/**
* Updates the signing certificate of a trust bundle.
*
* @param bundleName The name of the trust bundle to update.
* @param certData A DER encoded representation of the new signing certificate.
* @return Status of 204 if the trust bundle's signing certificate was updated, status of 400 if
* the signing certificate is invalid, or a status 404 if a trust bundle with the given name
* does not exist.
*/
@POST
@Path("{bundle}/signingCert")
@Consumes(MediaType.APPLICATION_JSON)
public Response updateSigningCert(@PathParam("bundle") String bundleName, byte[] certData) {
X509Certificate signingCert = null;
if (certData.length > 0) {
try {
signingCert = CertUtils.toX509Certificate(certData);
} catch (CertificateConversionException ex) {
log.error("Signing certificate is not in a valid format " + bundleName, ex);
return Response.status(Status.BAD_REQUEST).cacheControl(noCache).build();
}
}
// make sure the bundle exists
org.nhindirect.config.store.TrustBundle entityBundle;
try {
entityBundle = bundleDao.getTrustBundleByName(bundleName);
if (entityBundle == null)
return Response.status(Status.NOT_FOUND).cacheControl(noCache).build();
} catch (Exception e) {
log.error("Error looking up bundle.", e);
return Response.serverError().cacheControl(noCache).build();
}
// now update
try {
bundleDao.updateTrustBundleSigningCertificate(entityBundle.getId(), signingCert);
return Response.noContent().cacheControl(noCache).build();
} catch (Exception e) {
log.error("Error updating trust bundle signing certificate.", e);
return Response.serverError().cacheControl(noCache).build();
}
}
/**
* Gets all trust bundles in the system.
*
* @param fetchAnchors Indicates if the retrieval should also include the trust anchors in the
* bundle. When only needing bundle names, this parameter should be set to false for better
* performance.
* @return A JSON representation of a collection of all trust bundles in the system. Returns a
* status of 204 if no trust bundles exist.
*/
@GET
@Produces(MediaType.APPLICATION_JSON)
public Response getTrustBundles(
@QueryParam("fetchAnchors") @DefaultValue("true") boolean fetchAnchors) {
Collection<org.nhindirect.config.store.TrustBundle> retBundles = null;
try {
retBundles = bundleDao.getTrustBundles();
if (retBundles.isEmpty()) return Response.noContent().cacheControl(noCache).build();
} catch (Throwable e) {
log.error("Error looking up trust bundles", e);
return Response.serverError().cacheControl(noCache).build();
}
final Collection<TrustBundle> modelBundles = new ArrayList<TrustBundle>();
for (org.nhindirect.config.store.TrustBundle bundle : retBundles) {
if (!fetchAnchors) bundle.setTrustBundleAnchors(new ArrayList<TrustBundleAnchor>());
modelBundles.add(EntityModelConversion.toModelTrustBundle(bundle));
}
final GenericEntity<Collection<TrustBundle>> entity =
new GenericEntity<Collection<TrustBundle>>(modelBundles) {};
return Response.ok(entity).cacheControl(noCache).build();
}
/**
* Updates multiple bundle attributes. If the URL of the bundle changes, then the bundle is
* automatically refreshed.
*
* @param bundleName The name of the bundle to update.
* @param bundleData The data of the trust bundle to update. Empty or null attributes indicate
* that the attribute should not be changed.
* @return Status of 204 if the bundle attributes were updated, status of 400 if the signing
* certificate is invalid, or a status 404 if a trust bundle with the given name does not
* exist.
*/
@POST
@Path("{bundle}/bundleAttributes")
@Consumes(MediaType.APPLICATION_JSON)
public Response updateBundleAttributes(
@PathParam("bundle") String bundleName, TrustBundle bundleData) {
// make sure the bundle exists
org.nhindirect.config.store.TrustBundle entityBundle;
try {
entityBundle = bundleDao.getTrustBundleByName(bundleName);
if (entityBundle == null)
return Response.status(Status.NOT_FOUND).cacheControl(noCache).build();
} catch (Exception e) {
log.error("Error looking up bundle.", e);
return Response.serverError().cacheControl(noCache).build();
}
final String oldBundleURL = entityBundle.getBundleURL();
// if there is a signing certificate in the request, make sure it's valid
X509Certificate newSigningCert = null;
if (bundleData.getSigningCertificateData() != null) {
try {
newSigningCert = CertUtils.toX509Certificate(bundleData.getSigningCertificateData());
} catch (CertificateConversionException ex) {
log.error("Signing certificate is not in a valid format " + bundleName, ex);
return Response.status(Status.BAD_REQUEST).cacheControl(noCache).build();
}
}
// update the bundle
try {
bundleDao.updateTrustBundleAttributes(
entityBundle.getId(),
bundleData.getBundleName(),
bundleData.getBundleURL(),
newSigningCert,
bundleData.getRefreshInterval());
// if the URL changed, the bundle needs to be refreshed
if (bundleData.getBundleURL() != null
&& !bundleData.getBundleURL().isEmpty()
&& !oldBundleURL.equals(bundleData.getBundleURL())) {
entityBundle = bundleDao.getTrustBundleById(entityBundle.getId());
template.sendBody(entityBundle);
}
return Response.noContent().cacheControl(noCache).build();
} catch (Exception e) {
log.error("Error updating trust bundle attributes.", e);
return Response.serverError().cacheControl(noCache).build();
}
}
/**
* Associates a trust bundle to a domain along with directional trust.
*
* @param bundleName The name of the bundle to associate to a domain.
* @param domainName The name of the domain to associate to a bundle.
* @param incoming Indicates if trust should be allowed for incoming messages.
* @param outgoing Indicates if trust should be allowed for outgoing messages.
* @return Status of 204 if the association was made or a status of 404 if either a domain or
* trust bundle with its given name does not exist.
*/
@POST
@Path("{bundle}/{domain}")
public Response associateTrustBundleToDomain(
@PathParam("bundle") String bundleName,
@PathParam("domain") String domainName,
@QueryParam("incoming") @DefaultValue("true") boolean incoming,
@QueryParam("outgoing") @DefaultValue("true") boolean outgoing) {
// make sure the bundle exists
org.nhindirect.config.store.TrustBundle entityBundle;
try {
entityBundle = bundleDao.getTrustBundleByName(bundleName);
if (entityBundle == null)
return Response.status(Status.NOT_FOUND).cacheControl(noCache).build();
} catch (Exception e) {
log.error("Error looking up bundle.", e);
return Response.serverError().cacheControl(noCache).build();
}
// make sure the domain exists
org.nhindirect.config.store.Domain entityDomain;
try {
entityDomain = domainDao.getDomainByName(domainName);
if (entityDomain == null)
return Response.status(Status.NOT_FOUND).cacheControl(noCache).build();
} catch (Exception e) {
log.error("Error looking up domain.", e);
return Response.serverError().cacheControl(noCache).build();
}
// now make the association
try {
bundleDao.associateTrustBundleToDomain(
entityDomain.getId(), entityBundle.getId(), incoming, outgoing);
return Response.noContent().cacheControl(noCache).build();
} catch (Exception e) {
log.error("Error associating trust bundle to domain.", e);
return Response.serverError().cacheControl(noCache).build();
}
}
/**
* Removes a trust bundle from all domains.
*
* @param bundleName The name of the trust bundle to remove from all domains.
* @return Status of 200 if the trust bundle was removed from all domains or a status of 404 if a
* trust bundle with the given name does not exist.
*/
@DELETE
@Path("{bundle}/deleteFromBundle")
public Response disassociateTrustBundleFromDomains(@PathParam("bundle") String bundleName) {
// make sure the bundle exists
org.nhindirect.config.store.TrustBundle entityBundle;
try {
entityBundle = bundleDao.getTrustBundleByName(bundleName);
if (entityBundle == null)
return Response.status(Status.NOT_FOUND).cacheControl(noCache).build();
} catch (Exception e) {
log.error("Error looking up bundle.", e);
return Response.serverError().cacheControl(noCache).build();
}
// now make the disassociation
try {
bundleDao.disassociateTrustBundleFromDomains(entityBundle.getId());
return Response.ok().cacheControl(noCache).build();
} catch (Exception e) {
log.error("Error disassociating trust bundle from domains.", e);
return Response.serverError().cacheControl(noCache).build();
}
}
/**
* Deletes a trust bundle.
*
* @param bundleName The name of the bundle to delete.
* @return Status of 200 if the trust bundle was deleted or a status of 404 if a trust bundle with
* the given name does not exist.
*/
@DELETE
@Path("{bundle}")
public Response deleteBundle(@PathParam("bundle") String bundleName) {
// make sure it exists
org.nhindirect.config.store.TrustBundle entityBundle;
try {
entityBundle = bundleDao.getTrustBundleByName(bundleName);
if (entityBundle == null)
return Response.status(Status.NOT_FOUND).cacheControl(noCache).build();
} catch (Exception e) {
log.error("Error looking up bundle.", e);
return Response.serverError().cacheControl(noCache).build();
}
try {
bundleDao.deleteTrustBundles(new long[] {entityBundle.getId()});
return Response.ok().cacheControl(noCache).build();
} catch (Exception e) {
log.error("Error deleting trust bundle.", e);
return Response.serverError().cacheControl(noCache).build();
}
}