From 34257e5e46a6e1cf7e9cbf42c2a4332d36f256c6 Mon Sep 17 00:00:00 2001 From: Marco Fargetta Date: Tue, 13 Aug 2024 15:29:15 +0200 Subject: [PATCH] Add TKS TPSConnectorService to v2 APIs --- .../system/TPSConnectorCollection.java | 3 +- .../tks/rest/base/TPSConnectorProcessor.java | 510 ++++++++++++++++++ .../server/tks/rest/v2/TKSServlet.java | 11 + .../tks/rest/v2/TPSConnectorServlet.java | 175 ++++++ .../tks/rest/v2/filters/TPSConnectorACL.java | 25 + .../v2/filters/TPSConnectorAuthMethod.java | 16 + 6 files changed, 739 insertions(+), 1 deletion(-) create mode 100644 base/tks/src/main/java/org/dogtagpki/server/tks/rest/base/TPSConnectorProcessor.java create mode 100644 base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/TPSConnectorServlet.java create mode 100644 base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/filters/TPSConnectorACL.java create mode 100644 base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/filters/TPSConnectorAuthMethod.java diff --git a/base/common/src/main/java/com/netscape/certsrv/system/TPSConnectorCollection.java b/base/common/src/main/java/com/netscape/certsrv/system/TPSConnectorCollection.java index 43ad59a648b..5b117a4c5b2 100644 --- a/base/common/src/main/java/com/netscape/certsrv/system/TPSConnectorCollection.java +++ b/base/common/src/main/java/com/netscape/certsrv/system/TPSConnectorCollection.java @@ -6,10 +6,11 @@ import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonInclude.Include; import com.netscape.certsrv.base.DataCollection; +import com.netscape.certsrv.util.JSONSerializer; @JsonInclude(Include.NON_NULL) @JsonIgnoreProperties(ignoreUnknown=true) -public class TPSConnectorCollection extends DataCollection { +public class TPSConnectorCollection extends DataCollection implements JSONSerializer{ @Override public Collection getEntries() { diff --git a/base/tks/src/main/java/org/dogtagpki/server/tks/rest/base/TPSConnectorProcessor.java b/base/tks/src/main/java/org/dogtagpki/server/tks/rest/base/TPSConnectorProcessor.java new file mode 100644 index 00000000000..9afc5f54d67 --- /dev/null +++ b/base/tks/src/main/java/org/dogtagpki/server/tks/rest/base/TPSConnectorProcessor.java @@ -0,0 +1,510 @@ +package org.dogtagpki.server.tks.rest.base; + +import java.security.InvalidKeyException; +import java.security.Principal; +import java.security.cert.X509Certificate; +import java.util.Collection; +import java.util.Iterator; +import java.util.List; +import java.util.TreeSet; + +import org.apache.commons.lang3.StringUtils; +import org.dogtagpki.server.tks.TKSEngine; +import org.dogtagpki.server.tks.TKSEngineConfig; +import org.dogtagpki.server.tks.TPSConnectorConfig; +import org.mozilla.jss.NotInitializedException; +import org.mozilla.jss.crypto.KeyGenAlgorithm; +import org.mozilla.jss.crypto.SymmetricKey; +import org.mozilla.jss.crypto.TokenException; +import org.mozilla.jss.netscape.security.util.Utils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.netscape.certsrv.base.BadRequestException; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.base.ResourceNotFoundException; +import com.netscape.certsrv.base.UnauthorizedException; +import com.netscape.certsrv.key.KeyData; +import com.netscape.certsrv.system.TPSConnectorCollection; +import com.netscape.certsrv.system.TPSConnectorData; +import com.netscape.cmscore.usrgrp.UGSubsystem; +import com.netscape.cmscore.usrgrp.User; +import com.netscape.cmsutil.crypto.CryptoUtil; +/** + * @author Marco Fargetta {@literal } + * @author alee + */ +public class TPSConnectorProcessor { + private static final Logger logger = LoggerFactory.getLogger(TPSConnectorProcessor.class); + private static final int AES_SESS_KEYSIZE = 128; + + private TKSEngine engine; + private TKSEngineConfig config; + private UGSubsystem userGroupManager; + + public TPSConnectorProcessor(TKSEngine engine) { + this.engine = engine; + config = engine.getConfig(); + userGroupManager = engine.getUGSubsystem(); + } + + public TPSConnectorCollection findConnectors(String host, String port, int start, int size) { + logger.info("TPSConnectorProcessor: Finding TPS connectors for {}:{}", host, port); + + try { + + Collection tpsList = config.getTPSConnectorIDs(); + Iterator entries = tpsList.iterator(); + + TPSConnectorCollection response = new TPSConnectorCollection(); + int i = 0; + + // skip to the start of the page + for (; i < start && entries.hasNext(); i++) + entries.next(); + + // return entries up to the page size + for (; i < start + size && entries.hasNext(); i++) { + TPSConnectorData connector = createTPSConnectorData(entries.next()); + + if (host != null && !host.equals(connector.getHost())) { + continue; + } + + if (port != null && !port.equals(connector.getPort())) { + continue; + } + + response.addEntry(connector); + } + + // count the total entries + for (; entries.hasNext(); i++) + entries.next(); + response.setTotal(i); + return response; + } catch (EBaseException e) { + logger.error("TPSConnectorProcessor: Unable to find TPS connectors: " + e.getMessage(), e); + throw new PKIException("Unable to find TPS connectors: " + e.getMessage(), e); + } + } + + public TPSConnectorData createConnector(Principal principal, String host, String port) { + logger.info("TPSConnectorProcessor: Creating TPS connector for {}:{}", host, port); + + if (host == null) + throw new BadRequestException("TPS connector host is null."); + if (port == null) + throw new BadRequestException("TPS connector port is null."); + if (principal == null || principal.getName() == null || principal.getName().isBlank()) { + throw new UnauthorizedException("User credentials not provided"); + } + + try { + String id = getConnectorID(host, port); + if (id != null) { + throw new BadRequestException("TPS connection already exists. ID: " + id); + } + String newID = findNextConnectorID(); + + TPSConnectorData newData = new TPSConnectorData(); + newData.setID(newID); + newData.setHost(host); + newData.setPort(port); + newData.setUserID("TPS-" + host + "-" + port); + saveClientData(newData); + + addToConnectorList(newID); + config.commit(true); + + return newData; + + } catch (EBaseException e) { + logger.error("TPSConnectorProcessor: Unable to create new TPS connector: " + e.getMessage(), e); + throw new PKIException("Unable to create new TPS connector: " + e.getMessage(), e); + } + } + + public void deleteConnector(String host, String port) { + logger.info("TPSConnectorProcessor: Deleting TPS connector for {}:{}", host, port); + + if (host == null) + throw new BadRequestException("TPS connector host is null."); + if (port == null) + throw new BadRequestException("TPS connector port is null."); + + String id; + try { + id = getConnectorID(host, port); + deleteConnector(id); + } catch (EBaseException e) { + logger.error("TPSConnectorProcessor: Failed to delete TPS connector: " + e.getMessage(), e); + throw new PKIException("Failed to delete TPS connector: " + e.getMessage(), e); + } + } + + public void deleteConnector(String id) { + logger.info("TPSConnectorProcessor: Deleting TPS connector {}", id); + + try { + if (StringUtils.isEmpty(id)) + throw new BadRequestException("Attempt to delete TPS connection with null or empty id"); + + if (!connectorExists(id)) + return; + + deleteSharedSecret(id); + config.removeTPSConnectorConfig(id); + removeFromConnectorList(id); + config.commit(true); + } catch (EBaseException e) { + logger.error("TPSConnectorProcessor: Failed to delete TPS connector: " + e.getMessage(), e); + throw new PKIException("Failed to delete TPS connector: " + e.getMessage(), e); + } + } + + public TPSConnectorData getConnector(String id) { + logger.info("TPSConnectorProcessor: Getting TPS connector {}", id); + + if (id == null) + throw new BadRequestException("TPS connector ID is null."); + + try { + if (!connectorExists(id)) + throw new ResourceNotFoundException("Connector " + id + " not found."); + + return createTPSConnectorData(id); + + } catch (EBaseException e) { + logger.error("TPSConnectorProcessor: Unable to get TPS connector: " + e.getMessage(), e); + throw new PKIException("Unable to get TPS connector: " + e.getMessage(), e); + } + } + + public TPSConnectorData updateConnector(String id, TPSConnectorData data) { + logger.info("TPSConnectorProcessor: Updatign TPS connector {}", id); + + try { + if (id == null) { + throw new BadRequestException("Invalid connector ID"); + } + + if (data == null) { + throw new BadRequestException("Invalid connector data"); + } + + if (!connectorExists(id)) { + throw new ResourceNotFoundException("TPS connection does not exist"); + } + + // Note: we are deliberately NOT allowing the userid to be modified by the + // admin here, because this is what maps to a user cert to retrieve the shared + // secret + if ((data.getUserID() != null) || (data.getNickname() != null)) { + throw new UnauthorizedException("Cannot change userid or nickname using this interface"); + } + TPSConnectorData curData = getConnector(id); + curData.setHost(data.getHost()); + curData.setPort(data.getPort()); + + saveClientData(curData); + config.commit(true); + + return curData; + + } catch (EBaseException e) { + logger.error("TPSConnectorProcessor: Unable to update TPS connector: " + e.getMessage(), e); + throw new PKIException("Unable to update TPS connector: " + e.getMessage(), e); + } + } + + public KeyData getSharedSecret(Principal principal, String id) { + logger.info("TPSConnectorProcessor: Getting shared secret for {}", id); + + if (id == null) + throw new BadRequestException("TPS connector ID is null."); + + try { + if (!connectorExists(id)) { + throw new ResourceNotFoundException("TPS connection does not exist"); + } + + // get and validate user + String userid = validateUser(principal, id); + + String nickname = userid + " sharedSecret"; + if (!CryptoUtil.sharedSecretExists(nickname)) { + return null; + } + + // get user cert + User user = userGroupManager.getUser(userid); + X509Certificate[] certs = user.getX509Certificates(); + + //Create aes session sym key to wrap the shared secrt. + SymmetricKey tempKey = CryptoUtil.createAESSessionKeyOnInternal(AES_SESS_KEYSIZE); + + if (tempKey == null) { + return null; + } + + List listWrappedKeys = CryptoUtil.exportSharedSecret(nickname, certs[certs.length -1], tempKey, getUseOAEPKeyWrap()); + byte[] wrappedSessionKey = listWrappedKeys.get(0); + byte[] wrappedSharedSecret = listWrappedKeys.get(1); + + KeyData keyData = new KeyData(); + keyData.setWrappedPrivateData(Utils.base64encodeSingleLine(wrappedSessionKey)); + keyData.setAdditionalWrappedPrivateData(Utils.base64encodeSingleLine(wrappedSharedSecret)); + + return keyData; + + } catch (Exception e) { + logger.error("TPSConnectorProcessor: Unable to obtain shared secret: " + e.getMessage(), e); + throw new PKIException("Unable to obtain shared secret: " + e.getMessage(), e); + } + } + + public KeyData createSharedSecret(Principal principal, String id) { + logger.info("TPSConnectorProcessor: Creating shared secret for {}", id); + + if (id == null) + throw new BadRequestException("TPS connector ID is null."); + + try { + if (!connectorExists(id)) { + throw new ResourceNotFoundException("TPS connection does not exist"); + } + + // get and validate user + String userid = validateUser(principal, id); + + // get user cert + User user = userGroupManager.getUser(userid); + + logger.debug("TPSConnectorProcessor.createSharedSecret.userid: {}", userid); + X509Certificate[] certs = user.getX509Certificates(); + + String nickname = userid + " sharedSecret"; + + logger.debug("TPSConnectorProcessor.createSharedSecret. nickname: {}", nickname); + if (CryptoUtil.sharedSecretExists(nickname)) { + throw new BadRequestException("Shared secret already exists"); + } + + CryptoUtil.createSharedSecret(nickname, KeyGenAlgorithm.AES, AES_SESS_KEYSIZE); + + TPSConnectorConfig tpsConfig = config.getTPSConnectorConfig(id); + tpsConfig.setNickname(nickname); + config.commit(true); + + //Create aes session sym key to wrap the shared secret. + SymmetricKey tempKey = CryptoUtil.createAESSessionKeyOnInternal(AES_SESS_KEYSIZE); + + if (tempKey == null) { + return null; + } + + logger.debug("TPSConnectorProcessor.createSharedSecret. about to export shared secret: {} certs.length {}", nickname, certs.length); + logger.debug("TPSConnectorProcessor.createSharedSecert cert: {}", certs[certs.length -1]); + List listWrappedKeys = CryptoUtil.exportSharedSecret(nickname, certs[certs.length -1], tempKey, getUseOAEPKeyWrap()); + logger.debug("TPSConnectorProcessor.createSharedSecret. done exporting shared secret: {}", nickname); + + byte[] wrappedSessionKey = listWrappedKeys.get(0); + byte[] wrappedSharedSecret = listWrappedKeys.get(1); + + KeyData keyData = new KeyData(); + keyData.setWrappedPrivateData(Utils.base64encodeSingleLine(wrappedSessionKey)); + keyData.setAdditionalWrappedPrivateData(Utils.base64encodeSingleLine(wrappedSharedSecret)); + + return keyData; + + } catch (Exception e) { + logger.error("TPSConnectorProcessor: Unable to generate and export shared secret: " + e.getMessage(), e); + throw new PKIException("Unable to generate and export shared secret: " + e.getMessage(), e); + } + } + + public KeyData replaceSharedSecret(Principal principal, String id) { + logger.info("TPSConnectorProcessor: Replacing shared secret for {}", id); + + if (id == null) + throw new BadRequestException("TPS connector ID is null."); + + try { + if (!connectorExists(id)) { + throw new ResourceNotFoundException("TPS connection does not exist"); + } + + // get and validate user + String userid = validateUser(principal, id); + + String nickname = userid + " sharedSecret"; + if (!CryptoUtil.sharedSecretExists(nickname)) { + throw new BadRequestException("Cannot replace. Shared secret does not exist"); + } + + // get user cert + User user = userGroupManager.getUser(userid); + X509Certificate[] certs = user.getX509Certificates(); + + CryptoUtil.deleteSharedSecret(nickname); + CryptoUtil.createSharedSecret(nickname); + + //Create aes session sym key to wrap the shared secret. + SymmetricKey tempKey = CryptoUtil.createAESSessionKeyOnInternal(AES_SESS_KEYSIZE); + + if (tempKey == null) { + return null; + } + + List listWrappedKeys = CryptoUtil.exportSharedSecret(nickname,certs[certs.length -1], tempKey, getUseOAEPKeyWrap()); + + byte[] wrappedSessionKey = listWrappedKeys.get(0); + byte[] wrappedSharedSecret = listWrappedKeys.get(1); + + KeyData keyData = new KeyData(); + keyData.setWrappedPrivateData(Utils.base64encodeSingleLine(wrappedSessionKey)); + keyData.setAdditionalWrappedPrivateData(Utils.base64encodeSingleLine(wrappedSharedSecret)); + + return keyData; + + } catch (Exception e) { + logger.error("TPSConnectorProcessor: Unable to replace shared secret: " + e.getMessage(), e); + throw new PKIException("Unable to replace shared secret: " + e.getMessage(), e); + } + } + + public void deleteSharedSecret(String id) { + logger.info("TPSConnectorProcessor: Deleting shared secret for {}", id); + + if (id == null) + throw new BadRequestException("TPS connector ID is null."); + + try { + if (!connectorExists(id)) { + throw new ResourceNotFoundException("TPS connection does not exist"); + } + + TPSConnectorConfig tpsConfig = config.getTPSConnectorConfig(id); + + // get user + String userid = tpsConfig.getUserID(); + if (userid.isEmpty()) { + throw new PKIException("Bad TPS connection configuration: userid not defined"); + } + + String nickname = userid + " sharedSecret"; + if (!CryptoUtil.sharedSecretExists(nickname)) { + return; + } + CryptoUtil.deleteSharedSecret(nickname); + + tpsConfig.setNickname(""); + config.commit(true); + + } catch (InvalidKeyException | IllegalStateException | EBaseException + | NotInitializedException | TokenException e) { + logger.error("TPSConnectorProcessor: Unable to delete shared secret: " + e.getMessage(), e); + throw new PKIException("Unable to delete shared secret: " + e.getMessage(), e); + } + } + + private TPSConnectorData createTPSConnectorData(String tpsID) throws EBaseException { + + TPSConnectorConfig tpsConfig = config.getTPSConnectorConfig(tpsID); + + TPSConnectorData data = new TPSConnectorData(); + data.setID(tpsID); + data.setHost(tpsConfig.getHost()); + data.setPort(tpsConfig.getPort()); + data.setUserID(tpsConfig.getUserID()); + data.setNickname(tpsConfig.getNickname()); + return data; + } + + private String getConnectorID(String host, String port) throws EBaseException { + Collection tpsList = config.getTPSConnectorIDs(); + for (String tpsID : tpsList) { + TPSConnectorData data = createTPSConnectorData(tpsID); + if (data.getHost().equals(host) && data.getPort().equals(port)) + return tpsID; + } + return null; + } + + private String findNextConnectorID() throws EBaseException { + Collection tpsList = config.getTPSConnectorIDs(); + Collection sorted = new TreeSet<>(); + sorted.addAll(tpsList); + + int index = 0; + while (sorted.contains(Integer.toString(index))) + index++; + return Integer.toString(index); + } + + private void saveClientData(TPSConnectorData newData) { + String id = newData.getID(); + if (StringUtils.isEmpty(id)) { + logger.warn("TPSConnectorProcessor: Attempt to save tps connection with null or empty id"); + return; + } + + TPSConnectorConfig tpsConfig = config.getTPSConnectorConfig(id); + + if (newData.getHost() != null) + tpsConfig.setHost(newData.getHost()); + if (newData.getPort() != null) + tpsConfig.setPort(newData.getPort()); + if (newData.getUserID() != null) + tpsConfig.setUserID(newData.getUserID()); + if (newData.getNickname() != null) + tpsConfig.setNickname(newData.getNickname()); + } + + private void addToConnectorList(String id) throws EBaseException { + Collection tpsList = config.getTPSConnectorIDs(); + Collection sorted = new TreeSet<>(); + sorted.addAll(tpsList); + sorted.add(id); + config.setTPSConnectorIDs(sorted); + } + + private boolean connectorExists(String id) throws EBaseException { + Collection tpsList = config.getTPSConnectorIDs(); + return tpsList.contains(id); + } + + private void removeFromConnectorList(String id) throws EBaseException { + Collection tpsList = config.getTPSConnectorIDs(); + Collection sorted = new TreeSet<>(); + sorted.addAll(tpsList); + sorted.remove(id); + config.setTPSConnectorIDs(sorted); + } + + private String validateUser(Principal principal, String id) throws EBaseException { + TPSConnectorConfig tpsConfig = config.getTPSConnectorConfig(id); + String userid = tpsConfig.getUserID(); + if (userid.isEmpty()) { + throw new PKIException("Bad TPS connection configuration: userid not defined"); + } + + if (principal == null || principal.getName() == null || principal.getName().isBlank()) { + throw new UnauthorizedException("User credentials not provided"); + } + + String uid = principal.getName(); + if (!uid.equals(userid)) { + throw new UnauthorizedException("TPS Connection belongs to another user"); + } + return userid; + } + + private boolean getUseOAEPKeyWrap() throws EBaseException { + boolean useOAEPKeyWrap = config.getBoolean("keyWrap.useOAEP",false); + logger.debug("TPSConnectorProcessor.createSharedSecret.getUseOAEPKeyWrap: {}", useOAEPKeyWrap); + return useOAEPKeyWrap; + } +} \ No newline at end of file diff --git a/base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/TKSServlet.java b/base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/TKSServlet.java index 2b0b8100f66..ce0756a2bac 100644 --- a/base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/TKSServlet.java +++ b/base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/TKSServlet.java @@ -6,6 +6,7 @@ package org.dogtagpki.server.tks.rest.v2; import javax.servlet.ServletContext; +import javax.servlet.ServletException; import org.dogtagpki.server.rest.v2.PKIServlet; import org.dogtagpki.server.tks.TKSEngine; @@ -16,6 +17,16 @@ public class TKSServlet extends PKIServlet { public static final long serialVersionUID = 1L; + protected TKSEngine engine; + + @Override + public void init() throws ServletException { + super.init(); + + engine = getTKSEngine(); + } + + public TKSEngine getTKSEngine() { ServletContext servletContext = getServletContext(); return (TKSEngine) servletContext.getAttribute("engine"); diff --git a/base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/TPSConnectorServlet.java b/base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/TPSConnectorServlet.java new file mode 100644 index 00000000000..631a6d7fd3c --- /dev/null +++ b/base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/TPSConnectorServlet.java @@ -0,0 +1,175 @@ +// +// Copyright Red Hat, Inc. +// +// SPDX-License-Identifier: GPL-2.0-or-later +// +package org.dogtagpki.server.tks.rest.v2; + +import java.io.PrintWriter; +import java.net.URLEncoder; +import java.util.stream.Collectors; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.dogtagpki.server.tks.rest.base.TPSConnectorProcessor; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.netscape.certsrv.base.WebAction; +import com.netscape.certsrv.key.KeyData; +import com.netscape.certsrv.system.TPSConnectorCollection; +import com.netscape.certsrv.system.TPSConnectorData; +import com.netscape.certsrv.util.JSONSerializer; + +/** + * @author Marco Fargetta {@literal } + */ +@WebServlet( + name = "tksTPSConnector", + urlPatterns = "/v2/admin/tps-connectors/*") +public class TPSConnectorServlet extends TKSServlet { + private static final long serialVersionUID = 1L; + private static final Logger logger = LoggerFactory.getLogger(TPSConnectorServlet.class); + + private TPSConnectorProcessor tpsConnector; + + @Override + public void init() throws ServletException { + super.init(); + tpsConnector = new TPSConnectorProcessor(engine); + } + + @WebAction(method = HttpMethod.GET, paths = {""}) + public void findConnectors(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("TPSConnectorServlet.findConnectors(): session: {}", session.getId()); + int size = request.getParameter("pageSize") == null ? + DEFAULT_SIZE : Integer.parseInt(request.getParameter("pageSize")); + int start = request.getParameter("start") == null ? 0 : Integer.parseInt(request.getParameter("start")); + String host = request.getParameter("host"); + String port = request.getParameter("port"); + TPSConnectorCollection connectors = tpsConnector.findConnectors(host, port, start, size); + PrintWriter out = response.getWriter(); + out.println(connectors.toJSON()); + } + + @WebAction(method = HttpMethod.POST, paths = {""}) + public void createConnector(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("TPSConnectorServlet.createConnector(): session: {}", session.getId()); + String host = request.getParameter("host"); + String port = request.getParameter("port"); + TPSConnectorData newConnector = tpsConnector.createConnector(request.getUserPrincipal(), host, port); + response.setStatus(HttpServletResponse.SC_CREATED); + String encodedID = URLEncoder.encode(newConnector.getID(), "UTF-8"); + StringBuffer uri = request.getRequestURL(); + uri.append("/" + encodedID); + response.setHeader("Location", uri.toString()); + PrintWriter out = response.getWriter(); + out.println(newConnector.toJSON()); + } + + @WebAction(method = HttpMethod.DELETE, paths = {""}) + public void deleteConnectorByHost(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("TPSConnectorServlet.deleteConnectorByHost(): session: {}", session.getId()); + String host = request.getParameter("host"); + String port = request.getParameter("port"); + tpsConnector.deleteConnector(host, port); + response.setStatus(HttpServletResponse.SC_NO_CONTENT); + } + + @WebAction(method = HttpMethod.GET, paths = {"{}"}) + public void getConnector(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("TPSConnectorServlet.getConnector(): session: {}", session.getId()); + String[] pathElement = request.getPathInfo().substring(1).split("/"); + String id = pathElement[0]; + TPSConnectorData connector = tpsConnector.getConnector(id); + PrintWriter out = response.getWriter(); + out.println(connector.toJSON()); + } + + @WebAction(method = HttpMethod.POST, paths = {"{}"}) + public void modifyConnector(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("TPSConnectorServlet.modifyConnector(): session: {}", session.getId()); + String[] pathElement = request.getPathInfo().substring(1).split("/"); + String id = pathElement[0]; + String requestData = request.getReader().lines().collect(Collectors.joining()); + TPSConnectorData data = JSONSerializer.fromJSON(requestData, TPSConnectorData.class); + TPSConnectorData connector = tpsConnector.updateConnector(id, data); + PrintWriter out = response.getWriter(); + out.println(connector.toJSON()); + } + + @WebAction(method = HttpMethod.DELETE, paths = {"{}"}) + public void deleteConnector(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("TPSConnectorServlet.deleteConnector(): session: {}", session.getId()); + String[] pathElement = request.getPathInfo().substring(1).split("/"); + String id = pathElement[0]; + tpsConnector.deleteConnector(id); + response.setStatus(HttpServletResponse.SC_NO_CONTENT); + } + + @WebAction(method = HttpMethod.GET, paths = {"{}/shared-secret"}) + public void getSharedSecret(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("TPSConnectorServlet.getSharedSecret(): session: {}", session.getId()); + String[] pathElement = request.getPathInfo().substring(1).split("/"); + String id = pathElement[0]; + KeyData key = tpsConnector.getSharedSecret(request.getUserPrincipal(), id); + if (key == null) { + response.setStatus(HttpServletResponse.SC_NO_CONTENT); + return; + } + PrintWriter out = response.getWriter(); + out.println(key.toJSON()); + + } + + @WebAction(method = HttpMethod.POST, paths = {"{}/shared-secret"}) + public void createSharedSecret(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("TPSConnectorServlet.createSharedSecret(): session: {}", session.getId()); + String[] pathElement = request.getPathInfo().substring(1).split("/"); + String id = pathElement[0]; + KeyData key = tpsConnector.createSharedSecret(request.getUserPrincipal(), id); + if (key == null) { + response.setStatus(HttpServletResponse.SC_NO_CONTENT); + return; + } + PrintWriter out = response.getWriter(); + out.println(key.toJSON()); + } + + @WebAction(method = HttpMethod.PUT, paths = {"{}/shared-secret"}) + public void replaceSharedSecret(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("TPSConnectorServlet.replaceSharedSecret(): session: {}", session.getId()); + String[] pathElement = request.getPathInfo().substring(1).split("/"); + String id = pathElement[0]; + KeyData key = tpsConnector.replaceSharedSecret(request.getUserPrincipal(), id); + if (key == null) { + response.setStatus(HttpServletResponse.SC_NO_CONTENT); + return; + } + PrintWriter out = response.getWriter(); + out.println(key.toJSON()); + } + + @WebAction(method = HttpMethod.DELETE, paths = {"{}/shared-secret"}) + public void deleteSharedSecret(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("TPSConnectorServlet.deleteSharedSecret(): session: {}", session.getId()); + String[] pathElement = request.getPathInfo().substring(1).split("/"); + String id = pathElement[0]; + tpsConnector.deleteSharedSecret(id); + response.setStatus(HttpServletResponse.SC_NO_CONTENT); + } +} diff --git a/base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/filters/TPSConnectorACL.java b/base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/filters/TPSConnectorACL.java new file mode 100644 index 00000000000..f4c47817229 --- /dev/null +++ b/base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/filters/TPSConnectorACL.java @@ -0,0 +1,25 @@ +package org.dogtagpki.server.tks.rest.v2.filters; + +import java.util.HashMap; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebFilter; + +import org.dogtagpki.server.rest.v2.filters.ACLFilter; + +@WebFilter(servletNames = "tksTPSConnector") +public class TPSConnectorACL extends ACLFilter { + private static final long serialVersionUID = 1L; + private static final String ADMIN_SHARED_SECRET = "admin.sharedsecret"; + + @Override + public void init() throws ServletException { + Map aclMap = new HashMap<>(); + aclMap.put("GET:{}/shared-secret", ADMIN_SHARED_SECRET); + aclMap.put("POST:{}/shared-secret", ADMIN_SHARED_SECRET); + aclMap.put("PUT:{}/shared-secret", ADMIN_SHARED_SECRET); + aclMap.put("DELETE:{}/shared-secret", ADMIN_SHARED_SECRET); + setAclMap(aclMap); + } +} diff --git a/base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/filters/TPSConnectorAuthMethod.java b/base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/filters/TPSConnectorAuthMethod.java new file mode 100644 index 00000000000..4b7173919e5 --- /dev/null +++ b/base/tks/src/main/java/org/dogtagpki/server/tks/rest/v2/filters/TPSConnectorAuthMethod.java @@ -0,0 +1,16 @@ +package org.dogtagpki.server.tks.rest.v2.filters; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebFilter; + +import org.dogtagpki.server.rest.v2.filters.AuthMethodFilter; + +@WebFilter(servletNames = "tksTPSConnector") +public class TPSConnectorAuthMethod extends AuthMethodFilter{ + private static final long serialVersionUID = 1L; + + @Override + public void init() throws ServletException { + setAuthMethod("tpsconnectors"); + } +}