Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add KRASystemCertService to v2 APIs #4818

Merged
merged 1 commit into from
Aug 8, 2024
Merged

Add KRASystemCertService to v2 APIs #4818

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/KRAServlet.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@

import com.netscape.certsrv.security.IStorageKeyUnit;
import com.netscape.kra.KeyRecoveryAuthority;
import com.netscape.kra.TransportKeyUnit;

/**
* @author Marco Fargetta {@literal <[email protected]>}
Expand All @@ -24,6 +25,7 @@ public class KRAServlet extends PKIServlet {
protected KRAEngine engine;
protected KRAEngineConfig config;
protected IStorageKeyUnit storageUnit;
protected TransportKeyUnit transportUnit;

@Override
public void init() throws ServletException {
Expand All @@ -33,6 +35,7 @@ public void init() throws ServletException {
config = engine.getConfig();
KeyRecoveryAuthority kra = (KeyRecoveryAuthority) engine.getSubsystem(KeyRecoveryAuthority.ID);
storageUnit = kra.getStorageKeyUnit();
transportUnit = kra.getTransportKeyUnit();
}

public KRAEngine getKRAEngine() {
Expand Down
66 changes: 66 additions & 0 deletions base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/KRASystemCertServlet.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
package org.dogtagpki.server.kra.rest.v2;

import java.io.PrintWriter;

import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.mozilla.jss.crypto.X509Certificate;
import org.mozilla.jss.netscape.security.pkcs.ContentInfo;
import org.mozilla.jss.netscape.security.pkcs.PKCS7;
import org.mozilla.jss.netscape.security.pkcs.SignerInfo;
import org.mozilla.jss.netscape.security.x509.AlgorithmId;
import org.mozilla.jss.netscape.security.x509.X509CertImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.netscape.certsrv.base.WebAction;
import com.netscape.certsrv.cert.CertData;

/**
* @author Marco Fargetta {@literal <[email protected]>}
* @author alee
*/
@WebServlet(
name = "kraSystemCert",
urlPatterns = "/v2/config/cert/*")
public class KRASystemCertServlet extends KRAServlet {
private static final long serialVersionUID = 1L;
private static final Logger logger = LoggerFactory.getLogger(KRASystemCertServlet.class);

@WebAction(method = HttpMethod.GET, paths = { "transport"})
public void getTransportCert(HttpServletRequest request, HttpServletResponse response) throws Exception {
HttpSession session = request.getSession();
logger.debug("KRASystemCertServlet.getTransportCert(): session: {}", session.getId());

X509Certificate[] chain = transportUnit.getChain();
X509CertImpl[] chainImpl = new X509CertImpl[chain.length];

for (int i=0; i<chain.length; i++) {
X509Certificate c = chain[i];
chainImpl[i] = new X509CertImpl(c.getEncoded());
}

PKCS7 pkcs7 = new PKCS7(
new AlgorithmId[0],
new ContentInfo(new byte[0]),
chainImpl,
new SignerInfo[0]);

CertData certData = CertData.fromCertChain(pkcs7);
String reqETag = request.getHeader("If-None-Match");
String eTag = Integer.toString(certData.hashCode());
response.addHeader("ETag", "\"" + eTag + "\"");
response.addHeader("Cache-control", "no-transform, max-age=" + DEFAULT_LONG_CACHE_LIFETIME);
if (reqETag != null &&
(reqETag.equals(eTag) || reqETag.equals("\"" + eTag + "\""))) {
response.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
return;
}
PrintWriter out = response.getWriter();
out.println(certData.toJSON());
}

}
2 changes: 1 addition & 1 deletion base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/filters/EmptyACL.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

import org.dogtagpki.server.rest.v2.filters.ACLFilter;

@WebFilter(servletNames = {"kraInfo", "kraJobs"})
@WebFilter(servletNames = {"kraInfo", "kraJobs", "kraSystemCert"})
public class EmptyACL extends ACLFilter {

private static final long serialVersionUID = 1L;
Expand Down
2 changes: 1 addition & 1 deletion base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/filters/EmptyAuthMethod.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

import org.dogtagpki.server.rest.v2.filters.AuthMethodFilter;

@WebFilter(servletNames = {"kraInfo", "kraJobs"})
@WebFilter(servletNames = {"kraInfo", "kraJobs", "kraSystemCert"})
public class EmptyAuthMethod extends AuthMethodFilter {

private static final long serialVersionUID = 1L;
Expand Down
Loading