filter = "(serialno=*)"; - return filter; + matches ++; } if (status != null) { @@ -543,6 +548,14 @@ public class KeyService extends PKIService implements KeyResource { matches ++; } + if (realm != null) { + filter += "(realm=" + LDAPUtil.escapeFilter(realm) + ")"; + matches ++; + } else { + filter += "(!(realm=*))"; + matches ++; + } + if (matches > 1) { filter = "(&" + filter + ")"; } diff --git a/base/server/cms/src/com/netscape/cms/servlet/request/CMSRequestDAO.java b/base/server/cms/src/com/netscape/cms/servlet/request/CMSRequestDAO.java index 931ade159..ccf84cafa 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/request/CMSRequestDAO.java +++ b/base/server/cms/src/com/netscape/cms/servlet/request/CMSRequestDAO.java @@ -27,6 +27,7 @@ import org.jboss.resteasy.plugins.providers.atom.Link; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authority.IAuthority; +import com.netscape.certsrv.authorization.IAuthzSubsystem; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.request.CMSRequestInfo; import com.netscape.certsrv.request.CMSRequestInfos; @@ -44,6 +45,7 @@ import com.netscape.certsrv.request.RequestId; public abstract class CMSRequestDAO { protected IRequestQueue queue; protected IAuthority authority; + protected IAuthzSubsystem authz = (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ); private String[] vlvFilters = { "(requeststate=*)", "(requesttype=enrollment)", @@ -78,6 +80,7 @@ public abstract class CMSRequestDAO { * @param maxResults - max results to be returned in normal search * @param maxTime - max time for normal search * @param uriInfo - uri context of request + * @param authToken - auth token for the request * @return collection of key request info * @throws EBaseException */ @@ -130,6 +133,9 @@ public abstract class CMSRequestDAO { if (params.containsKey("requestType")) { builder.queryParam("requestType", params.getFirst("requestType")); } + if (params.containsKey("realm")) { + builder.queryParam("realm", params.getFirst("realm")); + } builder.queryParam("start", "{start}"); builder.queryParam("pageSize", "{pageSize}"); -- cgit