1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
// --- BEGIN COPYRIGHT BLOCK ---
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; version 2 of the License.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// (C) 2011 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import com.netscape.cms.servlet.base.CMSResourceService;
import com.netscape.cms.servlet.key.model.KeyDAO;
import com.netscape.cms.servlet.key.model.KeyData;
import com.netscape.cms.servlet.request.model.KeyRequestDAO;
import com.netscape.cms.servlet.request.model.KeyRequestInfo;
import com.netscape.cms.servlet.request.model.RecoveryRequestData;
import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.RequestId;
import com.netscape.certsrv.request.RequestStatus;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.dbs.keydb.KeyId;
/**
* @author alee
*
*/
public class KeyResourceService extends CMSResourceService implements KeyResource{
@Context
UriInfo uriInfo;
/**
* Used to retrieve a key
* @param data
* @return
*/
public KeyData retrieveKey(RecoveryRequestData data) {
// auth and authz
KeyId keyId = validateRequest(data);
KeyDAO dao = new KeyDAO();
KeyData keyData;
try {
keyData = dao.getKey(keyId, data);
} catch (EBaseException e) {
// log error
e.printStackTrace();
throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
}
if (keyData == null) {
// no key record
throw new WebApplicationException(Response.Status.GONE);
}
return keyData;
}
// retrieval - used to test integration with a browser
public KeyData retrieveKey(MultivaluedMap<String, String> form) {
RecoveryRequestData data = new RecoveryRequestData(form);
return retrieveKey(data);
}
private KeyId validateRequest(RecoveryRequestData data) {
// confirm request exists
RequestId reqId = data.getRequestId();
if (reqId == null) {
// log error
throw new WebApplicationException(Response.Status.BAD_REQUEST);
}
// confirm that at least one wrapping method exists
// There must be at least the wrapped session key method.
if ((data.getTransWrappedSessionKey() == null)) {
// log error
throw new WebApplicationException(Response.Status.BAD_REQUEST);
}
KeyRequestDAO reqDAO = new KeyRequestDAO();
KeyRequestInfo reqInfo;
try {
reqInfo = reqDAO.getRequest(reqId, uriInfo);
} catch (EBaseException e1) {
// failed to get request
e1.printStackTrace();
throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
}
if (reqInfo == null) {
// request not found
throw new WebApplicationException(Response.Status.GONE);
}
//confirm request is of the right type
String type = reqInfo.getRequestType();
if (!type.equals(IRequest.SECURITY_DATA_RECOVERY_REQUEST)) {
// log error
throw new WebApplicationException(Response.Status.BAD_REQUEST);
}
//confirm that agent is originator of request, else throw 401
// TO-DO
// confirm request is in approved state
String status = reqInfo.getRequestStatus();
if (!status.equals(RequestStatus.APPROVED.toString())) {
// log error
throw new WebApplicationException(Response.Status.UNAUTHORIZED);
}
return reqInfo.getKeyId();
}
}
|