From 33269c5d663d1261017c02b4532ae94f9c13fc01 Mon Sep 17 00:00:00 2001 From: Marco Fargetta Date: Thu, 8 Aug 2024 09:53:14 +0200 Subject: [PATCH] Add KRASystemCertService to v2 APIs --- .../server/kra/rest/v2/KRAServlet.java | 3 + .../kra/rest/v2/KRASystemCertServlet.java | 66 +++++++++++++++++++ .../server/kra/rest/v2/filters/EmptyACL.java | 2 +- .../kra/rest/v2/filters/EmptyAuthMethod.java | 2 +- 4 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/KRASystemCertServlet.java diff --git a/base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/KRAServlet.java b/base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/KRAServlet.java index 3b842e8d768..b48c21fd090 100644 --- a/base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/KRAServlet.java +++ b/base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/KRAServlet.java @@ -14,6 +14,7 @@ import com.netscape.certsrv.security.IStorageKeyUnit; import com.netscape.kra.KeyRecoveryAuthority; +import com.netscape.kra.TransportKeyUnit; /** * @author Marco Fargetta {@literal } @@ -24,6 +25,7 @@ public class KRAServlet extends PKIServlet { protected KRAEngine engine; protected KRAEngineConfig config; protected IStorageKeyUnit storageUnit; + protected TransportKeyUnit transportUnit; @Override public void init() throws ServletException { @@ -33,6 +35,7 @@ public void init() throws ServletException { config = engine.getConfig(); KeyRecoveryAuthority kra = (KeyRecoveryAuthority) engine.getSubsystem(KeyRecoveryAuthority.ID); storageUnit = kra.getStorageKeyUnit(); + transportUnit = kra.getTransportKeyUnit(); } public KRAEngine getKRAEngine() { diff --git a/base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/KRASystemCertServlet.java b/base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/KRASystemCertServlet.java new file mode 100644 index 00000000000..2516cfd7465 --- /dev/null +++ b/base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/KRASystemCertServlet.java @@ -0,0 +1,66 @@ +package org.dogtagpki.server.kra.rest.v2; + +import java.io.PrintWriter; + +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.mozilla.jss.crypto.X509Certificate; +import org.mozilla.jss.netscape.security.pkcs.ContentInfo; +import org.mozilla.jss.netscape.security.pkcs.PKCS7; +import org.mozilla.jss.netscape.security.pkcs.SignerInfo; +import org.mozilla.jss.netscape.security.x509.AlgorithmId; +import org.mozilla.jss.netscape.security.x509.X509CertImpl; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.netscape.certsrv.base.WebAction; +import com.netscape.certsrv.cert.CertData; + +/** + * @author Marco Fargetta {@literal } + * @author alee + */ +@WebServlet( + name = "kraSystemCert", + urlPatterns = "/v2/config/cert/*") +public class KRASystemCertServlet extends KRAServlet { + private static final long serialVersionUID = 1L; + private static final Logger logger = LoggerFactory.getLogger(KRASystemCertServlet.class); + + @WebAction(method = HttpMethod.GET, paths = { "transport"}) + public void getTransportCert(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("KRASystemCertServlet.getTransportCert(): session: {}", session.getId()); + + X509Certificate[] chain = transportUnit.getChain(); + X509CertImpl[] chainImpl = new X509CertImpl[chain.length]; + + for (int i=0; i