From 3c9b8e787ccf066c38469e1fe2c119d5c410bb5e Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Sat, 11 Aug 2012 10:32:01 -0500 Subject: Reorganized REST server classes. The factory and DAO classes used by REST services have been moved into the com.netscape.cms.servlet. packages. Ticket #215 --- .../netscape/cms/servlet/key/KeyRequestDAO.java | 271 +++++++++++++++++++++ .../com/netscape/cms/servlet/key/KeyService.java | 1 - 2 files changed, 271 insertions(+), 1 deletion(-) create mode 100644 base/common/src/com/netscape/cms/servlet/key/KeyRequestDAO.java (limited to 'base/common/src/com/netscape/cms/servlet/key') diff --git a/base/common/src/com/netscape/cms/servlet/key/KeyRequestDAO.java b/base/common/src/com/netscape/cms/servlet/key/KeyRequestDAO.java new file mode 100644 index 000000000..2dffac22e --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/key/KeyRequestDAO.java @@ -0,0 +1,271 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2011 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.key; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.List; + +import javax.ws.rs.Path; +import javax.ws.rs.core.UriBuilder; +import javax.ws.rs.core.UriInfo; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.dbs.keydb.IKeyRecord; +import com.netscape.certsrv.dbs.keydb.IKeyRepository; +import com.netscape.certsrv.dbs.keydb.KeyId; +import com.netscape.certsrv.kra.IKeyRecoveryAuthority; +import com.netscape.certsrv.profile.IEnrollProfile; +import com.netscape.certsrv.request.IRequest; +import com.netscape.certsrv.request.RequestId; +import com.netscape.certsrv.request.RequestStatus; +import com.netscape.cms.servlet.request.CMSRequestDAO; +import com.netscape.cms.servlet.request.KeyRequestResource; +import com.netscape.cms.servlet.request.model.CMSRequestInfo; +import com.netscape.cms.servlet.request.model.CMSRequestInfos; +import com.netscape.cms.servlet.request.model.KeyArchivalRequest; +import com.netscape.cms.servlet.request.model.KeyRecoveryRequest; +import com.netscape.cms.servlet.request.model.KeyRequestInfo; +import com.netscape.cms.servlet.request.model.KeyRequestInfos; + +/** + * @author alee + * + */ +public class KeyRequestDAO extends CMSRequestDAO { + + private static String REQUEST_ARCHIVE_OPTIONS = IEnrollProfile.REQUEST_ARCHIVE_OPTIONS; + public static final String ATTR_SERIALNO = "serialNumber"; + + private IKeyRepository repo; + private IKeyRecoveryAuthority kra; + + public KeyRequestDAO() { + super("kra"); + kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( "kra" ); + repo = kra.getKeyRepository(); + } + + /** + * Finds list of requests matching the specified search filter. + * + * If the filter corresponds to a VLV search, then that search is executed and the pageSize + * and start parameters are used. Otherwise, the maxResults and maxTime parameters are + * used in the regularly indexed search. + * + * @param filter - ldap search filter + * @param start - start position for VLV search + * @param pageSize - page size for VLV search + * @param maxResults - max results to be returned in normal search + * @param maxTime - max time for normal search + * @param uriInfo - uri context of request + * @return collection of key request info + * @throws EBaseException + */ + @SuppressWarnings("unchecked") + public KeyRequestInfos listRequests(String filter, RequestId start, int pageSize, int maxResults, int maxTime, + UriInfo uriInfo) throws EBaseException { + + CMSRequestInfos cmsInfos = listCMSRequests(filter, start, pageSize, maxResults, maxTime, uriInfo); + KeyRequestInfos ret = new KeyRequestInfos(); + + if (cmsInfos == null) { + ret.setRequests(null); + ret.setLinks(null); + return ret; + } + + List list = new ArrayList(); + ; + Collection cmsList = cmsInfos.getRequests(); + + // We absolutely know 100% that this list is a list + // of KeyRequestInfo objects. This is because the method + // createCMSRequestInfo. Is the only one adding to it + + list = (List) cmsList; + + ret.setLinks(cmsInfos.getLinks()); + ret.setRequests(list); + + return ret; + + } + + /** + * Gets info for a specific request + * + * @param id + * @return info for specific request + * @throws EBaseException + */ + public KeyRequestInfo getRequest(RequestId id, UriInfo uriInfo) throws EBaseException { + IRequest request = queue.findRequest(id); + if (request == null) { + return null; + } + KeyRequestInfo info = createKeyRequestInfo(request, uriInfo); + return info; + } + + /** + * Submits an archival request and processes it. + * + * @param data + * @return info for the request submitted. + * @throws EBaseException + */ + public KeyRequestInfo submitRequest(KeyArchivalRequest data, UriInfo uriInfo) throws EBaseException { + String clientId = data.getClientId(); + String wrappedSecurityData = data.getWrappedPrivateData(); + String dataType = data.getDataType(); + + boolean keyExists = doesKeyExist(clientId, "active", uriInfo); + + if (keyExists == true) { + throw new EBaseException("Can not archive already active existing key!"); + } + + IRequest request = queue.newRequest(IRequest.SECURITY_DATA_ENROLLMENT_REQUEST); + + request.setExtData(REQUEST_ARCHIVE_OPTIONS, wrappedSecurityData); + request.setExtData(IRequest.SECURITY_DATA_CLIENT_ID, clientId); + request.setExtData(IRequest.SECURITY_DATA_TYPE, dataType); + + queue.processRequest(request); + + queue.markAsServiced(request); + + return createKeyRequestInfo(request, uriInfo); + } + + /** + * Submits a key recovery request. + * + * @param data + * @return info on the recovery request created + * @throws EBaseException + */ + public KeyRequestInfo submitRequest(KeyRecoveryRequest data, UriInfo uriInfo) throws EBaseException { + // set data using request.setExtData(field, data) + + String wrappedSessionKeyStr = data.getTransWrappedSessionKey(); + String wrappedPassPhraseStr = data.getSessionWrappedPassphrase(); + String nonceDataStr = data.getNonceData(); + + IRequest request = queue.newRequest(IRequest.SECURITY_DATA_RECOVERY_REQUEST); + + KeyId keyId = data.getKeyId(); + + Hashtable requestParams; + + requestParams = ((IKeyRecoveryAuthority) authority).createVolatileRequest(request.getRequestId()); + + if (requestParams == null) { + throw new EBaseException("Can not create Volatile params in submitRequest!"); + } + + CMS.debug("Create volatile params for recovery request. " + requestParams); + + if (wrappedPassPhraseStr != null) { + requestParams.put(IRequest.SECURITY_DATA_SESS_PASS_PHRASE, wrappedPassPhraseStr); + } + + if (wrappedSessionKeyStr != null) { + requestParams.put(IRequest.SECURITY_DATA_TRANS_SESS_KEY, wrappedSessionKeyStr); + } + + if (nonceDataStr != null) { + requestParams.put(IRequest.SECURITY_DATA_IV_STRING_IN, nonceDataStr); + } + + request.setExtData(ATTR_SERIALNO, keyId.toString()); + + queue.processRequest(request); + + return createKeyRequestInfo(request, uriInfo); + } + + public void approveRequest(RequestId id) throws EBaseException { + IRequest request = queue.findRequest(id); + request.setRequestStatus(RequestStatus.APPROVED); + queue.updateRequest(request); + } + + public void rejectRequest(RequestId id) throws EBaseException { + IRequest request = queue.findRequest(id); + request.setRequestStatus(RequestStatus.CANCELED); + queue.updateRequest(request); + } + + public void cancelRequest(RequestId id) throws EBaseException { + IRequest request = queue.findRequest(id); + request.setRequestStatus(RequestStatus.REJECTED); + queue.updateRequest(request); + } + + private KeyRequestInfo createKeyRequestInfo(IRequest request, UriInfo uriInfo) { + KeyRequestInfo ret = new KeyRequestInfo(); + + ret.setRequestType(request.getRequestType()); + ret.setRequestStatus(request.getRequestStatus()); + + Path keyRequestPath = KeyRequestResource.class.getAnnotation(Path.class); + RequestId rid = request.getRequestId(); + + UriBuilder reqBuilder = uriInfo.getBaseUriBuilder(); + reqBuilder.path(keyRequestPath.value() + "/" + rid); + ret.setRequestURL(reqBuilder.build().toString()); + + Path keyPath = KeyResource.class.getAnnotation(Path.class); + String kid = request.getExtDataInString("keyrecord"); + + UriBuilder keyBuilder = uriInfo.getBaseUriBuilder(); + keyBuilder.path(keyPath.value() + "/" + kid); + ret.setKeyURL(keyBuilder.build().toString()); + + return ret; + } + + @Override + public KeyRequestInfo createCMSRequestInfo(IRequest request, UriInfo uriInfo) { + return createKeyRequestInfo(request, uriInfo); + } + + //We only care if the key exists or not + private boolean doesKeyExist(String clientId, String keyStatus, UriInfo uriInfo) { + String state = "active"; + String filter = "(&(" + IRequest.SECURITY_DATA_CLIENT_ID + "=" + clientId + ")" + + "(" + IRequest.SECURITY_DATA_STATUS + "=" + state + "))"; + try { + Enumeration existingKeys = null; + + existingKeys = repo.searchKeys(filter, 1, 10); + if (existingKeys != null && existingKeys.hasMoreElements()) { + return true; + } + } catch (EBaseException e) { + return false; + } + + return false; + } +} diff --git a/base/common/src/com/netscape/cms/servlet/key/KeyService.java b/base/common/src/com/netscape/cms/servlet/key/KeyService.java index ffd0ef739..965723113 100644 --- a/base/common/src/com/netscape/cms/servlet/key/KeyService.java +++ b/base/common/src/com/netscape/cms/servlet/key/KeyService.java @@ -45,7 +45,6 @@ import com.netscape.cms.servlet.base.PKIService; import com.netscape.cms.servlet.key.model.KeyData; import com.netscape.cms.servlet.key.model.KeyDataInfo; import com.netscape.cms.servlet.key.model.KeyDataInfos; -import com.netscape.cms.servlet.request.model.KeyRequestDAO; import com.netscape.cms.servlet.request.model.KeyRequestInfo; import com.netscape.cms.servlet.request.model.KeyRecoveryRequest; import com.netscape.cmsutil.ldap.LDAPUtil; -- cgit