From 70681bc83ccc25639da1b87940661b2649044629 Mon Sep 17 00:00:00 2001 From: Abhishek Koneru Date: Tue, 24 Jul 2012 15:35:34 -0400 Subject: Cert CLI - cert-request-review and cert-request-approve implementations --- .../com/netscape/certsrv/request/RequestId.java | 1 + .../src/com/netscape/cms/client/cert/CertCLI.java | 2 + .../cms/client/cert/CertRequestApproveCLI.java | 69 ++++++++++++++ .../cms/client/cert/CertRequestReviewCLI.java | 103 +++++++++++++++++++++ .../netscape/cms/client/cert/CertRestClient.java | 10 ++ .../cms/profile/common/CAEnrollProfile.java | 6 +- .../com/netscape/cms/servlet/base/CMSServlet.java | 4 +- .../cms/servlet/cert/RequestProcessor.java | 1 - .../request/CertRequestResourceService.java | 4 +- .../cms/servlet/request/model/CertRequestDAO.java | 1 - 10 files changed, 189 insertions(+), 12 deletions(-) create mode 100644 base/common/src/com/netscape/cms/client/cert/CertRequestApproveCLI.java create mode 100644 base/common/src/com/netscape/cms/client/cert/CertRequestReviewCLI.java (limited to 'base/common/src/com') diff --git a/base/common/src/com/netscape/certsrv/request/RequestId.java b/base/common/src/com/netscape/certsrv/request/RequestId.java index 8e67ca481..6f31a18be 100644 --- a/base/common/src/com/netscape/certsrv/request/RequestId.java +++ b/base/common/src/com/netscape/certsrv/request/RequestId.java @@ -30,6 +30,7 @@ import java.math.BigInteger; */ public class RequestId implements Serializable { + private static final long serialVersionUID = -5184710368124269481L; protected BigInteger value; public RequestId() { diff --git a/base/common/src/com/netscape/cms/client/cert/CertCLI.java b/base/common/src/com/netscape/cms/client/cert/CertCLI.java index ff2383cd1..9340752b9 100644 --- a/base/common/src/com/netscape/cms/client/cert/CertCLI.java +++ b/base/common/src/com/netscape/cms/client/cert/CertCLI.java @@ -48,6 +48,8 @@ public class CertCLI extends CLI { addModule(new CertHoldCLI(this)); addModule(new CertReleaseHoldCLI(this)); addModule(new CertRequestSubmitCLI(this)); + addModule(new CertRequestReviewCLI(this)); + addModule(new CertRequestApproveCLI(this)); } public void printHelp() { diff --git a/base/common/src/com/netscape/cms/client/cert/CertRequestApproveCLI.java b/base/common/src/com/netscape/cms/client/cert/CertRequestApproveCLI.java new file mode 100644 index 000000000..3d729424f --- /dev/null +++ b/base/common/src/com/netscape/cms/client/cert/CertRequestApproveCLI.java @@ -0,0 +1,69 @@ +package com.netscape.cms.client.cert; + +import java.io.FileInputStream; +import java.io.FileNotFoundException; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.ParseException; + +import com.netscape.cms.client.cli.CLI; +import com.netscape.cms.client.cli.MainCLI; +import com.netscape.cms.servlet.base.CMSException; +import com.netscape.cms.servlet.request.model.AgentEnrollmentRequestData; + +public class CertRequestApproveCLI extends CLI { + CertCLI parent; + + public CertRequestApproveCLI(CertCLI parent) { + super("request-approve", "Approve certificate request"); + this.parent = parent; + } + + @Override + public void execute(String[] args) { + CommandLine cmd = null; + + try { + cmd = parser.parse(options, args); + } catch (ParseException e) { + System.err.println("Error: " + e.getMessage()); + printHelp(); + System.exit(-1); + } + + String[] cLineArgs = cmd.getArgs(); + + if (cLineArgs.length < 1) { + System.err.println("Error: No file name specified."); + printHelp(); + System.exit(-1); + } + AgentEnrollmentRequestData reviewInfo = null; + try { + JAXBContext context = JAXBContext.newInstance(AgentEnrollmentRequestData.class); + Unmarshaller unmarshaller = context.createUnmarshaller(); + FileInputStream fis = new FileInputStream(cLineArgs[0].trim()); + reviewInfo = (AgentEnrollmentRequestData) unmarshaller.unmarshal(fis); + parent.client.approveRequest(reviewInfo.getRequestId(), reviewInfo); + } catch (CMSException e) { + System.err.println(e.getMessage()); + System.exit(-1); + } catch (JAXBException e) { + System.err.println("Error: " + e.getMessage()); + System.exit(-1); + } catch (FileNotFoundException e) { + System.err.println("Error: " + e.getMessage()); + System.exit(-1); + } + MainCLI.printMessage("Approved certificate request " + reviewInfo.getRequestId().toString()); + } + + @Override + public void printHelp() { + formatter.printHelp(parent.name + "-" + name + " ", options); + } +} diff --git a/base/common/src/com/netscape/cms/client/cert/CertRequestReviewCLI.java b/base/common/src/com/netscape/cms/client/cert/CertRequestReviewCLI.java new file mode 100644 index 000000000..10c0e40fc --- /dev/null +++ b/base/common/src/com/netscape/cms/client/cert/CertRequestReviewCLI.java @@ -0,0 +1,103 @@ +package com.netscape.cms.client.cert; + +import java.io.FileNotFoundException; +import java.io.FileOutputStream; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Marshaller; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.Option; +import org.apache.commons.cli.ParseException; + +import com.netscape.certsrv.request.RequestId; +import com.netscape.cms.client.cli.CLI; +import com.netscape.cms.client.cli.MainCLI; +import com.netscape.cms.servlet.base.CMSException; +import com.netscape.cms.servlet.request.model.AgentEnrollmentRequestData; + +public class CertRequestReviewCLI extends CLI { + + CertCLI parent; + + public CertRequestReviewCLI(CertCLI parent) { + super("request-review", "Review certificate request"); + this.parent = parent; + } + + @Override + public void execute(String[] args) { + CommandLine cmd = null; + + Option output = new Option(null, "output", true, "Output Filename"); + options.addOption(output); + + try { + cmd = parser.parse(options, args); + } catch (ParseException e) { + System.err.println("Error: " + e.getMessage()); + printHelp(); + System.exit(-1); + } + + String[] cLineArgs = cmd.getArgs(); + + if (cLineArgs.length < 1) { + System.err.println("Error: No request id specified."); + printHelp(); + System.exit(-1); + } + String filename = null; + if (cmd.hasOption("output")) { + filename = cmd.getOptionValue("output"); + } else { + System.err.println("No output option specified."); + printHelp(); + System.exit(-1); + } + + if (filename == null || filename.trim().length() == 0) { + System.err.println("Specify the filename to write the request information"); + printHelp(); + System.exit(-1); + } + + RequestId reqId = null; + try { + reqId = new RequestId(cLineArgs[0]); + } catch (NumberFormatException e) { + System.err.println("Error: Invalid RequestID: " + cLineArgs[0]); + System.exit(-1); + } + + AgentEnrollmentRequestData reviewInfo = null; + try { + reviewInfo = parent.client.reviewRequest(reqId); + } catch (CMSException e) { + System.err.println(e.getMessage()); + System.exit(-1); + } + + try { + JAXBContext context = JAXBContext.newInstance(AgentEnrollmentRequestData.class); + Marshaller marshaller = context.createMarshaller(); + marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); + + FileOutputStream stream = new FileOutputStream(filename); + + marshaller.marshal(reviewInfo, stream); + MainCLI.printMessage("Downloaded certificate request " + cLineArgs[0]); + } catch (JAXBException e) { + System.err.println("Cannot write to the file. " + e); + } catch (FileNotFoundException e) { + System.err.println("File not found at " + filename); + } + + } + + @Override + public void printHelp() { + formatter.printHelp(parent.name + "-" + name + " ", options); + } +} diff --git a/base/common/src/com/netscape/cms/client/cert/CertRestClient.java b/base/common/src/com/netscape/cms/client/cert/CertRestClient.java index ba4c2fb04..b83912fae 100644 --- a/base/common/src/com/netscape/cms/client/cert/CertRestClient.java +++ b/base/common/src/com/netscape/cms/client/cert/CertRestClient.java @@ -20,6 +20,7 @@ package com.netscape.cms.client.cert; import java.net.URISyntaxException; import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.certsrv.request.RequestId; import com.netscape.cms.servlet.cert.CertResource; import com.netscape.cms.servlet.cert.model.CertDataInfos; import com.netscape.cms.servlet.cert.model.CertRevokeRequest; @@ -28,6 +29,7 @@ import com.netscape.cms.servlet.cert.model.CertUnrevokeRequest; import com.netscape.cms.servlet.cert.model.CertificateData; import com.netscape.cms.servlet.csadmin.CMSRestClient; import com.netscape.cms.servlet.request.CertRequestResource; +import com.netscape.cms.servlet.request.model.AgentEnrollmentRequestData; import com.netscape.cms.servlet.request.model.CertRequestInfo; import com.netscape.cms.servlet.request.model.CertRequestInfos; import com.netscape.cms.servlet.request.model.EnrollmentRequestData; @@ -77,4 +79,12 @@ public class CertRestClient extends CMSRestClient { public CertRequestInfos enrollRequest(EnrollmentRequestData data){ return certRequestResource.enrollCert(data); } + + public AgentEnrollmentRequestData reviewRequest(RequestId id){ + return certRequestResource.reviewRequest(id); + } + + public void approveRequest(RequestId id, AgentEnrollmentRequestData data) { + certRequestResource.approveRequest(id, data); + } } diff --git a/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java b/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java index b44a71ee8..b154b3ee4 100644 --- a/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java +++ b/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java @@ -104,7 +104,6 @@ public class CAEnrollProfile extends EnrollProfile { // if PKI Archive Option present, send this request // to DRM byte optionsData[] = request.getExtDataInByteArray(REQUEST_ARCHIVE_OPTIONS); - // do not archive keys for renewal requests if ((optionsData != null) && (!request.getRequestType().equals(IRequest.RENEWAL_REQUEST))) { PKIArchiveOptions options = toPKIArchiveOptions(optionsData); @@ -175,11 +174,9 @@ public class CAEnrollProfile extends EnrollProfile { } } } - // process certificate issuance X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO); X509CertImpl theCert = null; - // #615460 - added audit log (transaction) SessionContext sc = SessionContext.getExistingContext(); sc.put("profileId", getId()); @@ -187,7 +184,6 @@ public class CAEnrollProfile extends EnrollProfile { if (setId != null) { sc.put("profileSetId", setId); } - try { theCert = caService.issueX509Cert(info, getId() /* profileId */, id /* requestId */); @@ -223,7 +219,6 @@ public class CAEnrollProfile extends EnrollProfile { } request.setRequestStatus(RequestStatus.COMPLETE); - // notifies updater plugins Enumeration updaterIds = getProfileUpdaterIds(); while (updaterIds.hasMoreElements()) { @@ -238,4 +233,5 @@ public class CAEnrollProfile extends EnrollProfile { else request.setExtData("isEncryptionCert", "false"); } + } diff --git a/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java index 2273abc21..a4922ab25 100644 --- a/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -830,9 +830,7 @@ public abstract class CMSServlet extends HttpServlet { /** * get ssl client authenticated certificate */ - protected X509Certificate - getSSLClientCertificate(HttpServletRequest httpReq) - throws EBaseException { + protected X509Certificate getSSLClientCertificate(HttpServletRequest httpReq) throws EBaseException { X509Certificate cert = null; diff --git a/base/common/src/com/netscape/cms/servlet/cert/RequestProcessor.java b/base/common/src/com/netscape/cms/servlet/cert/RequestProcessor.java index 9bb0c4b64..57e33f3a5 100644 --- a/base/common/src/com/netscape/cms/servlet/cert/RequestProcessor.java +++ b/base/common/src/com/netscape/cms/servlet/cert/RequestProcessor.java @@ -81,7 +81,6 @@ public class RequestProcessor extends CertProcessor { public void processRequest(HttpServletRequest request, AgentEnrollmentRequestData data, IRequest req, String op) throws EBaseException { try { - startTiming("approval"); IAuthToken authToken = null; diff --git a/base/common/src/com/netscape/cms/servlet/request/CertRequestResourceService.java b/base/common/src/com/netscape/cms/servlet/request/CertRequestResourceService.java index 47f63ff6c..d107e2191 100644 --- a/base/common/src/com/netscape/cms/servlet/request/CertRequestResourceService.java +++ b/base/common/src/com/netscape/cms/servlet/request/CertRequestResourceService.java @@ -135,7 +135,6 @@ public class CertRequestResourceService extends CMSResourceService implements Ce if (id == null) { throw new BadRequestException("Bad data input in CertRequestResourceService. op:" + op); } - CertRequestDAO dao = new CertRequestDAO(); try { dao.changeRequestState(id, servletRequest, data, getLocale(), op); @@ -160,8 +159,9 @@ public class CertRequestResourceService extends CMSResourceService implements Ce throw new CMSException(CMS.getUserMessage(getLocale(), "CMS_INTERNAL_ERROR")); } catch (EBaseException e) { e.printStackTrace(); - throw new CMSException("Problem approving request in CertRequestResource.assignRequest!"); + throw new CMSException("Problem approving request in CertRequestResource.assignRequest! " + e); } catch (RequestNotFoundException e) { + CMS.debug(e); throw new CMSException(Response.Status.BAD_REQUEST, CMS.getUserMessage(getLocale(), "CMS_REQUEST_NOT_FOUND", id.toString())); } diff --git a/base/common/src/com/netscape/cms/servlet/request/model/CertRequestDAO.java b/base/common/src/com/netscape/cms/servlet/request/model/CertRequestDAO.java index 193a53c89..4ebfc251f 100644 --- a/base/common/src/com/netscape/cms/servlet/request/model/CertRequestDAO.java +++ b/base/common/src/com/netscape/cms/servlet/request/model/CertRequestDAO.java @@ -146,7 +146,6 @@ public class CertRequestDAO extends CMSRequestDAO { } String profileId = request.getExtDataInString("profileId"); IProfile profile = ps.getProfile(profileId); - AgentEnrollmentRequestData info = AgentEnrollmentRequestDataFactory.create(request, profile, uriInfo, locale); if (ca.noncesEnabled()) { addNonce(info, servletRequest); -- cgit