From d68ad2c3e8420291ec986dea9136883a62a0ae99 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Wed, 9 Sep 2015 17:54:44 +0200 Subject: [PATCH] Added CLI to manage security domain sessions. A new REST interface and CLI have been added to manage security domain sessions. In the future the installation tool will be modified to use the new interface. The CLI can also be used for testing and troubleshoot issues. https://fedorahosted.org/pki/ticket/1633 --- base/ca/shared/conf/acl.properties | 2 + base/ca/shared/conf/auth-method.properties | 1 + .../certsrv/system/SecurityDomainClient.java | 29 ++++ .../certsrv/system/SecurityDomainResource.java | 38 +++++ .../certsrv/system/SecurityDomainSession.java | 163 +++++++++++++++++++++ .../system/SecurityDomainSessionCollection.java | 39 +++++ base/java-tools/man/man1/pki-securitydomain.1 | 42 +++++- .../cmstools/system/SecurityDomainCLI.java | 1 + .../system/SecurityDomainSessionAddCLI.java | 100 +++++++++++++ .../cmstools/system/SecurityDomainSessionCLI.java | 66 +++++++++ .../system/SecurityDomainSessionFindCLI.java | 136 +++++++++++++++++ .../system/SecurityDomainSessionRemoveCLI.java | 88 +++++++++++ .../system/SecurityDomainSessionShowCLI.java | 88 +++++++++++ .../servlet/csadmin/SecurityDomainProcessor.java | 108 +++++++++++++- .../server/rest/SecurityDomainService.java | 102 +++++++++++++ 15 files changed, 1000 insertions(+), 3 deletions(-) create mode 100644 base/common/src/com/netscape/certsrv/system/SecurityDomainSession.java create mode 100644 base/common/src/com/netscape/certsrv/system/SecurityDomainSessionCollection.java create mode 100644 base/java-tools/src/com/netscape/cmstools/system/SecurityDomainSessionAddCLI.java create mode 100644 base/java-tools/src/com/netscape/cmstools/system/SecurityDomainSessionCLI.java create mode 100644 base/java-tools/src/com/netscape/cmstools/system/SecurityDomainSessionFindCLI.java create mode 100644 base/java-tools/src/com/netscape/cmstools/system/SecurityDomainSessionRemoveCLI.java create mode 100644 base/java-tools/src/com/netscape/cmstools/system/SecurityDomainSessionShowCLI.java diff --git a/base/ca/shared/conf/acl.properties b/base/ca/shared/conf/acl.properties index 8b3e9d0eea09e5e3ab8271888ab0532d47b69348..ec591b22aa7fe785c5a7c201487a7f05e96478bf 100644 --- a/base/ca/shared/conf/acl.properties +++ b/base/ca/shared/conf/acl.properties @@ -18,6 +18,8 @@ profiles.list = certServer.ee.profiles,list profiles.modify = certServer.profile.configuration,modify profiles.read = certServer.profile.configuration,read securityDomain.installToken = certServer.securitydomain.domainxml,read +securityDomain.sessions.read = certServer.securitydomain.domainxml,read +securityDomain.sessions.modify = certServer.securitydomain.domainxml,modify selftests.read = certServer.ca.selftests,read selftests.execute = certServer.ca.selftests,execute users = certServer.ca.users,execute diff --git a/base/ca/shared/conf/auth-method.properties b/base/ca/shared/conf/auth-method.properties index 8d67690af88d387f38fd8fcf1c2fdfa8bbb492fe..7640cafa1df6957f6782dc3f19d36e1a8d955c62 100644 --- a/base/ca/shared/conf/auth-method.properties +++ b/base/ca/shared/conf/auth-method.properties @@ -15,5 +15,6 @@ groups = certUserDBAuthMgr kraconnectors = certUserDBAuthMgr profiles = certUserDBAuthMgr securityDomain.installToken = passwdUserDBAuthMgr +securityDomain.sessions = passwdUserDBAuthMgr selftests = certUserDBAuthMgr users = certUserDBAuthMgr diff --git a/base/common/src/com/netscape/certsrv/system/SecurityDomainClient.java b/base/common/src/com/netscape/certsrv/system/SecurityDomainClient.java index 1775a69949ba4cf6ee5d081991daeb965a049060..55b120a694416a00831ed495106b8454cc8c255a 100644 --- a/base/common/src/com/netscape/certsrv/system/SecurityDomainClient.java +++ b/base/common/src/com/netscape/certsrv/system/SecurityDomainClient.java @@ -18,6 +18,7 @@ package com.netscape.certsrv.system; import java.net.URISyntaxException; +import java.util.Date; import javax.ws.rs.core.Response; @@ -46,6 +47,34 @@ public class SecurityDomainClient extends Client { return client.getEntity(response, InstallToken.class); } + public SecurityDomainSessionCollection findSessions( + String user, + String host, + String subsystem, + Date createdAfter, + Date createdBefore) { + Response response = securityDomainClient.findSessions( + user, host, subsystem, + createdAfter == null ? null : createdAfter.getTime(), + createdBefore == null ? null : createdBefore.getTime()); + return client.getEntity(response, SecurityDomainSessionCollection.class); + } + + public SecurityDomainSession getSession(String sessionID) { + Response response = securityDomainClient.getSession(sessionID); + return client.getEntity(response, SecurityDomainSession.class); + } + + public SecurityDomainSession createSession(String host, String subsystem) { + Response response = securityDomainClient.createSession(host, subsystem); + return client.getEntity(response, SecurityDomainSession.class); + } + + public void removeSession(String sessionID) { + Response response = securityDomainClient.removeSession(sessionID); + client.getEntity(response, Void.class); + } + public DomainInfo getDomainInfo() { Response response = securityDomainClient.getDomainInfo(); return client.getEntity(response, DomainInfo.class); diff --git a/base/common/src/com/netscape/certsrv/system/SecurityDomainResource.java b/base/common/src/com/netscape/certsrv/system/SecurityDomainResource.java index 7ad87557cd87c8ea5bda39c4ae75d687b1389776..0809905e2c8a49d7e49bebe3db9349281068b864 100644 --- a/base/common/src/com/netscape/certsrv/system/SecurityDomainResource.java +++ b/base/common/src/com/netscape/certsrv/system/SecurityDomainResource.java @@ -17,8 +17,11 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.system; +import javax.ws.rs.DELETE; import javax.ws.rs.GET; +import javax.ws.rs.POST; import javax.ws.rs.Path; +import javax.ws.rs.PathParam; import javax.ws.rs.QueryParam; import javax.ws.rs.core.Response; @@ -43,6 +46,41 @@ public interface SecurityDomainResource { @QueryParam("subsystem") String subsystem); @GET + @Path("sessions") + @ACLMapping("securityDomain.sessions.read") + @AuthMethodMapping("securityDomain.sessions") + @ClientResponseType(entityType=SecurityDomainSessionCollection.class) + public Response findSessions( + @QueryParam("user") String user, + @QueryParam("host") String host, + @QueryParam("subsystem") String subsystem, + @QueryParam("createdAfter") Long createdAfter, + @QueryParam("createdBefore") Long createdBefore); + + @GET + @Path("sessions/{sessionID}") + @ACLMapping("securityDomain.sessions.read") + @AuthMethodMapping("securityDomain.sessions") + @ClientResponseType(entityType=SecurityDomainSession.class) + public Response getSession(@PathParam("sessionID") String sessionID); + + @POST + @Path("sessions") + @ACLMapping("securityDomain.sessions.modify") + @AuthMethodMapping("securityDomain.sessions") + @ClientResponseType(entityType=SecurityDomainSession.class) + public Response createSession( + @QueryParam("host") String host, + @QueryParam("subsystem") String subsystem); + + @DELETE + @Path("sessions/{sessionID}") + @ACLMapping("securityDomain.sessions.modify") + @AuthMethodMapping("securityDomain.sessions") + @ClientResponseType(entityType=Void.class) + public Response removeSession(@PathParam("sessionID") String sessionID); + + @GET @Path("domainInfo") @ClientResponseType(entityType=DomainInfo.class) public Response getDomainInfo(); diff --git a/base/common/src/com/netscape/certsrv/system/SecurityDomainSession.java b/base/common/src/com/netscape/certsrv/system/SecurityDomainSession.java new file mode 100644 index 0000000000000000000000000000000000000000..5238cf57fd20e435b9ac26a0be45acfa1f9232ab --- /dev/null +++ b/base/common/src/com/netscape/certsrv/system/SecurityDomainSession.java @@ -0,0 +1,163 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2015 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.system; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; + +import org.jboss.resteasy.plugins.providers.atom.Link; + +/** + * @author Endi S. Dewata + */ +@XmlRootElement(name="SecurityDomainSession") +@XmlAccessorType(XmlAccessType.FIELD) +public class SecurityDomainSession { + + @XmlAttribute + private String id; + + @XmlElement(name="Host") + private String host; + + @XmlElement(name="User") + private String user; + + @XmlElement(name="Subsystem") + private String subsystem; + + @XmlElement(name="CreateTimestamp") + private Long createTimestamp; + + @XmlElement(name="Link") + private Link link; + + public SecurityDomainSession(String id) { + this.id = id; + } + + public SecurityDomainSession() { + // required by jaxb + } + + public String getID() { + return id; + } + + public void setID(String id) { + this.id = id; + } + + public String getHost() { + return host; + } + + public void setHost(String host) { + this.host = host; + } + + public String getUser() { + return user; + } + + public void setUser(String user) { + this.user = user; + } + + public String getSubsystem() { + return subsystem; + } + + public void setSubsystem(String subsystem) { + this.subsystem = subsystem; + } + + public Long getCreateTimestamp() { + return createTimestamp; + } + + public void setCreateTimestamp(Long createTimestamp) { + this.createTimestamp = createTimestamp; + } + + public Link getLink() { + return link; + } + + public void setLink(Link link) { + this.link = link; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((createTimestamp == null) ? 0 : createTimestamp.hashCode()); + result = prime * result + ((host == null) ? 0 : host.hashCode()); + result = prime * result + ((id == null) ? 0 : id.hashCode()); + result = prime * result + ((link == null) ? 0 : link.hashCode()); + result = prime * result + ((subsystem == null) ? 0 : subsystem.hashCode()); + result = prime * result + ((user == null) ? 0 : user.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + SecurityDomainSession other = (SecurityDomainSession) obj; + if (createTimestamp == null) { + if (other.createTimestamp != null) + return false; + } else if (!createTimestamp.equals(other.createTimestamp)) + return false; + if (host == null) { + if (other.host != null) + return false; + } else if (!host.equals(other.host)) + return false; + if (id == null) { + if (other.id != null) + return false; + } else if (!id.equals(other.id)) + return false; + if (link == null) { + if (other.link != null) + return false; + } else if (!link.equals(other.link)) + return false; + if (subsystem == null) { + if (other.subsystem != null) + return false; + } else if (!subsystem.equals(other.subsystem)) + return false; + if (user == null) { + if (other.user != null) + return false; + } else if (!user.equals(other.user)) + return false; + return true; + } +} diff --git a/base/common/src/com/netscape/certsrv/system/SecurityDomainSessionCollection.java b/base/common/src/com/netscape/certsrv/system/SecurityDomainSessionCollection.java new file mode 100644 index 0000000000000000000000000000000000000000..da50729f07805d916b016378f4c0abf9de3b069b --- /dev/null +++ b/base/common/src/com/netscape/certsrv/system/SecurityDomainSessionCollection.java @@ -0,0 +1,39 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2015 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.certsrv.system; + +import java.util.Collection; + +import javax.xml.bind.annotation.XmlElementRef; +import javax.xml.bind.annotation.XmlRootElement; + +import com.netscape.certsrv.base.DataCollection; + + +/** + * @author Endi S. Dewata + */ +@XmlRootElement(name="SecurityDomainSessions") +public class SecurityDomainSessionCollection extends DataCollection { + + @XmlElementRef + public Collection getEntries() { + return super.getEntries(); + } +} diff --git a/base/java-tools/man/man1/pki-securitydomain.1 b/base/java-tools/man/man1/pki-securitydomain.1 index cbefa75689e5252e4092d7e27951115dbdb9ffc9..2f2f3e4fb632ad9eb14cb6d073a00c5a0eb90e3b 100644 --- a/base/java-tools/man/man1/pki-securitydomain.1 +++ b/base/java-tools/man/man1/pki-securitydomain.1 @@ -1,7 +1,7 @@ .\" First parameter, NAME, should be all caps .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection .\" other parameters are allowed: see man(7), man(1) -.TH pki-securitydomain 1 "May 5, 2014" "version 10.2" "PKI Security Domain Management Commands" Dogtag Team +.TH pki-securitydomain 1 "Oct 6, 2015" "version 10.3" "PKI Security Domain Management Commands" Dogtag Team .\" Please adjust this date whenever revising the man page. .\" .\" Some roff macros, for reference: @@ -20,6 +20,10 @@ pki-securitydomain \- Command-Line Interface for managing Certificate System sec .SH SYNOPSIS .nf \fBpki\fR [CLI options] \fBsecuritydomain\fR +\fBpki\fR [CLI options] \fBsecuritydomain-session-find\fR [command options] +\fBpki\fR [CLI options] \fBsecuritydomain-session-show\fR [command options] +\fBpki\fR [CLI options] \fBsecuritydomain-session-add\fR [command options] +\fBpki\fR [CLI options] \fBsecuritydomain-session-del\fR [command options] \fBpki\fR [CLI options] \fBsecuritydomain-show\fR [command options] .fi @@ -32,6 +36,26 @@ The \fBpki-securitydomain\fR commands provide command-line interfaces to manage This command is to list available security domain commands. .RE .PP +\fBpki\fR [CLI options] \fBsecuritydomain-session-find\fR [command options] +.RS 4 +This command is to list security domain sessions. +.RE +.PP +\fBpki\fR [CLI options] \fBsecuritydomain-session-show\fR [command options] +.RS 4 +This command is to display security domain session details. +.RE +.PP +\fBpki\fR [CLI options] \fBsecuritydomain-session-add\fR [command options] +.RS 4 +This command is to create a security domain session. +.RE +.PP +\fBpki\fR [CLI options] \fBsecuritydomain-session-del\fR [command options] +.RS 4 +This command is to remove a security domain session. +.RE +.PP \fBpki\fR [CLI options] \fBsecuritydomain-show\fR [command options] .RS 4 This command is to show the contents of the security domain. @@ -43,7 +67,21 @@ The CLI options are described in \fBpki\fR(1). .SH OPERATIONS To view available security domain commands, type \fBpki securitydomain\fP. To view each command's usage, type \fB pki securitydomain- \-\-help\fP. -." To get an installation token (used when installing a new subsystem within a security domain): +To list security domain sessions: + +\fBpki securitydomain-session-find + +To display security domain session details: + +\fBpki securitydomain-session-show + +To create a security domain session: + +\fBpki securitydomain-session-add \-\-host \-\-subsystem \fP + +To remove a security domain session: + +\fBpki securitydomain-session-del To show the contents of the security domain: diff --git a/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainCLI.java b/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainCLI.java index 0c2ed37d800bf5769136aeed6b3e82d34ac07d7f..818ccf22c026d956adc2459b0026851df3f6500f 100644 --- a/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainCLI.java @@ -35,6 +35,7 @@ public class SecurityDomainCLI extends CLI { public SecurityDomainCLI(CLI parent) { super("securitydomain", "Security domain commands", parent); + addModule(new SecurityDomainSessionCLI(this)); addModule(new SecurityDomainShowCLI(this)); } diff --git a/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainSessionAddCLI.java b/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainSessionAddCLI.java new file mode 100644 index 0000000000000000000000000000000000000000..5c1d502d008cdc6e5e0569daa9ae6284a5aab577 --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainSessionAddCLI.java @@ -0,0 +1,100 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2015 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cmstools.system; + +import java.net.InetAddress; +import java.util.Arrays; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.Option; + +import com.netscape.certsrv.system.SecurityDomainSession; +import com.netscape.cmstools.cli.CLI; +import com.netscape.cmstools.cli.MainCLI; + +/** + * @author Endi S. Dewata + */ +public class SecurityDomainSessionAddCLI extends CLI { + + public SecurityDomainSessionCLI securityDomainSessionCLI; + + public SecurityDomainSessionAddCLI(SecurityDomainSessionCLI securityDomainSessionCLI) { + super("add", "Create security domain session", securityDomainSessionCLI); + this.securityDomainSessionCLI = securityDomainSessionCLI; + + createOptions(); + } + + public void printHelp() { + formatter.printHelp(getFullName() + " --subsystem [OPTIONS...]", options); + } + + public void createOptions() { + Option option = new Option(null, "host", true, "Host"); + option.setArgName("host"); + options.addOption(option); + + option = new Option(null, "subsystem", true, "Subsystem"); + option.setArgName("subsystem"); + option.setRequired(true); + options.addOption(option); + } + + public void execute(String[] args) throws Exception { + // Always check for "--help" prior to parsing + if (Arrays.asList(args).contains("--help")) { + // Display usage + printHelp(); + System.exit(0); + } + + CommandLine cmd = null; + + try { + cmd = parser.parse(options, args); + + } catch (Exception e) { + System.err.println("Error: " + e.getMessage()); + printHelp(); + System.exit(-1); + } + + String[] cmdArgs = cmd.getArgs(); + + if (cmdArgs.length != 0) { + System.err.println("Error: Too many arguments specified."); + printHelp(); + System.exit(-1); + } + + String host = cmd.getOptionValue("host"); + if (host == null) { + host = InetAddress.getLocalHost().getHostName(); + } + + String subsystem = cmd.getOptionValue("subsystem"); + + SecurityDomainSession session = securityDomainSessionCLI.securityDomainClient.createSession(host, subsystem); + + MainCLI.printMessage("Created session \"" + session.getID() + "\""); + + SecurityDomainSessionCLI.printSession(session); + } +} diff --git a/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainSessionCLI.java b/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainSessionCLI.java new file mode 100644 index 0000000000000000000000000000000000000000..38f1025be791433c453a879fb704e2ea8766a3ae --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainSessionCLI.java @@ -0,0 +1,66 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2015 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cmstools.system; + +import java.text.DateFormat; +import java.text.SimpleDateFormat; +import java.util.Date; + +import com.netscape.certsrv.system.SecurityDomainClient; +import com.netscape.certsrv.system.SecurityDomainSession; +import com.netscape.cmstools.cli.CLI; + +/** + * @author Endi S. Dewata + */ +public class SecurityDomainSessionCLI extends CLI { + + public final static DateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); + public SecurityDomainClient securityDomainClient; + + public SecurityDomainSessionCLI(SecurityDomainCLI parent) { + super("session", "Security domain session management commands", parent); + + addModule(new SecurityDomainSessionAddCLI(this)); + addModule(new SecurityDomainSessionFindCLI(this)); + addModule(new SecurityDomainSessionRemoveCLI(this)); + addModule(new SecurityDomainSessionShowCLI(this)); + } + + + public void execute(String[] args) throws Exception { + + client = parent.getClient(); + securityDomainClient = ((SecurityDomainCLI)parent).securityDomainClient; + + super.execute(args); + } + + public static void printSession(SecurityDomainSession session) { + + System.out.println(" Session ID: " + session.getID()); + System.out.println(" Host: " + session.getHost()); + System.out.println(" User: " + session.getUser()); + System.out.println(" Subsystem: " + session.getSubsystem()); + + Date date = new Date(session.getCreateTimestamp()); + String createTimestamp = dateFormat.format(date); + System.out.println(" Create Timestamp: " + createTimestamp); + } +} \ No newline at end of file diff --git a/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainSessionFindCLI.java b/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainSessionFindCLI.java new file mode 100644 index 0000000000000000000000000000000000000000..52948abd4d9dd1fc4f1cbe6f9373a4dfad891d08 --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainSessionFindCLI.java @@ -0,0 +1,136 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2015 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmstools.system; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Date; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.Option; + +import com.netscape.certsrv.system.SecurityDomainSession; +import com.netscape.certsrv.system.SecurityDomainSessionCollection; +import com.netscape.cmstools.cli.CLI; +import com.netscape.cmstools.cli.MainCLI; + +/** + * @author Endi S. Dewata + */ +public class SecurityDomainSessionFindCLI extends CLI { + + public SecurityDomainSessionCLI securityDomainSessionCLI; + + public SecurityDomainSessionFindCLI(SecurityDomainSessionCLI securityDomainSessionCLI) { + super("find", "Find security domain session", securityDomainSessionCLI); + this.securityDomainSessionCLI = securityDomainSessionCLI; + + createOptions(); + } + + public void printHelp() { + formatter.printHelp(getFullName() + " [OPTIONS...]", options); + } + + public void createOptions() { + Option option = new Option(null, "user", true, "User"); + option.setArgName("user"); + options.addOption(option); + + option = new Option(null, "host", true, "Host"); + option.setArgName("host"); + options.addOption(option); + + option = new Option(null, "subsystem", true, "Subsystem"); + option.setArgName("subsystem"); + options.addOption(option); + + option = new Option(null, "created-after", true, "Created after (YYYY-MM-DD hh:mm:ss)"); + option.setArgName("time"); + options.addOption(option); + + option = new Option(null, "created-before", true, "Created before (YYYY-MM-DD hh:mm:ss)"); + option.setArgName("time"); + options.addOption(option); + } + + public void execute(String[] args) throws Exception { + // Always check for "--help" prior to parsing + if (Arrays.asList(args).contains("--help")) { + // Display usage + printHelp(); + System.exit(0); + } + + CommandLine cmd = null; + + try { + cmd = parser.parse(options, args); + + } catch (Exception e) { + System.err.println("Error: " + e.getMessage()); + printHelp(); + System.exit(-1); + } + + String[] cmdArgs = cmd.getArgs(); + + if (cmdArgs.length > 0) { + System.err.println("Error: Too many arguments specified."); + printHelp(); + System.exit(-1); + } + + String user = cmd.getOptionValue("user"); + String host = cmd.getOptionValue("host"); + String subsystem = cmd.getOptionValue("subsystem"); + + String s = cmd.getOptionValue("created-after"); + Date createdAfter = null; + if (s != null) { + createdAfter = SecurityDomainSessionCLI.dateFormat.parse(s); + } + + s = cmd.getOptionValue("created-before"); + Date createdBefore = null; + if (s != null) { + createdBefore = SecurityDomainSessionCLI.dateFormat.parse(s); + } + + SecurityDomainSessionCollection result = + securityDomainSessionCLI.securityDomainClient.findSessions( + user, host, subsystem, createdAfter, createdBefore); + + MainCLI.printMessage(result.getTotal() + " entries matched"); + if (result.getTotal() == 0) return; + + Collection sessions = result.getEntries(); + boolean first = true; + for (SecurityDomainSession session : sessions) { + if (first) { + first = false; + } else { + System.out.println(); + } + + SecurityDomainSessionCLI.printSession(session); + } + + MainCLI.printMessage("Number of entries returned " + sessions.size()); + } +} diff --git a/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainSessionRemoveCLI.java b/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainSessionRemoveCLI.java new file mode 100644 index 0000000000000000000000000000000000000000..89476207ee65d789bedc5c3e8091c819b51d476b --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainSessionRemoveCLI.java @@ -0,0 +1,88 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2015 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cmstools.system; + +import java.util.Arrays; + +import org.apache.commons.cli.CommandLine; + +import com.netscape.cmstools.cli.CLI; +import com.netscape.cmstools.cli.MainCLI; + +/** + * @author Endi S. Dewata + */ +public class SecurityDomainSessionRemoveCLI extends CLI { + + public SecurityDomainSessionCLI securityDomainSessionCLI; + + public SecurityDomainSessionRemoveCLI(SecurityDomainSessionCLI securityDomainSessionCLI) { + super("del", "Remove security domain session", securityDomainSessionCLI); + this.securityDomainSessionCLI = securityDomainSessionCLI; + + createOptions(); + } + + public void printHelp() { + formatter.printHelp(getFullName() + " [OPTIONS...]", options); + } + + public void createOptions() { + } + + public void execute(String[] args) throws Exception { + // Always check for "--help" prior to parsing + if (Arrays.asList(args).contains("--help")) { + // Display usage + printHelp(); + System.exit(0); + } + + CommandLine cmd = null; + + try { + cmd = parser.parse(options, args); + + } catch (Exception e) { + System.err.println("Error: " + e.getMessage()); + printHelp(); + System.exit(-1); + } + + String[] cmdArgs = cmd.getArgs(); + + if (cmdArgs.length > 1) { + System.err.println("Error: Too many arguments specified."); + printHelp(); + System.exit(-1); + } + + if (cmdArgs.length == 0) { + System.err.println("Error: Missing session ID."); + printHelp(); + System.exit(-1); + } + + String sessionID = cmdArgs[0]; + + securityDomainSessionCLI.securityDomainClient.removeSession(sessionID); + + MainCLI.printMessage("Removed session \"" + sessionID + "\""); + } +} diff --git a/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainSessionShowCLI.java b/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainSessionShowCLI.java new file mode 100644 index 0000000000000000000000000000000000000000..3413b6f4c726012d532d7b41fa5fdb108a96d014 --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainSessionShowCLI.java @@ -0,0 +1,88 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cmstools.system; + +import java.util.Arrays; + +import org.apache.commons.cli.CommandLine; + +import com.netscape.certsrv.system.SecurityDomainSession; +import com.netscape.cmstools.cli.CLI; + +/** + * @author Endi S. Dewata + */ +public class SecurityDomainSessionShowCLI extends CLI { + + public SecurityDomainSessionCLI securityDomainSessionCLI; + + public SecurityDomainSessionShowCLI(SecurityDomainSessionCLI securityDomainSessionCLI) { + super("show", "Display security domain session", securityDomainSessionCLI); + this.securityDomainSessionCLI = securityDomainSessionCLI; + + createOptions(); + } + + public void printHelp() { + formatter.printHelp(getFullName() + " [OPTIONS...]", options); + } + + public void createOptions() { + } + + public void execute(String[] args) throws Exception { + // Always check for "--help" prior to parsing + if (Arrays.asList(args).contains("--help")) { + // Display usage + printHelp(); + System.exit(0); + } + + CommandLine cmd = null; + + try { + cmd = parser.parse(options, args); + + } catch (Exception e) { + System.err.println("Error: " + e.getMessage()); + printHelp(); + System.exit(-1); + } + + String[] cmdArgs = cmd.getArgs(); + + if (cmdArgs.length > 1) { + System.err.println("Error: Too many arguments specified."); + printHelp(); + System.exit(-1); + } + + if (cmdArgs.length == 0) { + System.err.println("Error: Missing session ID."); + printHelp(); + System.exit(-1); + } + + String sessionID = cmdArgs[0]; + + SecurityDomainSession session = securityDomainSessionCLI.securityDomainClient.getSession(sessionID); + + SecurityDomainSessionCLI.printSession(session); + } +} diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java index b8c4288adbf28975f8ed8f48bbf65372696c3fbd..76e6828c17f4e17efa286957ab183d5377dd9f95 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java @@ -23,6 +23,8 @@ import java.util.Enumeration; import java.util.Locale; import java.util.Random; import java.util.Vector; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.OutputKeys; @@ -41,12 +43,15 @@ import com.netscape.certsrv.base.EPropertyNotFound; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.ISecurityDomainSessionTable; import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.base.ResourceNotFoundException; import com.netscape.certsrv.base.UnauthorizedException; import com.netscape.certsrv.ldap.ILdapConnFactory; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.system.DomainInfo; import com.netscape.certsrv.system.InstallToken; import com.netscape.certsrv.system.SecurityDomainHost; +import com.netscape.certsrv.system.SecurityDomainSession; +import com.netscape.certsrv.system.SecurityDomainSessionCollection; import com.netscape.certsrv.system.SecurityDomainSubsystem; import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.cms.servlet.processors.CAProcessor; @@ -83,6 +88,88 @@ public class SecurityDomainProcessor extends CAProcessor { String user, String host, String subsystemName) throws Exception { + SecurityDomainSession session = createSession(user, host, subsystemName); + return new InstallToken(session.getID()); + } + + public SecurityDomainSession getSessionData(ISecurityDomainSessionTable table, String sessionID) throws Exception { + + SecurityDomainSession session = new SecurityDomainSession(sessionID); + session.setHost(table.getIP(sessionID)); + session.setUser(table.getUID(sessionID)); + + String group = table.getGroup(sessionID); + + Pattern p = Pattern.compile("Enterprise (.*) Administrators"); + Matcher m = p.matcher(group); + + if (m.matches()) { + String subsystem = m.group(1); + session.setSubsystem(subsystem); + } + + session.setCreateTimestamp(table.getBeginTime(sessionID)); + + return session; + } + + public SecurityDomainSessionCollection findSessions( + String user, String host, String subsystem, + Long createdAfter, Long createdBefore) throws Exception { + + CMS.debug("SecurityDomainProcessor: findSessions()"); + + SecurityDomainSessionCollection result = new SecurityDomainSessionCollection(); + + ISecurityDomainSessionTable table = CMS.getSecurityDomainSessionTable(); + + Enumeration sessionIDs = table.getSessionIDs(); + CMS.debug("SecurityDomainProcessor: Sessions:"); + while (sessionIDs.hasMoreElements()) { + String sessionID = sessionIDs.nextElement(); + CMS.debug("SecurityDomainProcessor: - " + sessionID); + + SecurityDomainSession session = getSessionData(table, sessionID); + + // check filter + if (user != null && !user.equals(session.getUser())) continue; + if (host != null && !host.equals(session.getHost())) continue; + if (subsystem != null && !subsystem.equals(session.getSubsystem())) continue; + + // check createdAffter <= createTimestamp < createdBefore + if (createdAfter != null && createdAfter.compareTo(session.getCreateTimestamp()) >= 0) continue; + if (createdBefore != null && createdBefore.compareTo(session.getCreateTimestamp()) < 0) continue; + + result.addEntry(session); + } + + result.setTotal(result.getEntries().size()); + + return result; + } + + public SecurityDomainSession getSession(String sessionID) throws Exception { + + CMS.debug("SecurityDomainProcessor: getSession()"); + + ISecurityDomainSessionTable table = CMS.getSecurityDomainSessionTable(); + + if (!table.sessionExists(sessionID)) { + CMS.debug("SecurityDomainProcessor: Session " + sessionID + " not found"); + throw new ResourceNotFoundException("Session " + sessionID + " not found"); + } + + SecurityDomainSession session = getSessionData(table, sessionID); + + return session; + } + + public SecurityDomainSession createSession( + String user, + String host, + String subsystemName) throws Exception { + + CMS.debug("SecurityDomainProcessor: createSession()"); subsystemName = subsystemName.toUpperCase(); IUGSubsystem subsystem = (IUGSubsystem) CMS.getSubsystem(IUGSubsystem.ID); @@ -140,8 +227,27 @@ public class SecurityDomainProcessor extends CAProcessor { throw new PKIException("Failed to create session."); } + SecurityDomainSession session = new SecurityDomainSession(sessionID); + session.setUser(user); + session.setHost(ip); + session.setSubsystem(subsystemName); + session.setCreateTimestamp(ctable.getBeginTime(sessionID)); - return new InstallToken(sessionID); + return session; + } + + public void removeSession(String sessionID) throws Exception { + + CMS.debug("SecurityDomainProcessor: removeSession()"); + + ISecurityDomainSessionTable table = CMS.getSecurityDomainSessionTable(); + + if (!table.sessionExists(sessionID)) { + CMS.debug("SecurityDomainProcessor: Session " + sessionID + " not found"); + throw new ResourceNotFoundException("Session " + sessionID + " not found"); + } + + table.removeEntry(sessionID); } public DomainInfo getDomainInfo() throws EBaseException { diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SecurityDomainService.java b/base/server/cms/src/org/dogtagpki/server/rest/SecurityDomainService.java index 3d708ebb6de32235e9fbaaf8a6e8e87635c131ce..0950d2b0b0907c8b6deabb0f98ebbf1c4c636bb2 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/SecurityDomainService.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/SecurityDomainService.java @@ -17,6 +17,8 @@ // --- END COPYRIGHT BLOCK --- package org.dogtagpki.server.rest; +import java.net.URI; + import javax.servlet.http.HttpServletRequest; import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; @@ -24,11 +26,15 @@ import javax.ws.rs.core.Request; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; +import org.jboss.resteasy.plugins.providers.atom.Link; + import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.PKIException; import com.netscape.certsrv.system.DomainInfo; import com.netscape.certsrv.system.InstallToken; import com.netscape.certsrv.system.SecurityDomainResource; +import com.netscape.certsrv.system.SecurityDomainSession; +import com.netscape.certsrv.system.SecurityDomainSessionCollection; import com.netscape.cms.servlet.base.PKIService; import com.netscape.cms.servlet.csadmin.SecurityDomainProcessor; @@ -70,6 +76,102 @@ public class SecurityDomainService extends PKIService implements SecurityDomainR } } + public void generateLink(SecurityDomainSession session) { + URI uri = uriInfo.getBaseUriBuilder(). + path(SecurityDomainResource.class).path("sessions/{sessionID}"). + build(session.getID()); + session.setLink(new Link("self", uri)); + } + + @Override + public Response findSessions(String user, String host, String subsystem, Long createdAfter, Long createdBefore) { + CMS.debug("SecurityDomainService.findSessions(" + + user + ", " + host + ", " + subsystem + ", " + createdAfter + ", " + createdBefore + ")"); + try { + SecurityDomainProcessor processor = new SecurityDomainProcessor(getLocale(headers)); + SecurityDomainSessionCollection result = processor.findSessions( + user, host, subsystem, createdAfter, createdBefore); + + for (SecurityDomainSession session : result.getEntries()) { + generateLink(session); + } + + return createOKResponse(result); + + } catch (PKIException e) { + CMS.debug("SecurityDomainService: " + e); + throw e; + + } catch (Exception e) { + CMS.debug(e); + throw new PKIException(e.getMessage(), e); + + } + } + + @Override + public Response getSession(String sessionID) { + CMS.debug("SecurityDomainService.getSession(" + sessionID + ")"); + try { + SecurityDomainProcessor processor = new SecurityDomainProcessor(getLocale(headers)); + SecurityDomainSession session = processor.getSession(sessionID); + generateLink(session); + + return createOKResponse(session); + + } catch (PKIException e) { + CMS.debug("SecurityDomainService: " + e); + throw e; + + } catch (Exception e) { + CMS.debug(e); + throw new PKIException(e.getMessage(), e); + + } + } + + @Override + public Response createSession(String host, String subsystem) { + CMS.debug("SecurityDomainService.createSession(" + host + ", " + subsystem + ")"); + try { + // Get uid from realm authentication. + String user = servletRequest.getUserPrincipal().getName(); + + SecurityDomainProcessor processor = new SecurityDomainProcessor(getLocale(headers)); + SecurityDomainSession session = processor.createSession(user, host, subsystem); + generateLink(session); + + return createCreatedResponse(session, session.getLink().getHref()); + + } catch (PKIException e) { + CMS.debug("SecurityDomainService: " + e); + throw e; + + } catch (Exception e) { + CMS.debug(e); + throw new PKIException(e.getMessage(), e); + } + } + + @Override + public Response removeSession(String sessionID) { + CMS.debug("SecurityDomainService.getSession(" + sessionID + ")"); + try { + SecurityDomainProcessor processor = new SecurityDomainProcessor(getLocale(headers)); + processor.removeSession(sessionID); + + return createNoContentResponse(); + + } catch (PKIException e) { + CMS.debug("SecurityDomainService: " + e); + throw e; + + } catch (Exception e) { + CMS.debug(e); + throw new PKIException(e.getMessage(), e); + } + } + @Override public Response getDomainInfo() throws PKIException { try { -- 2.4.3