From 4c67f33f613c9b4ab5e0a75cc8709b1acaf5c2f4 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Wed, 10 Jun 2015 03:02:35 -0400 Subject: [PATCH] Lightweight CAs: add ca-authority CLI Add CLI commands for creating, listing and showing lightweight CAs. Part of: https://fedorahosted.org/pki/ticket/1213 --- .../certsrv/authority/AuthorityClient.java | 62 +++++++++++++++ .../src/com/netscape/certsrv/ca/CAClient.java | 3 +- .../netscape/cmstools/authority/AuthorityCLI.java | 49 ++++++++++++ .../cmstools/authority/AuthorityCreateCLI.java | 89 ++++++++++++++++++++++ .../cmstools/authority/AuthorityDisableCLI.java | 56 ++++++++++++++ .../cmstools/authority/AuthorityEnableCLI.java | 56 ++++++++++++++ .../cmstools/authority/AuthorityFindCLI.java | 62 +++++++++++++++ .../cmstools/authority/AuthorityShowCLI.java | 55 +++++++++++++ .../src/com/netscape/cmstools/cli/CACLI.java | 2 + 9 files changed, 433 insertions(+), 1 deletion(-) create mode 100644 base/common/src/com/netscape/certsrv/authority/AuthorityClient.java create mode 100644 base/java-tools/src/com/netscape/cmstools/authority/AuthorityCLI.java create mode 100644 base/java-tools/src/com/netscape/cmstools/authority/AuthorityCreateCLI.java create mode 100644 base/java-tools/src/com/netscape/cmstools/authority/AuthorityDisableCLI.java create mode 100644 base/java-tools/src/com/netscape/cmstools/authority/AuthorityEnableCLI.java create mode 100644 base/java-tools/src/com/netscape/cmstools/authority/AuthorityFindCLI.java create mode 100644 base/java-tools/src/com/netscape/cmstools/authority/AuthorityShowCLI.java diff --git a/base/common/src/com/netscape/certsrv/authority/AuthorityClient.java b/base/common/src/com/netscape/certsrv/authority/AuthorityClient.java new file mode 100644 index 0000000000000000000000000000000000000000..86de3352e2424211125c146edf759481448a2694 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authority/AuthorityClient.java @@ -0,0 +1,62 @@ +//--- BEGIN COPYRIGHT BLOCK --- +//This program is free software; you can redistribute it and/or modify +//it under the terms of the GNU General Public License as published by +//the Free Software Foundation; version 2 of the License. +// +//This program is distributed in the hope that it will be useful, +//but WITHOUT ANY WARRANTY; without even the implied warranty of +//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +//GNU General Public License for more details. +// +//You should have received a copy of the GNU General Public License along +//with this program; if not, write to the Free Software Foundation, Inc., +//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +//(C) 2015 Red Hat, Inc. +//All rights reserved. +//--- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authority; + +import java.net.URISyntaxException; +import java.util.List; + +import javax.ws.rs.core.GenericType; +import javax.ws.rs.core.Response; + +import com.netscape.certsrv.client.Client; +import com.netscape.certsrv.client.PKIClient; + +/** + * @author Fraser Tweedale + */ +public class AuthorityClient extends Client { + + public AuthorityResource proxy; + + public AuthorityClient(PKIClient client, String subsystem) throws URISyntaxException { + super(client, subsystem, "authority"); + proxy = createProxy(AuthorityResource.class); + } + + public List listCAs() { + Response response = proxy.listCAs(); + GenericType> type = new GenericType>() {}; + return client.getEntity(response, type); + } + + public AuthorityData getCA(String caIDString) { + Response response = proxy.getCA(caIDString); + return client.getEntity(response, AuthorityData.class); + } + + public AuthorityData createCA(AuthorityData data) { + Response response = proxy.createCA(data); + return client.getEntity(response, AuthorityData.class); + } + + public AuthorityData modifyCA(AuthorityData data) { + Response response = proxy.modifyCA(data.getID(), data); + return client.getEntity(response, AuthorityData.class); + } + +} diff --git a/base/common/src/com/netscape/certsrv/ca/CAClient.java b/base/common/src/com/netscape/certsrv/ca/CAClient.java index e1a0a8c02f8a840acbdea924c164020b88557fc4..1fbd2a0b286ed09854373846510c392c5202307a 100644 --- a/base/common/src/com/netscape/certsrv/ca/CAClient.java +++ b/base/common/src/com/netscape/certsrv/ca/CAClient.java @@ -26,6 +26,7 @@ import com.netscape.certsrv.group.GroupClient; import com.netscape.certsrv.profile.ProfileClient; import com.netscape.certsrv.selftests.SelfTestClient; import com.netscape.certsrv.user.UserClient; +import com.netscape.certsrv.authority.AuthorityClient; public class CAClient extends SubsystemClient { @@ -35,7 +36,7 @@ public class CAClient extends SubsystemClient { } public void init() throws URISyntaxException { - + addClient(new AuthorityClient(client, name)); addClient(new CertClient(client, name)); addClient(new GroupClient(client, name)); addClient(new ProfileClient(client, name)); diff --git a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityCLI.java b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityCLI.java new file mode 100644 index 0000000000000000000000000000000000000000..cd0609204dd3e757925c6fec9488f293d31b2c9f --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityCLI.java @@ -0,0 +1,49 @@ +package com.netscape.cmstools.authority; + +import com.netscape.certsrv.authority.AuthorityClient; +import com.netscape.certsrv.authority.AuthorityData; +import com.netscape.cmstools.cli.CLI; +import com.netscape.cmstools.cli.MainCLI; + +public class AuthorityCLI extends CLI { + + public AuthorityClient authorityClient; + + public AuthorityCLI(CLI parent) { + super("authority", "CA management commands", parent); + + addModule(new AuthorityFindCLI(this)); + addModule(new AuthorityShowCLI(this)); + addModule(new AuthorityCreateCLI(this)); + addModule(new AuthorityDisableCLI(this)); + addModule(new AuthorityEnableCLI(this)); + } + + public String getFullName() { + if (parent instanceof MainCLI) { + // do not include MainCLI's name + return name; + } else { + return parent.getFullName() + "-" + name; + } + } + + public void execute(String[] args) throws Exception { + client = parent.getClient(); + authorityClient = new AuthorityClient(client, "ca"); + super.execute(args); + } + + protected static void printAuthorityData(AuthorityData data) { + System.out.println(" Authority DN: " + data.getDN()); + System.out.println(" ID: " + data.getID()); + String parentAID = data.getParentID(); + if (parentAID != null) + System.out.println(" Parent DN: " + data.getParentID()); + System.out.println(" Enabled: " + data.getEnabled()); + String desc = data.getDescription(); + if (desc != null) + System.out.println(" Description: " + desc); + } + +} diff --git a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityCreateCLI.java b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityCreateCLI.java new file mode 100644 index 0000000000000000000000000000000000000000..9799c7db8eb00d59384754684aea2c3a3bdeec67 --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityCreateCLI.java @@ -0,0 +1,89 @@ +package com.netscape.cmstools.authority; + +import java.util.Arrays; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.Option; +import org.apache.commons.cli.ParseException; + +import com.netscape.certsrv.authority.AuthorityData; +import com.netscape.certsrv.ca.AuthorityID; +import com.netscape.cmstools.cli.CLI; + +public class AuthorityCreateCLI extends CLI { + + public AuthorityCLI authorityCLI; + + public AuthorityCreateCLI(AuthorityCLI authorityCLI) { + super("create", "Create CAs", authorityCLI); + this.authorityCLI = authorityCLI; + + Option optParent = new Option(null, "parent", true, "ID of parent CA"); + optParent.setArgName("id"); + options.addOption(optParent); + + Option optDesc = new Option(null, "desc", true, "Optional description"); + optDesc.setArgName("string"); + options.addOption(optDesc); + } + + public void printHelp() { + formatter.printHelp(getFullName() + " ", options); + } + + public void execute(String[] args) throws Exception { + // Always check for "--help" prior to parsing + if (Arrays.asList(args).contains("--help")) { + // Display usage + printHelp(); + System.exit(0); + } + + CommandLine cmd = null; + + try { + cmd = parser.parse(options, args); + } catch (ParseException e) { + System.err.println("Error: " + e.getMessage()); + printHelp(); + System.exit(-1); + } + + String[] cmdArgs = cmd.getArgs(); + if (cmdArgs.length != 1) { + if (cmdArgs.length < 1) + System.err.println("No DN specified."); + else + System.err.println("Too many arguments."); + printHelp(); + System.exit(-1); + } + + String parentAIDString = null; + if (cmd.hasOption("parent")) { + parentAIDString = cmd.getOptionValue("parent"); + try { + new AuthorityID(parentAIDString); + } catch (IllegalArgumentException e) { + System.err.println("Bad CA ID: " + parentAIDString); + printHelp(); + System.exit(-1); + } + } else { + System.err.println("Must specify parent authority"); + printHelp(); + System.exit(-1); + } + + String desc = null; + if (cmd.hasOption("desc")) + desc = cmd.getOptionValue("desc"); + + String dn = cmdArgs[0]; + AuthorityData data = new AuthorityData( + dn, null, parentAIDString, true /* enabled */, desc); + AuthorityData newData = authorityCLI.authorityClient.createCA(data); + AuthorityCLI.printAuthorityData(newData); + } + +} diff --git a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityDisableCLI.java b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityDisableCLI.java new file mode 100644 index 0000000000000000000000000000000000000000..c3d24439f0dfefc85b210e65abb252ab4c7c7b25 --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityDisableCLI.java @@ -0,0 +1,56 @@ +package com.netscape.cmstools.authority; + +import java.util.Arrays; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.ParseException; + +import com.netscape.certsrv.authority.AuthorityData; +import com.netscape.cmstools.cli.CLI; + +public class AuthorityDisableCLI extends CLI { + + public AuthorityCLI authorityCLI; + + public AuthorityDisableCLI(AuthorityCLI authorityCLI) { + super("disable", "Disable CAs", authorityCLI); + this.authorityCLI = authorityCLI; + } + + public void printHelp() { + formatter.printHelp(getFullName() + " ", options); + } + + public void execute(String[] args) throws Exception { + // Always check for "--help" prior to parsing + if (Arrays.asList(args).contains("--help")) { + // Display usage + printHelp(); + System.exit(0); + } + + CommandLine cmd = null; + + try { + cmd = parser.parse(options, args); + } catch (ParseException e) { + System.err.println("Error: " + e.getMessage()); + printHelp(); + System.exit(-1); + } + + String[] cmdArgs = cmd.getArgs(); + + if (cmdArgs.length < 1) { + System.err.println("Error: No ID specified."); + printHelp(); + System.exit(-1); + } + + AuthorityData data = new AuthorityData( + null, cmdArgs[0], null, false, null); + data = authorityCLI.authorityClient.modifyCA(data); + AuthorityCLI.printAuthorityData(data); + } + +} diff --git a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityEnableCLI.java b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityEnableCLI.java new file mode 100644 index 0000000000000000000000000000000000000000..23eb9167b761c519b2e1b6ae1f933248476541e0 --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityEnableCLI.java @@ -0,0 +1,56 @@ +package com.netscape.cmstools.authority; + +import java.util.Arrays; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.ParseException; + +import com.netscape.certsrv.authority.AuthorityData; +import com.netscape.cmstools.cli.CLI; + +public class AuthorityEnableCLI extends CLI { + + public AuthorityCLI authorityCLI; + + public AuthorityEnableCLI(AuthorityCLI authorityCLI) { + super("enable", "Enable CAs", authorityCLI); + this.authorityCLI = authorityCLI; + } + + public void printHelp() { + formatter.printHelp(getFullName() + " ", options); + } + + public void execute(String[] args) throws Exception { + // Always check for "--help" prior to parsing + if (Arrays.asList(args).contains("--help")) { + // Display usage + printHelp(); + System.exit(0); + } + + CommandLine cmd = null; + + try { + cmd = parser.parse(options, args); + } catch (ParseException e) { + System.err.println("Error: " + e.getMessage()); + printHelp(); + System.exit(-1); + } + + String[] cmdArgs = cmd.getArgs(); + + if (cmdArgs.length < 1) { + System.err.println("Error: No ID specified."); + printHelp(); + System.exit(-1); + } + + AuthorityData data = new AuthorityData( + null, cmdArgs[0], null, true, null); + data = authorityCLI.authorityClient.modifyCA(data); + AuthorityCLI.printAuthorityData(data); + } + +} diff --git a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityFindCLI.java b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityFindCLI.java new file mode 100644 index 0000000000000000000000000000000000000000..c1aa99fc627e8e0ccfd1f12a23610a13dd5cfbbb --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityFindCLI.java @@ -0,0 +1,62 @@ +package com.netscape.cmstools.authority; + +import java.util.Arrays; +import java.util.List; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.ParseException; + +import com.netscape.certsrv.authority.AuthorityData; +import com.netscape.cmstools.cli.CLI; +import com.netscape.cmstools.cli.MainCLI; + +public class AuthorityFindCLI extends CLI { + + public AuthorityCLI authorityCLI; + + public AuthorityFindCLI(AuthorityCLI authorityCLI) { + super("find", "Find CAs", authorityCLI); + this.authorityCLI = authorityCLI; + } + + public void printHelp() { + formatter.printHelp(getFullName(), options); + } + + public void execute(String[] args) throws Exception { + // Always check for "--help" prior to parsing + if (Arrays.asList(args).contains("--help")) { + // Display usage + printHelp(); + System.exit(0); + } + + @SuppressWarnings("unused") + CommandLine cmd = null; + + try { + cmd = parser.parse(options, args); + } catch (ParseException e) { + System.err.println("Error: " + e.getMessage()); + printHelp(); + System.exit(-1); + } + + List datas = authorityCLI.authorityClient.listCAs(); + + MainCLI.printMessage(datas.size() + " entries matched"); + if (datas.size() == 0) return; + + boolean first = true; + for (AuthorityData data : datas) { + if (first) + first = false; + else + System.out.println(); + AuthorityCLI.printAuthorityData(data); + } + + MainCLI.printMessage("Number of entries returned " + datas.size()); + } + +} diff --git a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityShowCLI.java b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityShowCLI.java new file mode 100644 index 0000000000000000000000000000000000000000..2993430f0a8b2d0750720d2b251cad26a6707751 --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityShowCLI.java @@ -0,0 +1,55 @@ +package com.netscape.cmstools.authority; + +import java.util.Arrays; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.ParseException; + +import com.netscape.certsrv.authority.AuthorityData; +import com.netscape.cmstools.cli.CLI; + +public class AuthorityShowCLI extends CLI { + + public AuthorityCLI authorityCLI; + + public AuthorityShowCLI(AuthorityCLI authorityCLI) { + super("show", "Show CAs", authorityCLI); + this.authorityCLI = authorityCLI; + } + + public void printHelp() { + formatter.printHelp(getFullName() + " ", options); + } + + public void execute(String[] args) throws Exception { + // Always check for "--help" prior to parsing + if (Arrays.asList(args).contains("--help")) { + // Display usage + printHelp(); + System.exit(0); + } + + CommandLine cmd = null; + + try { + cmd = parser.parse(options, args); + } catch (ParseException e) { + System.err.println("Error: " + e.getMessage()); + printHelp(); + System.exit(-1); + } + + String[] cmdArgs = cmd.getArgs(); + + if (cmdArgs.length < 1) { + System.err.println("Error: No ID specified."); + printHelp(); + System.exit(-1); + } + + String caIDString = cmdArgs[0]; + AuthorityData data = authorityCLI.authorityClient.getCA(caIDString); + AuthorityCLI.printAuthorityData(data); + } + +} diff --git a/base/java-tools/src/com/netscape/cmstools/cli/CACLI.java b/base/java-tools/src/com/netscape/cmstools/cli/CACLI.java index 17fb4866f38f05f7ead02b6145ef7d09140a90c5..5c41f00c2eb6e393cc95d3b174cb14eefc7307ae 100644 --- a/base/java-tools/src/com/netscape/cmstools/cli/CACLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cli/CACLI.java @@ -20,6 +20,7 @@ package com.netscape.cmstools.cli; import com.netscape.certsrv.ca.CAClient; import com.netscape.certsrv.client.Client; +import com.netscape.cmstools.authority.AuthorityCLI; import com.netscape.cmstools.cert.CertCLI; import com.netscape.cmstools.group.GroupCLI; import com.netscape.cmstools.profile.ProfileCLI; @@ -37,6 +38,7 @@ public class CACLI extends SubsystemCLI { public CACLI(CLI parent) { super("ca", "CA management commands", parent); + addModule(new AuthorityCLI(this)); addModule(new CertCLI(this)); addModule(new GroupCLI(this)); addModule(new KRAConnectorCLI(this)); -- 2.4.3