Skip to content

Commit

Permalink
Add KRA KeyRequestService to v2 APIs
Browse files Browse the repository at this point in the history
  • Loading branch information
@fmarco76
fmarco76 committed Aug 12, 2024
1 parent e7281d0 commit b27d24c
Show file tree
Hide file tree
Showing 7 changed files with 1,259 additions and 42 deletions.
6 changes: 6 additions & 0 deletions base/common/src/main/java/com/netscape/certsrv/base/RESTMessage.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,12 @@ public RESTMessage(MultivaluedMap<String, String> form) {
}
}

public RESTMessage(Map<String, String[]> parameterMap) {
for(String key: parameterMap.keySet()) {
attributes.put(key, parameterMap.get(key)[0]);
}
}

@JsonProperty("ClassName")
public String getClassName() {
return className;
Expand Down
81 changes: 40 additions & 41 deletions base/kra/src/main/java/org/dogtagpki/server/kra/rest/base/KeyProcessor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,11 +90,11 @@ public KeyProcessor(KRAEngine engine) {

public KeyInfoCollection listKeys(Principal principal, String baseUrl, String clientKeyID, String status, int maxResults, int maxTime, int start,
int size, String realm, String owner) {
logger.info("Key: Searching for keys");
logger.info("Key: - client key ID: {}", clientKeyID);
logger.info("Key: - status: {}", status);
logger.info("KeyProcessor: Searching for keys");
logger.info("KeyProcessor: - client key ID: {}", clientKeyID);
logger.info("KeyProcessor: - status: {}", status);

String auditInfo = "Key.listKeyInfos; status =" + status;
String auditInfo = "KeyProcessor.listKeyInfos; status =" + status;

if (realm != null) {
try {
Expand All @@ -115,7 +115,7 @@ public KeyInfoCollection listKeys(Principal principal, String baseUrl, String cl

// get ldap filter
String filter = createSearchFilter(status, clientKeyID, realm, owner);
logger.info("Key: - filter: {}", filter);
logger.info("KeyProcessor: - filter: {}", filter);


KeyInfoCollection infos = new KeyInfoCollection();
Expand All @@ -125,7 +125,7 @@ public KeyInfoCollection listKeys(Principal principal, String baseUrl, String cl
return infos;
}

logger.info("Key: Results:");
logger.info("KeyProcessor: Results:");

// store non-null results in a list
List<KeyInfo> results = new ArrayList<>();
Expand All @@ -134,13 +134,13 @@ public KeyInfoCollection listKeys(Principal principal, String baseUrl, String cl
if (rec == null) continue;

KeyInfo info = createKeyDataInfo(rec, baseUrl, false);
logger.info("Key: - key: {}", info.getKeyId());
logger.info("KeyProcessor: - key: {}", info.getKeyId());
results.add(info);

auditKeyInfoSuccess(principal, info.getKeyId(), null, auditInfo);
}
int total = results.size();
logger.info("Key: Total: {}", total);
logger.info("KeyProcessor: Total: {}", total);
infos.setTotal(total);

// return entries in the requested page
Expand All @@ -154,8 +154,8 @@ public KeyInfoCollection listKeys(Principal principal, String baseUrl, String cl
}

public KeyInfo getKeyInfo(Principal principal, String baseUrl, KeyId keyId) {
String auditInfo = "Key.getKeyInfo";
logger.debug("Key.getKeyInfo: begins.");
String auditInfo = "KeyProcessor.getKeyInfo";
logger.debug("KeyProcessor.getKeyInfo: begins.");

KeyRecord rec = null;
try {
Expand Down Expand Up @@ -183,8 +183,8 @@ public KeyInfo getKeyInfo(Principal principal, String baseUrl, KeyId keyId) {
}

public KeyInfo getActiveKeyInfo(Principal principal, String baseUrl, String clientKeyID) {
String auditInfo = "Key.getActiveKeyInfo";
logger.debug("Key.getActiveKeyInfo: begins.");
String auditInfo = "KeyProcessor.getActiveKeyInfo";
logger.debug("KeyProcessor.getActiveKeyInfo: begins.");

KeyInfoCollection infos = listKeys(
principal,
Expand Down Expand Up @@ -228,11 +228,11 @@ public KeyInfo getActiveKeyInfo(Principal principal, String baseUrl, String clie
}

public void modifyKeyStatus(Principal principal, String baseUrl, KeyId id, String status) {
String auditInfo = "Key.modifyKeyStatus";
String auditInfo = "KeyProcessor.modifyKeyStatus";
String messageError = "Unable to modify key status: ";
//TODO: what was the original status? find it and record that in Info as well

logger.info("Key.modifyKeyStatus: Modifying key {} status to {}", id, status);
logger.info("KeyProcessor.modifyKeyStatus: Modifying key {} status to {}", id, status);

KeyRecord rec = null;
KeyInfo info = null;
Expand Down Expand Up @@ -272,14 +272,14 @@ public void modifyKeyStatus(Principal principal, String baseUrl, KeyId id, Strin

public KeyData retrieveKey(Principal principal, KeyRecoveryRequest data) {
if (data == null) {
auditRetrieveKeyError(principal, null, null, "Key: Missing key recovery request", null);
auditRetrieveKeyError(principal, null, null, "KeyProcessor: Missing key recovery request", null);
throw new BadRequestException("Missing key recovery request");
}

try {
logger.debug("Key: Request:\n{}", data.toJSON());
logger.debug("KeyProcessor: Request:\n{}", data.toJSON());
} catch (JsonProcessingException e) {
auditRetrieveKeyError(principal, null, null, "Key: Problem processing key data", null);
auditRetrieveKeyError(principal, null, null, "KeyProcessor: Problem processing key data", null);
throw new PKIException(e.getMessage(), e);
}

Expand All @@ -296,7 +296,7 @@ public KeyData retrieveKey(Principal principal, KeyRecoveryRequest data) {

if (requestId != null) {

logger.debug("Key: Searching for asynchronous request {}", requestId);
logger.debug("KeyProcessor: Searching for asynchronous request {}", requestId);
// We assume that the request is valid and has been approved

auditInfo += ";requestID=" + requestId;
Expand All @@ -314,7 +314,7 @@ public KeyData retrieveKey(Principal principal, KeyRecoveryRequest data) {
}

keyId = new KeyId(request.getExtDataInString(ATTR_SERIALNO));
logger.debug("Key: Request found for key {}", keyId);
logger.debug("KeyProcessor: Request found for key {}", keyId);

auditInfo += ";keyID=" + keyId;

Expand All @@ -323,7 +323,7 @@ public KeyData retrieveKey(Principal principal, KeyRecoveryRequest data) {
} else {

keyId = data.getKeyId();
logger.info("Key: Retrieving key {}", keyId);
logger.info("KeyProcessor: Retrieving key {}", keyId);

if (keyId == null) {
auditRetrieveKeyError(principal, requestId, keyId, "Missing recovery request ID and key ID", auditInfo);
Expand All @@ -333,21 +333,21 @@ public KeyData retrieveKey(Principal principal, KeyRecoveryRequest data) {
auditInfo += ";keyID=" + keyId;

// TODO(alee): get the realm from the key record
logger.info("Key: realm: {}", realm);
logger.info("KeyProcessor: realm: {}", realm);

synchronous = kra.isRetrievalSynchronous(realm);
logger.info("Key: synchronous: {}", synchronous);
logger.info("KeyProcessor: synchronous: {}", synchronous);

ephemeral = kra.isEphemeral(realm);
logger.info("Key: ephemeral: {}", ephemeral);
logger.info("KeyProcessor: ephemeral: {}", ephemeral);

// Only synchronous requests can be ephemeral
if (!synchronous) ephemeral = false;

auditInfo += ";synchronous=" + synchronous;
auditInfo += ";ephemeral=" + ephemeral;

logger.info("Key: Creating recovery request");
logger.info("KeyProcessor: Creating recovery request");

KeyRequestDAO reqDAO = new KeyRequestDAO();
try {
Expand All @@ -359,33 +359,33 @@ public KeyData retrieveKey(Principal principal, KeyRecoveryRequest data) {
}

requestId = request.getRequestId();
logger.info("Key: Created request {}", requestId);
logger.info("KeyProcessor: Created request {}", requestId);

auditInfo += ";requestID=" + requestId;

if (!synchronous) {
logger.info("Key: Storing request in database");
logger.info("KeyProcessor: Storing request in database");

try {
requestRepository.updateRequest(request);
} catch (EBaseException e) {
logger.error("KeyService: " + e.getMessage(), e);
logger.error("KeyProcessor: " + e.getMessage(), e);
auditRecoveryRequest(principal, ILogger.FAILURE, requestId, keyId);
throw new PKIException(e.getMessage(), e);
}
KeyData keyData = new KeyData();
keyData.setRequestID(requestId);

try {
logger.debug("Key: Response:\n {}", keyData.toJSON());
logger.debug("KeyProcessor: Response:\n {}", keyData.toJSON());
} catch (JsonProcessingException e) {
auditRecoveryRequest(principal, ILogger.FAILURE, requestId, keyId);
throw new PKIException(e.getMessage(), e);
}

auditRecoveryRequest(principal, ILogger.SUCCESS, requestId, keyId);

logger.info("Key: Returning created recovery request");
logger.info("KeyProcessor: Returning created recovery request");
return keyData;
}
auditRecoveryRequest(principal, ILogger.SUCCESS, requestId, keyId);
Expand All @@ -394,7 +394,7 @@ public KeyData retrieveKey(Principal principal, KeyRecoveryRequest data) {
data.setRequestId(requestId);

String type = request.getRequestType();
logger.debug("Key: request type: {}", type);
logger.debug("KeyProcessor: request type: {}", type);
auditInfo += ";request type:" + type;

// process request
Expand All @@ -403,19 +403,19 @@ public KeyData retrieveKey(Principal principal, KeyRecoveryRequest data) {
switch(type) {
case Request.KEYRECOVERY_REQUEST:

logger.info("Key: Processing key recovery request");
logger.info("KeyProcessor: Processing key recovery request");
keyData = recoverKey(data);
auditInfo = "Key.recoverKey";
auditInfo = "KeyProcessor.recoverKey";
break;

case Request.SECURITY_DATA_RECOVERY_REQUEST:

logger.info("KeyService: Processing security data recovery request");
logger.info("KeyProcessor: Processing security data recovery request");
if (synchronous) request.setRequestStatus(RequestStatus.APPROVED);
validateRequest(principal, data, request);
keyData = getKey(keyId, request, data, synchronous, ephemeral);

auditInfo += "Key.getKey: keyID=" + keyId.toString();
auditInfo += "KeyProcessor.getKey: keyID=" + keyId.toString();
auditInfo += ";requestID=" + requestId.toString();
auditInfo += ";synchronous=" + Boolean.toString(synchronous);
auditInfo += ";ephemeral=" + Boolean.toString(ephemeral);
Expand All @@ -439,7 +439,7 @@ public KeyData retrieveKey(Principal principal, KeyRecoveryRequest data) {
auditRecoveryRequestProcessed(principal, ILogger.SUCCESS, requestId, keyId, null, auditInfo, approvers);

try {
logger.debug("KeyService: Response:\n {}", keyData.toJSON());
logger.debug("KeyProcessor: Response:\n {}", keyData.toJSON());
} catch (JsonProcessingException e) {
auditRecoveryRequestProcessed(principal, ILogger.FAILURE, requestId, keyId, "Key record data error", auditInfo, null);
throw new PKIException(e.getMessage(), e);
Expand All @@ -451,8 +451,7 @@ public KeyData retrieveKey(Principal principal, KeyRecoveryRequest data) {

private AuthToken getAuthToken(Principal principal) {
if (principal instanceof PKIPrincipal pkiprincipal) {
AuthToken authToken = pkiprincipal.getAuthToken();
return authToken;
return pkiprincipal.getAuthToken();
}
throw new PKIException("Unable to access realm: principal not instance of PKIPrincipal");
}
Expand Down Expand Up @@ -496,7 +495,7 @@ private String createSearchFilter(String status, String clientKeyID, String real
}

private KeyInfo createKeyDataInfo(KeyRecord rec, String baseURL, boolean getPublicKey) throws EBaseException {
String method = "Key.createKeyDataInfo: ";
String method = "KeyProcessor.createKeyDataInfo: ";
logger.debug("{} begins.", method);

KeyInfo ret = new KeyInfo();
Expand Down Expand Up @@ -528,7 +527,7 @@ private KeyInfo createKeyDataInfo(KeyRecord rec, String baseURL, boolean getPubl

private KeyData recoverKey(KeyRecoveryRequest data) throws Exception {

String method = "Key.recoverKey:";
String method = "KeyProcessor.recoverKey:";
logger.debug("{} begins.", method);

RequestId reqId = data.getRequestId();
Expand Down Expand Up @@ -579,7 +578,7 @@ private KeyData recoverKey(KeyRecoveryRequest data) throws Exception {
return keyData;
}
private void validateRequest(Principal principal, KeyRecoveryRequest data, Request request) {
logger.debug("Key.validateRequest: begins.");
logger.debug("KeyProcessor.validateRequest: begins.");

// confirm that at least one wrapping method exists
// There must be at least the wrapped session key method.
Expand Down Expand Up @@ -609,7 +608,7 @@ private void validateRequest(Principal principal, KeyRecoveryRequest data, Reque

private KeyData getKey(KeyId keyId, Request request, KeyRecoveryRequest data,
boolean synchronous, boolean ephemeral) throws EBaseException {
String method = "Key.getKey:";
String method = "KeyProcessor.getKey:";
KeyData keyData;
KeyRequestDAO dao = new KeyRequestDAO();
logger.debug("{} begins.", method);
Expand Down
Loading

0 comments on commit b27d24c

Please sign in to comment.