Add CA AuthorityService to v2 API

base/ca/src/main/java/org/dogtagpki/server/ca/rest/v2/AuthorityServlet.java

@@ -0,0 +1,207 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package org.dogtagpki.server.ca.rest.v2;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.PrintWriter;
+import java.net.URLEncoder;
+import java.util.List;
+import java.util.stream.Collectors;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.dogtagpki.server.ca.rest.base.Authority;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.netscape.certsrv.authority.AuthorityData;
+import com.netscape.certsrv.base.BadRequestException;
+import com.netscape.certsrv.base.MediaType;
+import com.netscape.certsrv.base.RequestNotAcceptable;
+import com.netscape.certsrv.base.WebAction;
+import com.netscape.certsrv.util.JSONSerializer;
+
+/**
+ * @author Marco Fargetta {@literal <[email protected]>}
+ */
+@WebServlet(
+        name = "caAuthority",
+        urlPatterns = "/v2/authorities/*")
+public class AuthorityServlet extends CAServlet {
+    private static final long serialVersionUID = 1L;
+    private static Logger logger = LoggerFactory.getLogger(AuthorityServlet.class);
+
+    private Authority authority;
+
+    @Override
+    public void init() throws ServletException {
+        super.init();
+        authority = new Authority(engine);
+    }
+
+    @WebAction(method = HttpMethod.GET, paths = {""})
+    public void findCAs(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        HttpSession session = request.getSession();
+        logger.debug("AuthorityServlet.findCAs(): session: {}", session.getId());
+        String id = request.getParameter("id");
+        String parentID = request.getParameter("parentID");
+        String dn = request.getParameter("dn");
+        String issuerDN = request.getParameter("issuerDN");
+        List<AuthorityData> authorities;
+        try {
+            authorities = authority.findCAs(id, parentID, dn, issuerDN);
+        } catch (IOException e) {
+            throw new BadRequestException("DNs not valid");
+        }
+        PrintWriter out = response.getWriter();
+        ObjectMapper mapper = new ObjectMapper();
+        out.println(mapper.writeValueAsString(authorities));
+    }
+
+    @WebAction(method = HttpMethod.GET, paths = {"{}"})
+    public void getCA(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        HttpSession session = request.getSession();
+        logger.debug("AuthorityServlet.getCA(): session: {}", session.getId());
+        String[] pathElement = request.getPathInfo().substring(1).split("/");
+        String aid = pathElement[0];
+        AuthorityData ca = authority.getCA(aid);
+        PrintWriter out = response.getWriter();
+        out.println(ca.toJSON());
+    }
+
+    @WebAction(method = HttpMethod.GET, paths = {"{}/cert"})
+    public void getCert(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        HttpSession session = request.getSession();
+        logger.debug("AuthorityServlet.getCert(): session: {}", session.getId());
+        String[] pathElement = request.getPathInfo().substring(1).split("/");
+        String aid = pathElement[0];
+        String accept = request.getHeader("Accept");
+        if (accept == null)
+            accept = MediaType.ANYTYPE;
+
+        if (accept.contains(MediaType.APPLICATION_X_PEM_FILE)) {
+            response.setContentType(MediaType.APPLICATION_X_PEM_FILE);
+            String cert = authority.getPemCert(aid);
+            PrintWriter out = response.getWriter();
+            out.println(cert);
+            return;
+        }
+        if (accept.equals(MediaType.ANYTYPE) || accept.contains(MediaType.APPLICATION_PKIX_CERT)) {
+            response.setContentType(MediaType.APPLICATION_PKIX_CERT);
+            byte[] cert = authority.getBinaryCert(aid);
+            OutputStream out = response.getOutputStream();
+            out.write(cert);
+            return;
+        }
+        throw new RequestNotAcceptable("Certificate format not supported: " + accept);
+    }
+
+    @WebAction(method = HttpMethod.GET, paths = {"{}/chain"})
+    public void getChain(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        HttpSession session = request.getSession();
+        logger.debug("AuthorityServlet.getChain(): session: {}", session.getId());
+        String[] pathElement = request.getPathInfo().substring(1).split("/");
+        String aid = pathElement[0];
+        String accept = request.getHeader("Accept");
+        if (accept == null)
+            accept = MediaType.ANYTYPE;
+
+        if (accept.contains(MediaType.APPLICATION_X_PEM_FILE)) {
+            response.setContentType(MediaType.APPLICATION_X_PEM_FILE);
+            String cert = authority.getPemChain(aid);
+            PrintWriter out = response.getWriter();
+            out.println(cert);
+            return;
+        }
+        if (accept.equals(MediaType.ANYTYPE) || accept.contains(MediaType.APPLICATION_PKIX_CERT)) {
+            response.setContentType(MediaType.APPLICATION_PKIX_CERT);
+            byte[] cert = authority.getBinaryChain(aid);
+            OutputStream out = response.getOutputStream();
+            out.write(cert);
+            return;
+        }
+        throw new RequestNotAcceptable("Certificate format not supported: " + accept);
+    }
+
+    @WebAction(method = HttpMethod.POST, paths = {""})
+    public void createCA(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        HttpSession session = request.getSession();
+        logger.debug("AuthorityServlet.createCA(): session: {}", session.getId());
+        String requestData = request.getReader().lines().collect(Collectors.joining());
+        AuthorityData reqAuthority = JSONSerializer.fromJSON(requestData, AuthorityData.class);
+        AuthorityData newAuthhority = authority.createCA(reqAuthority);
+        String encodedGroupID = URLEncoder.encode(newAuthhority.getID(), "UTF-8");
+        StringBuffer uri = request.getRequestURL();
+        uri.append("/" + encodedGroupID);
+        response.setStatus(HttpServletResponse.SC_CREATED);
+        response.setHeader("Location", uri.toString());
+        PrintWriter out = response.getWriter();
+        out.println(newAuthhority.toJSON());
+    }
+
+    @WebAction(method = HttpMethod.PUT, paths = {"{}"})
+    public void modifyCA(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        HttpSession session = request.getSession();
+        logger.debug("AuthorityServlet.modifyCA(): session: {}", session.getId());
+        String[] pathElement = request.getPathInfo().substring(1).split("/");
+        String aid = pathElement[0];
+        String requestData = request.getReader().lines().collect(Collectors.joining());
+        AuthorityData reqAuthority = JSONSerializer.fromJSON(requestData, AuthorityData.class);
+        AuthorityData newAuthhority = authority.modifyCA(aid, reqAuthority);
+        PrintWriter out = response.getWriter();
+        out.println(newAuthhority.toJSON());
+    }
+
+    @WebAction(method = HttpMethod.DELETE, paths = {"{}"})
+    public void deleteCA(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        HttpSession session = request.getSession();
+        logger.debug("AuthorityServlet.deleteCA(): session: {}", session.getId());
+        String[] pathElement = request.getPathInfo().substring(1).split("/");
+        String aid = pathElement[0];
+        authority.deleteCA(aid, request);
+        response.setStatus(HttpServletResponse.SC_NO_CONTENT);
+    }
+
+    @WebAction(method = HttpMethod.POST, paths = {"{}/enable"})
+    public void enableCA(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        HttpSession session = request.getSession();
+        logger.debug("AuthorityServlet.enableCA(): session: {}", session.getId());
+        String[] pathElement = request.getPathInfo().substring(1).split("/");
+        String aid = pathElement[0];
+        AuthorityData reqAuthority = new AuthorityData(null, null, null, null, null, null, true, null, null);
+        AuthorityData newAuthhority = authority.modifyCA(aid, reqAuthority);
+        PrintWriter out = response.getWriter();
+        out.println(newAuthhority.toJSON());
+    }
+
+    @WebAction(method = HttpMethod.POST, paths = {"{}/disable"})
+    public void disableCA(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        HttpSession session = request.getSession();
+        logger.debug("AuthorityServlet.disableCA(): session: {}", session.getId());
+        String[] pathElement = request.getPathInfo().substring(1).split("/");
+        String aid = pathElement[0];
+        AuthorityData reqAuthority = new AuthorityData(null, null, null, null, null, null, false, null, null);
+        AuthorityData newAuthhority = authority.modifyCA(aid, reqAuthority);
+        PrintWriter out = response.getWriter();
+        out.println(newAuthhority.toJSON());
+    }
+
+    @WebAction(method = HttpMethod.POST, paths = {"{}/renew"})
+    public void renewCA(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        HttpSession session = request.getSession();
+        logger.debug("AuthorityServlet.renewCA(): session: {}", session.getId());
+        String[] pathElement = request.getPathInfo().substring(1).split("/");
+        String aid = pathElement[0];
+        authority.renewCA(aid, request);
+        response.setStatus(HttpServletResponse.SC_NO_CONTENT);
+    }
+}

base/ca/src/main/java/org/dogtagpki/server/ca/rest/v2/CAServlet.java

@@ -6,6 +6,7 @@
 package org.dogtagpki.server.ca.rest.v2;
 
 import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
 
 import org.dogtagpki.server.ca.CAEngine;
 import org.dogtagpki.server.rest.v2.PKIServlet;
@@ -15,8 +16,18 @@
  */
 public class CAServlet extends PKIServlet {
     public static final long serialVersionUID = 1L;
+    protected CAEngine engine;
+
+    @Override
+    public void init() throws ServletException {
+        super.init();
+        engine = getCAEngine();
+    }
+
 
     public CAEngine getCAEngine() {
+        if (engine != null)
+            return engine;
         ServletContext servletContext = getServletContext();
         return (CAEngine) servletContext.getAttribute("engine");
     }

base/ca/src/main/java/org/dogtagpki/server/ca/rest/v2/filters/AgentCertACL.java

@@ -18,5 +18,4 @@ public class AgentCertACL extends ACLFilter {
     public void init() throws ServletException {
         setAcl("certs");
     }
-
 }

base/ca/src/main/java/org/dogtagpki/server/ca/rest/v2/filters/AuthorityACL.java

@@ -0,0 +1,36 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package org.dogtagpki.server.ca.rest.v2.filters;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebFilter;
+
+import org.dogtagpki.server.rest.v2.filters.ACLFilter;
+
+@WebFilter(servletNames = "caAuthority")
+public class AuthorityACL extends ACLFilter {
+    private static final long serialVersionUID = 1L;
+
+    private static final String CREATE = "authorities.create";
+    private static final String MODIFY = "authorities.modify";
+    private static final String DELETE = "authorities.delete";
+
+    @Override
+    public void init() throws ServletException {
+        Map<String, String> aclMap = new HashMap<>();
+        aclMap.put("POST:", CREATE);
+        aclMap.put("PUT:{}", MODIFY);
+        aclMap.put("DELETE:{}", DELETE);
+        aclMap.put("POST:{}/enable", MODIFY);
+        aclMap.put("POST:{}/disable", MODIFY);
+        aclMap.put("POST:{}/renew", MODIFY);
+        setAclMap(aclMap);
+    }
+
+}

base/ca/src/main/java/org/dogtagpki/server/ca/rest/v2/filters/AuthorityAuthMethod.java

@@ -0,0 +1,34 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package org.dogtagpki.server.ca.rest.v2.filters;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebFilter;
+
+import org.dogtagpki.server.rest.v2.filters.AuthMethodFilter;
+
+@WebFilter(servletNames = "caAuthority")
+public class AuthorityAuthMethod extends AuthMethodFilter {
+    private static final long serialVersionUID = 1L;
+
+    private static final String AUTHORITIES = "authorities";
+
+    @Override
+    public void init() throws ServletException {
+        Map<String, String> authMethodMap = new HashMap<>();
+        authMethodMap.put("POST:", AUTHORITIES);
+        authMethodMap.put("PUT:{}", AUTHORITIES);
+        authMethodMap.put("DELETE:{}", AUTHORITIES);
+        authMethodMap.put("POST:{}/enable", AUTHORITIES);
+        authMethodMap.put("POST:{}/disable", AUTHORITIES);
+        authMethodMap.put("POST:{}/renew", AUTHORITIES);
+        setAuthMethodMap(authMethodMap);
+    }
+
+}

base/common/src/main/java/com/netscape/certsrv/base/MediaType.java

@@ -0,0 +1,20 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package com.netscape.certsrv.base;
+
+/**
+ * @author Marco Fargetta {@literal <[email protected]>}
+ */
+public class MediaType {
+
+    public static final String ANYTYPE = "*/*";
+
+    public static final String APPLICATION_JSON = "application/json";
+
+    public static final String APPLICATION_PKIX_CERT = "application/pkix-cert";
+
+    public static final String APPLICATION_X_PEM_FILE = "application/x-pem-file";
+}

base/common/src/main/java/com/netscape/certsrv/base/RequestNotAcceptable.java

@@ -0,0 +1,29 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package com.netscape.certsrv.base;
+
+import javax.ws.rs.core.Response;
+
+/**
+ * @author Marco Fargetta {@literal <[email protected]>}
+ */
+public class RequestNotAcceptable extends PKIException {
+
+    private static final long serialVersionUID = 1L;
+
+    public RequestNotAcceptable(String message) {
+        super(Response.Status.NOT_ACCEPTABLE, message);
+    }
+
+    public RequestNotAcceptable(String message, Throwable cause) {
+        super(Response.Status.NOT_ACCEPTABLE, message, cause);
+    }
+
+    public RequestNotAcceptable(Data data) {
+        super(data);
+    }
+
+}

base/common/src/main/java/com/netscape/certsrv/base/UnsupportedMediaType.java

@@ -0,0 +1,29 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package com.netscape.certsrv.base;
+
+import javax.ws.rs.core.Response;
+
+/**
+ * @author Marco Fargetta {@literal <[email protected]>}
+ */
+public class UnsupportedMediaType extends PKIException {
+
+    private static final long serialVersionUID = 1L;
+
+    public UnsupportedMediaType(String message) {
+        super(Response.Status.UNSUPPORTED_MEDIA_TYPE, message);
+    }
+
+    public UnsupportedMediaType(String message, Throwable cause) {
+        super(Response.Status.UNSUPPORTED_MEDIA_TYPE, message, cause);
+    }
+
+    public UnsupportedMediaType(Data data) {
+        super(data);
+    }
+
+}