From ae03c6bdf570cb36a1b139aeb0e467081665459e Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Sat, 19 May 2012 11:05:20 -0500 Subject: Added user REST service. The user REST service is based on UsrGrpAdminServlet. It provides an interface to manage users and user certificates. Ticket #160 --- base/common/src/CMakeLists.txt | 34 +- base/common/src/LogMessages.properties | 5 +- .../netscape/certsrv/user/UserCertCollection.java | 60 +++ .../com/netscape/certsrv/user/UserCertData.java | 254 +++++++++++ .../netscape/certsrv/user/UserCertResource.java | 63 +++ .../com/netscape/certsrv/user/UserCollection.java | 65 +++ .../src/com/netscape/certsrv/user/UserData.java | 239 ++++++++++ .../com/netscape/certsrv/user/UserResource.java | 69 +++ .../com/netscape/certsrv/usrgrp/IUGSubsystem.java | 5 + .../cms/servlet/admin/UserCertResourceService.java | 484 +++++++++++++++++++++ .../cms/servlet/admin/UserResourceService.java | 483 ++++++++++++++++++++ .../cms/servlet/base/CMSResourceService.java | 84 +++- .../src/com/netscape/cmscore/apps/CMSEngine.java | 2 +- 13 files changed, 1842 insertions(+), 5 deletions(-) create mode 100644 base/common/src/com/netscape/certsrv/user/UserCertCollection.java create mode 100644 base/common/src/com/netscape/certsrv/user/UserCertData.java create mode 100644 base/common/src/com/netscape/certsrv/user/UserCertResource.java create mode 100644 base/common/src/com/netscape/certsrv/user/UserCollection.java create mode 100644 base/common/src/com/netscape/certsrv/user/UserData.java create mode 100644 base/common/src/com/netscape/certsrv/user/UserResource.java create mode 100644 base/common/src/com/netscape/cms/servlet/admin/UserCertResourceService.java create mode 100644 base/common/src/com/netscape/cms/servlet/admin/UserResourceService.java (limited to 'base/common') diff --git a/base/common/src/CMakeLists.txt b/base/common/src/CMakeLists.txt index 8ca357c7f..2b9f76e4c 100644 --- a/base/common/src/CMakeLists.txt +++ b/base/common/src/CMakeLists.txt @@ -23,6 +23,20 @@ find_file(COMMONS_CODEC_JAR /usr/share/java ) +find_file(COMMONS_HTTPCLIENT_JAR + NAMES + commons-httpclient.jar + PATHS + /usr/share/java +) + +find_file(APACHE_COMMONS_LANG_JAR + NAMES + apache-commons-lang.jar + PATHS + /usr/share/java +) + find_file(TOMCAT_CATALINA_JAR NAMES catalina.jar @@ -76,6 +90,13 @@ find_file(RESTEASY_JAXRS_JAR /usr/share/java/resteasy ) +find_file(RESTEASY_ATOM_PROVIDER_JAR + NAMES + resteasy-atom-provider.jar + PATHS + /usr/share/java/resteasy +) + find_file(HTTPCLIENT_JAR NAMES httpclient.jar @@ -113,6 +134,12 @@ set(pki-certsrv_java_SRCS com/netscape/certsrv/common/ConfigConstants.java com/netscape/certsrv/common/OpDef.java com/netscape/certsrv/common/Constants.java + com/netscape/certsrv/user/UserCertCollection.java + com/netscape/certsrv/user/UserCertData.java + com/netscape/certsrv/user/UserCertResource.java + com/netscape/certsrv/user/UserCollection.java + com/netscape/certsrv/user/UserData.java + com/netscape/certsrv/user/UserResource.java com/netscape/certsrv/usrgrp/EUsrGrpException.java com/netscape/certsrv/usrgrp/IGroupConstants.java com/netscape/certsrv/usrgrp/Certificates.java @@ -575,6 +602,8 @@ set(pki-cms_java_SRCS com/netscape/cms/servlet/admin/AdminResources.java com/netscape/cms/servlet/admin/SystemCertificateResource.java com/netscape/cms/servlet/admin/SystemCertificateResourceService.java + com/netscape/cms/servlet/admin/UserCertResourceService.java + com/netscape/cms/servlet/admin/UserResourceService.java com/netscape/cms/servlet/key/DisplayBySerial.java com/netscape/cms/servlet/key/SrchKey.java com/netscape/cms/servlet/key/DisplayTransport.java @@ -1090,7 +1119,10 @@ set(pki-cmsbundle_RCS set(CMAKE_JAVA_INCLUDE_PATH ${PKI_NSUTIL_JAR} ${PKI_CMSUTIL_JAR} ${LDAPJDK_JAR} ${SERVLET_JAR} ${VELOCITY_JAR} ${XALAN_JAR} ${XERCES_JAR} - ${JSS_JAR} ${COMMONS_CODEC_JAR} ${TOMCAT_CATALINA_JAR} ${SYMKEY_JAR} ${JAXRS_API_JAR} ${RESTEASY_JAXRS_JAR} ${HTTPCLIENT_JAR} ${HTTPCORE_JAR}) + ${JSS_JAR} ${COMMONS_CODEC_JAR} ${COMMONS_HTTPCLIENT_JAR} ${APACHE_COMMONS_LANG_JAR} + ${TOMCAT_CATALINA_JAR} ${SYMKEY_JAR} + ${JAXRS_API_JAR} ${RESTEASY_JAXRS_JAR} ${RESTEASY_ATOM_PROVIDER_JAR} + ${HTTPCLIENT_JAR} ${HTTPCORE_JAR}) set(CMAKE_JAVA_TARGET_VERSION ${APPLICATION_VERSION}) diff --git a/base/common/src/LogMessages.properties b/base/common/src/LogMessages.properties index bd108bf80..550df1b5e 100644 --- a/base/common/src/LogMessages.properties +++ b/base/common/src/LogMessages.properties @@ -491,8 +491,9 @@ CMSCORE_USRGRP_LIST_USERS=List Users Error {0} CMSCORE_USRGRP_BUILD_USER=DN not found {0} CMSCORE_USRGRP_ADD_USER=add User: Could not get connection to internaldb. Error {0} CMSCORE_USRGRP_ADD_USER_CERT=add User Certificate {0} -CMSCORE_USRGRP_REMOVE_USER=remove User {0} -CMSCORE_USRGRP_REMOVE_USER_FROM_GROUP=remove User From Group {0} +CMSCORE_USRGRP_ADD_USER_TO_GROUP=Add User To Group {0} +CMSCORE_USRGRP_REMOVE_USER=Remove User {0} +CMSCORE_USRGRP_REMOVE_USER_FROM_GROUP=Remove User From Group {0} CMSCORE_USRGRP_FIND_GROUPS=Find Group {0} CMSCORE_USRGRP_LIST_GROUPS=List Group {0} CMSCORE_USRGRP_BUILD_GROUP=Build Group {0} diff --git a/base/common/src/com/netscape/certsrv/user/UserCertCollection.java b/base/common/src/com/netscape/certsrv/user/UserCertCollection.java new file mode 100644 index 000000000..a395ed73c --- /dev/null +++ b/base/common/src/com/netscape/certsrv/user/UserCertCollection.java @@ -0,0 +1,60 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.certsrv.user; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; + +import org.jboss.resteasy.plugins.providers.atom.Link; + +/** + * @author Endi S. Dewata + */ +@XmlRootElement(name="UserCerts") +public class UserCertCollection { + + List certs = new ArrayList(); + Collection links = new ArrayList(); + + @XmlElement(name="Cert") + public Collection getCerts() { + return certs; + } + + public void addCert(UserCertData cert) { + certs.add(cert); + } + + @XmlElement(name="Link") + public Collection getLinks() { + return links; + } + + public void setLink(Collection links) { + this.links = links; + } + + public void addLink(Link link) { + links.add(link); + } +} diff --git a/base/common/src/com/netscape/certsrv/user/UserCertData.java b/base/common/src/com/netscape/certsrv/user/UserCertData.java new file mode 100644 index 000000000..d77e1dc8b --- /dev/null +++ b/base/common/src/com/netscape/certsrv/user/UserCertData.java @@ -0,0 +1,254 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.certsrv.user; + +import java.io.PrintWriter; +import java.io.StringReader; +import java.io.StringWriter; +import java.math.BigInteger; +import java.util.StringTokenizer; + +import javax.ws.rs.FormParam; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.Marshaller; +import javax.xml.bind.Unmarshaller; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; + +import org.jboss.resteasy.plugins.providers.atom.Link; + +import com.netscape.certsrv.common.Constants; + +/** + * @author Endi S. Dewata + */ +@XmlRootElement(name="UserCert") +public class UserCertData { + + public static Marshaller marshaller; + public static Unmarshaller unmarshaller; + + static { + try { + marshaller = JAXBContext.newInstance(UserCertData.class).createMarshaller(); + marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); + unmarshaller = JAXBContext.newInstance(UserCertData.class).createUnmarshaller(); + } catch (Exception e) { + e.printStackTrace(); + } + } + + Integer version; + BigInteger serialNumber; + String issuerDN; + String subjectDN; + String prettyPrint; + String encoded; + + Link link; + + @XmlAttribute(name="id") + public String getID() { + if (version == null && serialNumber == null && issuerDN == null && subjectDN == null) { + return null; + } else { + return version + ";" + serialNumber + ";" + issuerDN + ";" + subjectDN; + } + } + + public void setID(String id) { + StringTokenizer st = new StringTokenizer(id, ";"); + version = Integer.valueOf(st.nextToken()); + serialNumber = new BigInteger(st.nextToken()); + issuerDN = st.nextToken(); + subjectDN = st.nextToken(); + } + + @XmlElement(name="Version") + public Integer getVersion() { + return version; + } + + public void setVersion(Integer version) { + this.version = version; + } + + @XmlElement(name="SerialNumber") + public BigInteger getSerialNumber() { + return serialNumber; + } + + public void setSerialNumber(BigInteger serialNumber) { + this.serialNumber = serialNumber; + } + + @XmlElement(name="IssuerDN") + public String getIssuerDN() { + return issuerDN; + } + + public void setIssuerDN(String issuerDN) { + this.issuerDN = issuerDN; + } + + @XmlElement(name="SubjectDN") + public String getSubjectDN() { + return subjectDN; + } + + public void setSubjectDN(String subjectDN) { + this.subjectDN = subjectDN; + } + + @XmlElement(name="PrettyPrint") + public String getPrettyPrint() { + return prettyPrint; + } + + public void setPrettyPrint(String prettyPrint) { + this.prettyPrint = prettyPrint; + } + + @FormParam(Constants.PR_USER_CERT) + @XmlElement(name="Encoded") + public String getEncoded() { + return encoded; + } + + public void setEncoded(String encoded) { + this.encoded = encoded; + } + + @XmlElement(name="Link") + public Link getLink() { + return link; + } + + public void setLink(Link link) { + this.link = link; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((encoded == null) ? 0 : encoded.hashCode()); + result = prime * result + ((issuerDN == null) ? 0 : issuerDN.hashCode()); + result = prime * result + ((prettyPrint == null) ? 0 : prettyPrint.hashCode()); + result = prime * result + ((serialNumber == null) ? 0 : serialNumber.hashCode()); + result = prime * result + ((subjectDN == null) ? 0 : subjectDN.hashCode()); + result = prime * result + ((version == null) ? 0 : version.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + UserCertData other = (UserCertData) obj; + if (encoded == null) { + if (other.encoded != null) + return false; + } else if (!encoded.equals(other.encoded)) + return false; + if (issuerDN == null) { + if (other.issuerDN != null) + return false; + } else if (!issuerDN.equals(other.issuerDN)) + return false; + if (prettyPrint == null) { + if (other.prettyPrint != null) + return false; + } else if (!prettyPrint.equals(other.prettyPrint)) + return false; + if (serialNumber == null) { + if (other.serialNumber != null) + return false; + } else if (!serialNumber.equals(other.serialNumber)) + return false; + if (subjectDN == null) { + if (other.subjectDN != null) + return false; + } else if (!subjectDN.equals(other.subjectDN)) + return false; + if (version == null) { + if (other.version != null) + return false; + } else if (!version.equals(other.version)) + return false; + return true; + } + + public String toString() { + try { + StringWriter sw = new StringWriter(); + marshaller.marshal(this, sw); + return sw.toString(); + + } catch (Exception e) { + return super.toString(); + } + } + + public static UserCertData valueOf(String string) throws Exception { + try { + return (UserCertData)unmarshaller.unmarshal(new StringReader(string)); + } catch (Exception e) { + return null; + } + } + + public static void main(String args[]) throws Exception { + + StringWriter sw = new StringWriter(); + PrintWriter out = new PrintWriter(sw, true); + + out.println("-----BEGIN CERTIFICATE-----"); + out.println("MIIB/zCCAWgCCQCtpWH58pqsejANBgkqhkiG9w0BAQUFADBEMRQwEgYDVQQKDAtF"); + out.println("WEFNUExFLUNPTTEYMBYGCgmSJomT8ixkAQEMCHRlc3R1c2VyMRIwEAYDVQQDDAlU"); + out.println("ZXN0IFVzZXIwHhcNMTIwNTE0MTcxNzI3WhcNMTMwNTE0MTcxNzI3WjBEMRQwEgYD"); + out.println("VQQKDAtFWEFNUExFLUNPTTEYMBYGCgmSJomT8ixkAQEMCHRlc3R1c2VyMRIwEAYD"); + out.println("VQQDDAlUZXN0IFVzZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKmmiPJp"); + out.println("Agh/gPUAZjfgJ3a8QiHvpMzZ/hZy1FVP3+2sNhCkMv+D/I8Y7AsrbJGxxvD7bTDm"); + out.println("zQYtYx2ryGyOgY7KBRxEj/IrNVHIkJMYq5G/aIU4FAzpc6ntNSwUQBYUAamfK8U6"); + out.println("Wo4Cp6rLePXIDE6sfGn3VX6IeSJ8U2V+vwtzAgMBAAEwDQYJKoZIhvcNAQEFBQAD"); + out.println("gYEAY9bjcD/7Z+oX6gsJtX6Rd79E7X5IBdOdArYzHNE4vjdaQrZw6oCxrY8ffpKC"); + out.println("0T0q5PX9I7er+hx/sQjGPMrJDEN+vFBSNrZE7sTeLRgkyiqGvChSyuG05GtGzXO4"); + out.println("bFBr+Gwk2VF2wJvOhTXU2hN8sfkkd9clzIXuL8WCDhWk1bY="); + out.println("-----END CERTIFICATE-----"); + + UserCertData before = new UserCertData(); + before.setVersion(1); + before.setSerialNumber(new BigInteger("12512514865863765114")); + before.setIssuerDN("CN=Test User,UID=testuser,O=EXAMPLE-COM"); + before.setSubjectDN("CN=Test User,UID=testuser,O=EXAMPLE-COM"); + before.setEncoded(sw.toString()); + + String string = before.toString(); + System.out.println(string); + + UserCertData after = UserCertData.valueOf(string); + System.out.println(before.equals(after)); + } +} diff --git a/base/common/src/com/netscape/certsrv/user/UserCertResource.java b/base/common/src/com/netscape/certsrv/user/UserCertResource.java new file mode 100644 index 000000000..b9339bc33 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/user/UserCertResource.java @@ -0,0 +1,63 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.certsrv.user; + +import javax.ws.rs.Consumes; +import javax.ws.rs.DELETE; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; + +import org.jboss.resteasy.annotations.ClientResponseType; + +/** + * @author Endi S. Dewata + */ +@Path("/users/{userID}/certs") +public interface UserCertResource { + + @GET + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + public UserCertCollection findUserCerts( + @PathParam("userID") String userID, + @QueryParam("start") Integer start, + @QueryParam("size") Integer size); + + + @POST + @ClientResponseType(entityType=UserCertData.class) + @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + public Response addUserCert(@PathParam("userID") String userID, UserCertData userCertData); + + @GET + @Path("/{certID}") + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + public UserCertData getUserCert(@PathParam("userID") String userID, @PathParam("certID") String certID); + + @DELETE + @Path("/{certID}") + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + public void removeUserCert(@PathParam("userID") String userID, @PathParam("certID") String certID); +} diff --git a/base/common/src/com/netscape/certsrv/user/UserCollection.java b/base/common/src/com/netscape/certsrv/user/UserCollection.java new file mode 100644 index 000000000..d92ecc208 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/user/UserCollection.java @@ -0,0 +1,65 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.certsrv.user; + +import java.util.ArrayList; +import java.util.Collection; + +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlElementRef; +import javax.xml.bind.annotation.XmlRootElement; + +import org.jboss.resteasy.plugins.providers.atom.Link; + + +/** + * @author Endi S. Dewata + */ +@XmlRootElement(name="Users") +public class UserCollection { + + Collection users = new ArrayList(); + Collection links = new ArrayList(); + + @XmlElementRef + public Collection getUsers() { + return users; + } + + public void setUsers(Collection users) { + this.users = users; + } + + public void addUser(UserData userData) { + users.add(userData); + } + + @XmlElement(name="Link") + public Collection getLinks() { + return links; + } + + public void setLink(Collection links) { + this.links = links; + } + + public void addLink(Link link) { + links.add(link); + } +} diff --git a/base/common/src/com/netscape/certsrv/user/UserData.java b/base/common/src/com/netscape/certsrv/user/UserData.java new file mode 100644 index 000000000..b62d02231 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/user/UserData.java @@ -0,0 +1,239 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.certsrv.user; + +import java.io.StringReader; +import java.io.StringWriter; + +import javax.ws.rs.FormParam; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.Marshaller; +import javax.xml.bind.Unmarshaller; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; + +import org.jboss.resteasy.plugins.providers.atom.Link; + +import com.netscape.certsrv.common.Constants; + +/** + * @author Endi S. Dewata + */ +@XmlRootElement(name="User") +public class UserData { + + public static Marshaller marshaller; + public static Unmarshaller unmarshaller; + + static { + try { + marshaller = JAXBContext.newInstance(UserData.class).createMarshaller(); + marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); + unmarshaller = JAXBContext.newInstance(UserData.class).createUnmarshaller(); + } catch (Exception e) { + e.printStackTrace(); + } + } + + String id; + String fullName; + String email; + String password; + String phone; + String type; + String state; + + Link link; + + @XmlAttribute(name="id") + public String getID() { + return id; + } + + public void setID(String id) { + this.id = id; + } + + @FormParam(Constants.PR_USER_FULLNAME) + @XmlElement(name="FullName") + public String getFullName() { + return fullName; + } + + public void setFullName(String fullName) { + this.fullName = fullName; + } + + @FormParam(Constants.PR_USER_EMAIL) + @XmlElement(name="Email") + public String getEmail() { + return email; + } + + public void setEmail(String email) { + this.email = email; + } + + @FormParam(Constants.PR_USER_PASSWORD) + @XmlElement(name="Password") + public String getPassword() { + return password; + } + + public void setPassword(String password) { + this.password = password; + } + + @FormParam(Constants.PR_USER_PHONE) + @XmlElement(name="Phone") + public String getPhone() { + return phone; + } + + public void setPhone(String phone) { + this.phone = phone; + } + + @FormParam(Constants.PR_USER_TYPE) + @XmlElement(name="Type") + public String getType() { + return type; + } + + public void setType(String type) { + this.type = type; + } + + @FormParam(Constants.PR_USER_STATE) + @XmlElement(name="State") + public String getState() { + return state; + } + + public void setState(String state) { + this.state = state; + } + + @XmlElement(name="Link") + public Link getLink() { + return link; + } + + public void setLink(Link link) { + this.link = link; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((email == null) ? 0 : email.hashCode()); + result = prime * result + ((fullName == null) ? 0 : fullName.hashCode()); + result = prime * result + ((id == null) ? 0 : id.hashCode()); + result = prime * result + ((password == null) ? 0 : password.hashCode()); + result = prime * result + ((phone == null) ? 0 : phone.hashCode()); + result = prime * result + ((state == null) ? 0 : state.hashCode()); + result = prime * result + ((type == null) ? 0 : type.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + UserData other = (UserData) obj; + if (email == null) { + if (other.email != null) + return false; + } else if (!email.equals(other.email)) + return false; + if (fullName == null) { + if (other.fullName != null) + return false; + } else if (!fullName.equals(other.fullName)) + return false; + if (id == null) { + if (other.id != null) + return false; + } else if (!id.equals(other.id)) + return false; + if (password == null) { + if (other.password != null) + return false; + } else if (!password.equals(other.password)) + return false; + if (phone == null) { + if (other.phone != null) + return false; + } else if (!phone.equals(other.phone)) + return false; + if (state == null) { + if (other.state != null) + return false; + } else if (!state.equals(other.state)) + return false; + if (type == null) { + if (other.type != null) + return false; + } else if (!type.equals(other.type)) + return false; + return true; + } + + public String toString() { + try { + StringWriter sw = new StringWriter(); + marshaller.marshal(this, sw); + return sw.toString(); + + } catch (Exception e) { + return super.toString(); + } + } + + public static UserData valueOf(String string) throws Exception { + try { + return (UserData)unmarshaller.unmarshal(new StringReader(string)); + } catch (Exception e) { + return null; + } + } + + public static void main(String args[]) throws Exception { + + UserData before = new UserData(); + before.setID("testuser"); + before.setFullName("Test User"); + before.setEmail("testuser@example.com"); + before.setPassword("12345"); + before.setPhone("1234567890"); + before.setState("1"); + + String string = before.toString(); + System.out.println(string); + + UserData after = UserData.valueOf(string); + System.out.println(before.equals(after)); + } +} diff --git a/base/common/src/com/netscape/certsrv/user/UserResource.java b/base/common/src/com/netscape/certsrv/user/UserResource.java new file mode 100644 index 000000000..fae700bc3 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/user/UserResource.java @@ -0,0 +1,69 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.certsrv.user; + +import javax.ws.rs.Consumes; +import javax.ws.rs.DELETE; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; + +import org.jboss.resteasy.annotations.ClientResponseType; + +/** + * @author Endi S. Dewata + */ +@Path("/users") +public interface UserResource { + + @GET + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + public UserCollection findUsers( + @QueryParam("filter") String filter, + @QueryParam("start") Integer start, + @QueryParam("size") Integer size); + + @POST + @ClientResponseType(entityType=UserData.class) + @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + public Response addUser(UserData userData); + + @GET + @Path("/{userID}") + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + public UserData getUser(@PathParam("userID") String userID); + + @POST + @Path("/{userID}") + @ClientResponseType(entityType=UserData.class) + @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + public Response modifyUser(@PathParam("userID") String userID, UserData userData); + + @DELETE + @Path("/{userID}") + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + public void removeUser(@PathParam("userID") String userID); +} diff --git a/base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java b/base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java index aa8b65575..60a1f70ea 100644 --- a/base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java +++ b/base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java @@ -239,6 +239,11 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp { */ public String getCertificateString(X509Certificate cert); + /** + * Searchs for identities that matches the filter. + */ + public Enumeration findUsers(String filter) throws EUsrGrpException; + /** * Searchs for identities that matches the certificate locater * generated filter. diff --git a/base/common/src/com/netscape/cms/servlet/admin/UserCertResourceService.java b/base/common/src/com/netscape/cms/servlet/admin/UserCertResourceService.java new file mode 100644 index 000000000..ebeb5b134 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/admin/UserCertResourceService.java @@ -0,0 +1,484 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cms.servlet.admin; + +import java.net.URI; +import java.net.URLDecoder; +import java.net.URLEncoder; +import java.security.cert.CertificateException; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.X509Certificate; +import java.util.Map; + +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; + +import netscape.ldap.LDAPException; +import netscape.security.pkcs.PKCS7; +import netscape.security.x509.X509CertImpl; + +import org.jboss.resteasy.plugins.providers.atom.Link; +import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.crypto.InternalCertificate; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.ICertPrettyPrint; +import com.netscape.certsrv.common.OpDef; +import com.netscape.certsrv.common.ScopeDef; +import com.netscape.certsrv.logging.IAuditor; +import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.user.UserCertCollection; +import com.netscape.certsrv.user.UserCertData; +import com.netscape.certsrv.user.UserCertResource; +import com.netscape.certsrv.usrgrp.IUGSubsystem; +import com.netscape.certsrv.usrgrp.IUser; +import com.netscape.cms.servlet.base.CMSException; +import com.netscape.cms.servlet.base.CMSResourceService; +import com.netscape.cmsutil.util.Cert; +import com.netscape.cmsutil.util.Utils; + +/** + * @author Endi S. Dewata + */ +public class UserCertResourceService extends CMSResourceService implements UserCertResource { + + public final static int DEFAULT_SIZE = 20; + + public IUGSubsystem userGroupManager = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); + + public UserCertData createUserCertData(String userID, X509Certificate cert) throws Exception { + + UserCertData userCertData = new UserCertData(); + + userCertData.setVersion(cert.getVersion()); + userCertData.setSerialNumber(cert.getSerialNumber()); + userCertData.setIssuerDN(cert.getIssuerDN().toString()); + userCertData.setSubjectDN(cert.getSubjectDN().toString()); + + userID = URLEncoder.encode(userID, "UTF-8"); + String certID = URLEncoder.encode(userCertData.getID(), "UTF-8"); + URI uri = uriInfo.getBaseUriBuilder().path(UserCertResource.class).path("{certID}").build(userID, certID); + userCertData.setLink(new Link("self", uri)); + + return userCertData; + } + + /** + * List user certificate(s) + * + * Request/Response Syntax: + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin + */ + @Override + public UserCertCollection findUserCerts(String userID, Integer start, Integer size) { + try { + start = start == null ? 0 : start; + size = size == null ? DEFAULT_SIZE : size; + + if (userID == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + } + + IUser user = null; + + try { + user = userGroupManager.getUser(userID); + } catch (Exception e) { + throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); + } + + if (user == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); + throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); + } + + UserCertCollection response = new UserCertCollection(); + + X509Certificate[] certs = user.getX509Certificates(); + if (certs != null) { + for (int i=start; i 0) { + URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", Math.max(start-size, 0)).build(); + response.addLink(new Link("prev", uri)); + } + + if (start+size < certs.length) { + URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", start+size).build(); + response.addLink(new Link("next", uri)); + } + } + + return response; + + } catch (CMSException e) { + throw e; + + } catch (Exception e) { + throw new CMSException(e.getMessage()); + } + } + + @Override + public UserCertData getUserCert(String userID, String certID) { + try { + if (userID == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + + throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + } + + IUser user = null; + + try { + user = userGroupManager.getUser(userID); + } catch (Exception e) { + throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); + } + + if (user == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); + throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); + } + + X509Certificate[] certs = user.getX509Certificates(); + + if (certs == null) { + throw new CMSException("Certificate not found"); + } + + try { + certID = URLDecoder.decode(certID, "UTF-8"); + } catch (Exception e) { + throw new CMSException(e.getMessage()); + } + + for (X509Certificate cert : certs) { + + UserCertData userCertData = createUserCertData(userID, cert); + + if (!userCertData.getID().equals(certID)) continue; + + ICertPrettyPrint print = CMS.getCertPrettyPrint(cert); + userCertData.setPrettyPrint(print.toString(getLocale())); + + // add base64 encoding + String base64 = CMS.getEncodedCert(cert); + userCertData.setEncoded(base64); + + return userCertData; + } + + throw new CMSException("Certificate not found"); + + } catch (CMSException e) { + throw e; + + } catch (Exception e) { + throw new CMSException(e.getMessage()); + } + } + + /** + * Adds a certificate to a user + *

+ * + * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin + *

+ * + *

    + *
  • signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under + * users/groups) + *
+ */ + @Override + public Response addUserCert(String userID, UserCertData userCertData) { + + // ensure that any low-level exceptions are reported + // to the signed audit log and stored as failures + try { + if (userID == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + } + + IUser user = userGroupManager.createUser(userID); + + String encoded = userCertData.getEncoded(); + encoded = Cert.normalizeCertStrAndReq(encoded); + encoded = Cert.stripBrackets(encoded); + + // no cert is a success + if (encoded == null) { + auditAddUserCert(userID, userCertData, ILogger.SUCCESS); + return Response.ok().build(); + } + + // only one cert added per operation + X509Certificate cert = null; + + // Base64 decode cert + byte binaryCert[] = Utils.base64decode(encoded); + + try { + cert = new X509CertImpl(binaryCert); + + } catch (CertificateException e) { + // ignore + } + + if (cert == null) { + // cert chain direction + boolean assending = true; + + // could it be a pkcs7 blob? + CMS.debug("UserCertResourceService: " + CMS.getLogMessage("ADMIN_SRVLT_IS_PK_BLOB")); + + try { + CryptoManager manager = CryptoManager.getInstance(); + + PKCS7 pkcs7 = new PKCS7(binaryCert); + + X509Certificate p7certs[] = pkcs7.getCertificates(); + + if (p7certs.length == 0) { + throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR")); + } + + // fix for 370099 - cert ordering can not be assumed + // find out the ordering ... + + // self-signed and alone? take it. otherwise test + // the ordering + if (p7certs[0].getSubjectDN().toString().equals( + p7certs[0].getIssuerDN().toString()) && + (p7certs.length == 1)) { + cert = p7certs[0]; + CMS.debug("UserCertResourceService: " + CMS.getLogMessage("ADMIN_SRVLT_SINGLE_CERT_IMPORT")); + + } else if (p7certs[0].getIssuerDN().toString().equals(p7certs[1].getSubjectDN().toString())) { + cert = p7certs[0]; + CMS.debug("UserCertResourceService: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_CHAIN_ACEND_ORD")); + + } else if (p7certs[1].getIssuerDN().toString().equals(p7certs[0].getSubjectDN().toString())) { + assending = false; + CMS.debug("UserCertResourceService: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_CHAIN_DESC_ORD")); + cert = p7certs[p7certs.length - 1]; + + } else { + // not a chain, or in random order + CMS.debug("UserCertResourceService: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_BAD_CHAIN")); + throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR")); + } + + CMS.debug("UserCertResourceService: " + + CMS.getLogMessage("ADMIN_SRVLT_CHAIN_STORED_DB", String.valueOf(p7certs.length))); + + int j = 0; + int jBegin = 0; + int jEnd = 0; + + if (assending == true) { + jBegin = 1; + jEnd = p7certs.length; + } else { + jBegin = 0; + jEnd = p7certs.length - 1; + } + + // store the chain into cert db, except for the user cert + for (j = jBegin; j < jEnd; j++) { + CMS.debug("UserCertResourceService: " + + CMS.getLogMessage("ADMIN_SRVLT_CERT_IN_CHAIN", String.valueOf(j), + String.valueOf(p7certs[j].getSubjectDN()))); + org.mozilla.jss.crypto.X509Certificate leafCert = + manager.importCACertPackage(p7certs[j].getEncoded()); + + if (leafCert == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_LEAF_CERT_NULL")); + } else { + CMS.debug("UserCertResourceService: " + CMS.getLogMessage("ADMIN_SRVLT_LEAF_CERT_NON_NULL")); + } + + if (leafCert instanceof InternalCertificate) { + ((InternalCertificate) leafCert).setSSLTrust( + InternalCertificate.VALID_CA | + InternalCertificate.TRUSTED_CA | + InternalCertificate.TRUSTED_CLIENT_CA); + } else { + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NOT_INTERNAL_CERT", + String.valueOf(p7certs[j].getSubjectDN()))); + } + } + + /* + } catch (CryptoManager.UserCertConflictException e) { + // got a "user cert" in the chain, most likely the CA + // cert of this instance, which has a private key. Ignore + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED", e.toString())); + */ + } catch (Exception e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_ERROR", e.toString())); + throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR")); + } + } + + try { + CMS.debug("UserCertResourceService: " + CMS.getLogMessage("ADMIN_SRVLT_BEFORE_VALIDITY")); + cert.checkValidity(); // throw exception if fails + + user.setX509Certificates(new X509Certificate[] { cert }); + userGroupManager.addUserCert(user); + + auditAddUserCert(userID, userCertData, ILogger.SUCCESS); + + // read the data back + + userCertData.setVersion(cert.getVersion()); + userCertData.setSerialNumber(cert.getSerialNumber()); + userCertData.setIssuerDN(cert.getIssuerDN().toString()); + userCertData.setSubjectDN(cert.getSubjectDN().toString()); + String certID = userCertData.getID(); + + userCertData = getUserCert(userID, URLEncoder.encode(certID, "UTF-8")); + + return Response + .created(userCertData.getLink().getHref()) + .entity(userCertData) + .type(MediaType.APPLICATION_XML) + .build(); + + } catch (CertificateExpiredException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ADD_CERT_EXPIRED", + String.valueOf(cert.getSubjectDN()))); + throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_CERT_EXPIRED")); + + } catch (CertificateNotYetValidException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID", + String.valueOf(cert.getSubjectDN()))); + throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID")); + + } catch (LDAPException e) { + if (e.getLDAPResultCode() == LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { + throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_USER_CERT_EXISTS")); + } else { + throw new CMSException(getUserMessage("CMS_USRGRP_USER_MOD_FAILED")); + } + } + + } catch (CMSException e) { + auditAddUserCert(userID, userCertData, ILogger.FAILURE); + throw e; + + } catch (Exception e) { + log(ILogger.LL_FAILURE, e.toString()); + auditAddUserCert(userID, userCertData, ILogger.FAILURE); + throw new CMSException(getUserMessage("CMS_USRGRP_USER_MOD_FAILED")); + } + } + + /** + * Removes a certificate for a user + *

+ * + * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin + *

+ * + * In this method, "certDN" is actually a combination of version, serialNumber, issuerDN, and SubjectDN. + *

+ * + *

    + *
  • signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under + * users/groups) + *
+ */ + @Override + public void removeUserCert(String userID, String certID) { + + try { + certID = URLDecoder.decode(certID, "UTF-8"); + } catch (Exception e) { + throw new CMSException(e.getMessage()); + } + + UserCertData userCertData = new UserCertData(); + userCertData.setID(certID); + removeUserCert(userID, userCertData); + } + + public void removeUserCert(String userID, UserCertData userCertData) { + + // ensure that any low-level exceptions are reported + // to the signed audit log and stored as failures + try { + if (userID == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + } + + IUser user = userGroupManager.createUser(userID); + String certID = userCertData.getID(); + + // no certDN is a success + if (certID == null) { + auditDeleteUserCert(userID, userCertData, ILogger.SUCCESS); + return; + } + + user.setCertDN(certID); + + userGroupManager.removeUserCert(user); + + auditDeleteUserCert(userID, userCertData, ILogger.SUCCESS); + + } catch (CMSException e) { + auditDeleteUserCert(userID, userCertData, ILogger.FAILURE); + throw e; + + } catch (Exception e) { + log(ILogger.LL_FAILURE, e.toString()); + auditDeleteUserCert(userID, userCertData, ILogger.FAILURE); + throw new CMSException(getUserMessage("CMS_USRGRP_USER_MOD_FAILED")); + } + } + + public void log(int level, String message) { + log(ILogger.S_USRGRP, level, message); + } + + public void auditAddUserCert(String id, UserCertData userCertData, String status) { + audit(OpDef.OP_ADD, id, getParams(userCertData), status); + } + + public void auditDeleteUserCert(String id, UserCertData userCertData, String status) { + audit(OpDef.OP_DELETE, id, getParams(userCertData), status); + } + + public void audit(String type, String id, Map params, String status) { + audit(IAuditor.LOGGING_SIGNED_AUDIT_CONFIG_ROLE, ScopeDef.SC_USER_CERTS, type, id, params, status); + } +} diff --git a/base/common/src/com/netscape/cms/servlet/admin/UserResourceService.java b/base/common/src/com/netscape/cms/servlet/admin/UserResourceService.java new file mode 100644 index 000000000..1639c5912 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/admin/UserResourceService.java @@ -0,0 +1,483 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cms.servlet.admin; + +import java.net.URI; +import java.net.URLEncoder; +import java.util.Enumeration; +import java.util.Map; + +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; + +import netscape.ldap.LDAPException; + +import org.apache.commons.lang.StringUtils; +import org.jboss.resteasy.plugins.providers.atom.Link; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.common.OpDef; +import com.netscape.certsrv.common.ScopeDef; +import com.netscape.certsrv.logging.IAuditor; +import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.password.IPasswordCheck; +import com.netscape.certsrv.user.UserCollection; +import com.netscape.certsrv.user.UserData; +import com.netscape.certsrv.user.UserResource; +import com.netscape.certsrv.usrgrp.EUsrGrpException; +import com.netscape.certsrv.usrgrp.IGroup; +import com.netscape.certsrv.usrgrp.IUGSubsystem; +import com.netscape.certsrv.usrgrp.IUser; +import com.netscape.cms.servlet.base.CMSException; +import com.netscape.cms.servlet.base.CMSResourceService; +import com.netscape.cmsutil.ldap.LDAPUtil; + +/** + * @author Endi S. Dewata + */ +public class UserResourceService extends CMSResourceService implements UserResource { + + public final static int DEFAULT_SIZE = 20; + + public final static String BACK_SLASH = "\\"; + public final static String SYSTEM_USER = "$System$"; + + public IUGSubsystem userGroupManager = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); + + public UserData createUserData(IUser user) throws Exception { + + UserData userData = new UserData(); + + String id = user.getUserID(); + if (!StringUtils.isEmpty(id)) userData.setID(id); + + String fullName = user.getFullName(); + if (!StringUtils.isEmpty(fullName)) userData.setFullName(fullName); + + String userID = URLEncoder.encode(id, "UTF-8"); + URI uri = uriInfo.getBaseUriBuilder().path(UserResource.class).path("{userID}").build(userID); + userData.setLink(new Link("self", uri)); + + return userData; + } + + /** + * Searches for users in LDAP directory. + * + * Request/Response Syntax: + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin + */ + @Override + public UserCollection findUsers(String filter, Integer start, Integer size) { + try { + filter = StringUtils.isEmpty(filter) ? "*" : "*"+LDAPUtil.escapeFilter(filter)+"*"; + start = start == null ? 0 : start; + size = size == null ? DEFAULT_SIZE : size; + + Enumeration users = userGroupManager.findUsers(filter); + + UserCollection response = new UserCollection(); + + int i = 0; + + // skip to the start of the page + for ( ; i 0) { + URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", Math.max(start-size, 0)).build(); + response.addLink(new Link("prev", uri)); + } + + if (start+size < i) { + URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", start+size).build(); + response.addLink(new Link("next", uri)); + } + + return response; + + } catch (Exception e) { + throw new CMSException(getUserMessage("CMS_INTERNAL_ERROR")); + } + } + + /** + * List user information. Certificates covered in a separate + * protocol for findUserCerts(). List of group memberships are + * also provided. + * + * Request/Response Syntax: + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin + */ + @Override + public UserData getUser(String userID) { + try { + if (userID == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + + throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + } + + IUser user; + + try { + user = userGroupManager.getUser(userID); + } catch (Exception e) { + throw new CMSException(getUserMessage("CMS_INTERNAL_ERROR")); + } + + if (user == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); + + throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); + } + + UserData userData = createUserData(user); + + String email = user.getEmail(); + if (!StringUtils.isEmpty(email)) userData.setEmail(email); + + String phone = user.getPhone(); + if (!StringUtils.isEmpty(phone)) userData.setPhone(phone); + + String state = user.getState(); + if (!StringUtils.isEmpty(state)) userData.setState(state); + + String type = user.getUserType(); + if (!StringUtils.isEmpty(type)) userData.setType(type); + + return userData; + + } catch (CMSException e) { + throw e; + + } catch (Exception e) { + throw new CMSException(e.getMessage()); + } + } + + /** + * Adds a new user to LDAP server + *

+ * + * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin + *

+ * + *

    + *
  • signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under + * users/groups) + *
+ */ + + @Override + public Response addUser(UserData userData) { + + String userID = userData.getID(); + + // ensure that any low-level exceptions are reported + // to the signed audit log and stored as failures + try { + if (userID == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + } + + if (userID.indexOf(BACK_SLASH) != -1) { + // backslashes (BS) are not allowed + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_RS_ID_BS")); + throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_RS_ID_BS")); + } + + if (userID.equals(SYSTEM_USER)) { + // backslashes (BS) are not allowed + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_SPECIAL_ID", userID)); + throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_SPECIAL_ID", userID)); + } + + IUser user = userGroupManager.createUser(userID); + + String fname = userData.getFullName(); + if (fname == null || fname.length() == 0) { + String msg = getUserMessage("CMS_USRGRP_USER_ADD_FAILED_1", "full name"); + + log(ILogger.LL_FAILURE, msg); + throw new CMSException(msg); + + } else { + user.setFullName(fname); + } + + String email = userData.getEmail(); + if (email != null) { + user.setEmail(email); + } else { + user.setEmail(""); + } + + String pword = userData.getPassword(); + if (pword != null && !pword.equals("")) { + IPasswordCheck passwdCheck = CMS.getPasswordChecker(); + + if (!passwdCheck.isGoodPassword(pword)) { + throw new EUsrGrpException(passwdCheck.getReason(pword)); + } + + user.setPassword(pword); + } else { + user.setPassword(""); + } + + String phone = userData.getPhone(); + if (phone != null) { + user.setPhone(phone); + } else { + user.setPhone(""); + } + + String type = userData.getType(); + if (type != null) { + user.setUserType(type); + } else { + user.setUserType(""); + } + + String state = userData.getState(); + if (state != null) { + user.setState(state); + } + + try { + userGroupManager.addUser(user); + + auditAddUser(userID, userData, ILogger.SUCCESS); + + // read the data back + userData = getUser(userID); + + return Response + .created(userData.getLink().getHref()) + .entity(userData) + .type(MediaType.APPLICATION_XML) + .build(); + + } catch (EUsrGrpException e) { + log(ILogger.LL_FAILURE, e.toString()); + + if (user.getUserID() == null) { + throw new CMSException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED_1", "uid")); + } else { + throw new CMSException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED")); + } + + } catch (LDAPException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ADD_USER_FAIL", e.toString())); + throw new CMSException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED")); + + } catch (Exception e) { + log(ILogger.LL_FAILURE, e.toString()); + throw new CMSException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED")); + } + + } catch (CMSException e) { + auditAddUser(userID, userData, ILogger.FAILURE); + throw e; + + } catch (EBaseException e) { + auditAddUser(userID, userData, ILogger.FAILURE); + throw new CMSException(e.getMessage()); + } + } + + /** + * Modifies an existing user in local scope. + *

+ * + * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin + *

+ * + *

    + *
  • signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under + * users/groups) + *
+ */ + @Override + public Response modifyUser(String userID, UserData userData) { + + // ensure that any low-level exceptions are reported + // to the signed audit log and stored as failures + try { + if (userID == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + } + + IUser user = userGroupManager.createUser(userID); + + String fullName = userData.getFullName(); + if (fullName != null) { + user.setFullName(fullName); + } + + String email = userData.getEmail(); + if (email != null) { + user.setEmail(email); + } + + String pword = userData.getPassword(); + if (pword != null && !pword.equals("")) { + IPasswordCheck passwdCheck = CMS.getPasswordChecker(); + + if (!passwdCheck.isGoodPassword(pword)) { + throw new EUsrGrpException(passwdCheck.getReason(pword)); + } + + user.setPassword(pword); + } + + String phone = userData.getPhone(); + if (phone != null) { + user.setPhone(phone); + } + + String state = userData.getState(); + if (state != null) { + user.setState(state); + } + + try { + userGroupManager.modifyUser(user); + + auditModifyUser(userID, userData, ILogger.SUCCESS); + + // read the data back + userData = getUser(userID); + + return Response + .ok(userData) + .type(MediaType.APPLICATION_XML) + .build(); + + } catch (Exception e) { + log(ILogger.LL_FAILURE, e.toString()); + throw new CMSException(getUserMessage("CMS_USRGRP_USER_MOD_FAILED")); + } + + } catch (CMSException e) { + auditModifyUser(userID, userData, ILogger.FAILURE); + throw e; + + } catch (EBaseException e) { + auditModifyUser(userID, userData, ILogger.FAILURE); + throw new CMSException(e.getMessage()); + } + } + + /** + * removes a user. user not removed if belongs to any group + * (Administrators should remove the user from "uniquemember" of + * any group he/she belongs to before trying to remove the user + * itself. + *

+ * + * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin + *

+ * + *

    + *
  • signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under + * users/groups) + *
+ */ + @Override + public void removeUser(String userID) { + + // ensure that any low-level exceptions are reported + // to the signed audit log and stored as failures + try { + if (userID == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + throw new CMSException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + } + + // get list of groups, and see if uid belongs to any + Enumeration groups; + + try { + groups = userGroupManager.findGroups("*"); + + } catch (Exception e) { + throw new CMSException(getUserMessage("CMS_INTERNAL_ERROR")); + } + + try { + while (groups.hasMoreElements()) { + IGroup group = groups.nextElement(); + if (!group.isMember(userID)) continue; + + userGroupManager.removeUserFromGroup(group, userID); + } + + // comes out clean of group membership...now remove user + userGroupManager.removeUser(userID); + + auditDeleteUser(userID, ILogger.SUCCESS); + + } catch (Exception e) { + throw new CMSException(getUserMessage("CMS_USRGRP_SRVLT_FAIL_USER_RMV")); + } + + } catch (CMSException e) { + auditDeleteUser(userID, ILogger.FAILURE); + throw e; + } + } + + public void log(int level, String message) { + log(ILogger.S_USRGRP, level, message); + } + + public void auditAddUser(String id, UserData userData, String status) { + audit(OpDef.OP_ADD, id, getParams(userData), status); + } + + public void auditModifyUser(String id, UserData userData, String status) { + audit(OpDef.OP_MODIFY, id, getParams(userData), status); + } + + public void auditDeleteUser(String id, String status) { + audit(OpDef.OP_DELETE, id, null, status); + } + + public void audit(String type, String id, Map params, String status) { + audit(IAuditor.LOGGING_SIGNED_AUDIT_CONFIG_ROLE, ScopeDef.SC_USERS, type, id, params, status); + } +} diff --git a/base/common/src/com/netscape/cms/servlet/base/CMSResourceService.java b/base/common/src/com/netscape/cms/servlet/base/CMSResourceService.java index 36f33b6f8..85ccbf9f7 100644 --- a/base/common/src/com/netscape/cms/servlet/base/CMSResourceService.java +++ b/base/common/src/com/netscape/cms/servlet/base/CMSResourceService.java @@ -17,17 +17,26 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; +import java.lang.reflect.Method; import java.security.cert.CertificateEncodingException; +import java.util.HashMap; +import java.util.List; +import java.util.Locale; +import java.util.Map; +import javax.ws.rs.FormParam; import javax.ws.rs.core.CacheControl; import javax.ws.rs.core.Context; import javax.ws.rs.core.EntityTag; +import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.Request; import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; import javax.ws.rs.core.Response.ResponseBuilder; +import javax.ws.rs.core.UriInfo; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.logging.IAuditor; +import com.netscape.certsrv.logging.ILogger; import com.netscape.cms.servlet.cert.model.CertificateData; /** @@ -47,9 +56,15 @@ public class CMSResourceService { @Context protected UriInfo uriInfo; + @Context + protected HttpHeaders headers; + @Context protected Request request; + public ILogger logger = CMS.getLogger(); + public IAuditor auditor = CMS.getAuditor(); + public Response createOKResponse(Object object) { return Response.ok(object).build(); } @@ -79,4 +94,71 @@ public class CMSResourceService { return data; } + public Locale getLocale() { + + if (headers == null) return Locale.getDefault(); + + List locales = headers.getAcceptableLanguages(); + if (locales == null || locales.isEmpty()) return Locale.getDefault(); + + return locales.get(0); + } + + public String getUserMessage(String messageId, String... params) { + return CMS.getUserMessage(getLocale(), messageId, params); + } + + public void log(int source, int level, String message) { + + if (logger == null) return; + + logger.log(ILogger.EV_SYSTEM, + null, + source, + level, + getClass().getSimpleName()+": " + message); + } + + public void audit(String message, String scope, String type, String id, Map params, String status) { + + if (auditor == null) return; + + String auditMessage = CMS.getLogMessage( + message, + auditor.getSubjectID(), + status, + auditor.getParamString(scope, type, id, params)); + + auditor.log(auditMessage); + } + + /** + * Get the values of the fields annotated with @FormParam. + */ + public Map getParams(Object object) { + + Map map = new HashMap(); + + // for each fields in the object + for (Method method : object.getClass().getMethods()) { + FormParam element = method.getAnnotation(FormParam.class); + if (element == null) continue; + + String name = element.value(); + + try { + // get the value from the object + Object value = method.invoke(object); + + // put the value in the map + map.put(name, value == null ? null : value.toString()); + + } catch (Exception e) { + // ignore inaccessible fields + e.printStackTrace(); + } + } + + return map; + } } diff --git a/base/common/src/com/netscape/cmscore/apps/CMSEngine.java b/base/common/src/com/netscape/cmscore/apps/CMSEngine.java index 72e8c49e8..4eacf2236 100644 --- a/base/common/src/com/netscape/cmscore/apps/CMSEngine.java +++ b/base/common/src/com/netscape/cmscore/apps/CMSEngine.java @@ -1415,7 +1415,7 @@ public class CMSEngine implements ICMSEngine { try { return "-----BEGIN CERTIFICATE-----\n" + CMS.BtoA(cert.getEncoded()) + - "\n-----END CERTIFICATE-----\n"; + "-----END CERTIFICATE-----\n"; } catch (Exception e) { return null; } -- cgit