示例#1
0
  /**
   * Updates the signing certificate of a trust bundle.
   *
   * @param bundleName The name of the trust bundle to update.
   * @param certData A DER encoded representation of the new signing certificate.
   * @return Status of 204 if the trust bundle's signing certificate was updated, status of 400 if
   *     the signing certificate is invalid, or a status 404 if a trust bundle with the given name
   *     does not exist.
   */
  @POST
  @Path("{bundle}/signingCert")
  @Consumes(MediaType.APPLICATION_JSON)
  public Response updateSigningCert(@PathParam("bundle") String bundleName, byte[] certData) {
    X509Certificate signingCert = null;
    if (certData.length > 0) {
      try {
        signingCert = CertUtils.toX509Certificate(certData);
      } catch (CertificateConversionException ex) {
        log.error("Signing certificate is not in a valid format " + bundleName, ex);
        return Response.status(Status.BAD_REQUEST).cacheControl(noCache).build();
      }
    }

    // make sure the bundle exists
    org.nhindirect.config.store.TrustBundle entityBundle;
    try {
      entityBundle = bundleDao.getTrustBundleByName(bundleName);
      if (entityBundle == null)
        return Response.status(Status.NOT_FOUND).cacheControl(noCache).build();
    } catch (Exception e) {
      log.error("Error looking up bundle.", e);
      return Response.serverError().cacheControl(noCache).build();
    }

    // now update
    try {
      bundleDao.updateTrustBundleSigningCertificate(entityBundle.getId(), signingCert);

      return Response.noContent().cacheControl(noCache).build();
    } catch (Exception e) {
      log.error("Error updating trust bundle signing certificate.", e);
      return Response.serverError().cacheControl(noCache).build();
    }
  }
示例#2
0
  /**
   * Gets all trust bundles in the system.
   *
   * @param fetchAnchors Indicates if the retrieval should also include the trust anchors in the
   *     bundle. When only needing bundle names, this parameter should be set to false for better
   *     performance.
   * @return A JSON representation of a collection of all trust bundles in the system. Returns a
   *     status of 204 if no trust bundles exist.
   */
  @GET
  @Produces(MediaType.APPLICATION_JSON)
  public Response getTrustBundles(
      @QueryParam("fetchAnchors") @DefaultValue("true") boolean fetchAnchors) {

    Collection<org.nhindirect.config.store.TrustBundle> retBundles = null;

    try {
      retBundles = bundleDao.getTrustBundles();

      if (retBundles.isEmpty()) return Response.noContent().cacheControl(noCache).build();

    } catch (Throwable e) {
      log.error("Error looking up trust bundles", e);
      return Response.serverError().cacheControl(noCache).build();
    }

    final Collection<TrustBundle> modelBundles = new ArrayList<TrustBundle>();
    for (org.nhindirect.config.store.TrustBundle bundle : retBundles) {
      if (!fetchAnchors) bundle.setTrustBundleAnchors(new ArrayList<TrustBundleAnchor>());

      modelBundles.add(EntityModelConversion.toModelTrustBundle(bundle));
    }

    final GenericEntity<Collection<TrustBundle>> entity =
        new GenericEntity<Collection<TrustBundle>>(modelBundles) {};

    return Response.ok(entity).cacheControl(noCache).build();
  }
示例#3
0
  /**
   * Updates multiple bundle attributes. If the URL of the bundle changes, then the bundle is
   * automatically refreshed.
   *
   * @param bundleName The name of the bundle to update.
   * @param bundleData The data of the trust bundle to update. Empty or null attributes indicate
   *     that the attribute should not be changed.
   * @return Status of 204 if the bundle attributes were updated, status of 400 if the signing
   *     certificate is invalid, or a status 404 if a trust bundle with the given name does not
   *     exist.
   */
  @POST
  @Path("{bundle}/bundleAttributes")
  @Consumes(MediaType.APPLICATION_JSON)
  public Response updateBundleAttributes(
      @PathParam("bundle") String bundleName, TrustBundle bundleData) {
    // make sure the bundle exists
    org.nhindirect.config.store.TrustBundle entityBundle;
    try {
      entityBundle = bundleDao.getTrustBundleByName(bundleName);
      if (entityBundle == null)
        return Response.status(Status.NOT_FOUND).cacheControl(noCache).build();
    } catch (Exception e) {
      log.error("Error looking up bundle.", e);
      return Response.serverError().cacheControl(noCache).build();
    }

    final String oldBundleURL = entityBundle.getBundleURL();

    // if there is a signing certificate in the request, make sure it's valid
    X509Certificate newSigningCert = null;
    if (bundleData.getSigningCertificateData() != null) {

      try {
        newSigningCert = CertUtils.toX509Certificate(bundleData.getSigningCertificateData());
      } catch (CertificateConversionException ex) {
        log.error("Signing certificate is not in a valid format " + bundleName, ex);
        return Response.status(Status.BAD_REQUEST).cacheControl(noCache).build();
      }
    }

    // update the bundle
    try {
      bundleDao.updateTrustBundleAttributes(
          entityBundle.getId(),
          bundleData.getBundleName(),
          bundleData.getBundleURL(),
          newSigningCert,
          bundleData.getRefreshInterval());

      // if the URL changed, the bundle needs to be refreshed
      if (bundleData.getBundleURL() != null
          && !bundleData.getBundleURL().isEmpty()
          && !oldBundleURL.equals(bundleData.getBundleURL())) {
        entityBundle = bundleDao.getTrustBundleById(entityBundle.getId());

        template.sendBody(entityBundle);
      }

      return Response.noContent().cacheControl(noCache).build();
    } catch (Exception e) {
      log.error("Error updating trust bundle attributes.", e);
      return Response.serverError().cacheControl(noCache).build();
    }
  }
示例#4
0
  /**
   * Associates a trust bundle to a domain along with directional trust.
   *
   * @param bundleName The name of the bundle to associate to a domain.
   * @param domainName The name of the domain to associate to a bundle.
   * @param incoming Indicates if trust should be allowed for incoming messages.
   * @param outgoing Indicates if trust should be allowed for outgoing messages.
   * @return Status of 204 if the association was made or a status of 404 if either a domain or
   *     trust bundle with its given name does not exist.
   */
  @POST
  @Path("{bundle}/{domain}")
  public Response associateTrustBundleToDomain(
      @PathParam("bundle") String bundleName,
      @PathParam("domain") String domainName,
      @QueryParam("incoming") @DefaultValue("true") boolean incoming,
      @QueryParam("outgoing") @DefaultValue("true") boolean outgoing) {
    // make sure the bundle exists
    org.nhindirect.config.store.TrustBundle entityBundle;
    try {
      entityBundle = bundleDao.getTrustBundleByName(bundleName);
      if (entityBundle == null)
        return Response.status(Status.NOT_FOUND).cacheControl(noCache).build();
    } catch (Exception e) {
      log.error("Error looking up bundle.", e);
      return Response.serverError().cacheControl(noCache).build();
    }

    // make sure the domain exists
    org.nhindirect.config.store.Domain entityDomain;
    try {
      entityDomain = domainDao.getDomainByName(domainName);
      if (entityDomain == null)
        return Response.status(Status.NOT_FOUND).cacheControl(noCache).build();

    } catch (Exception e) {
      log.error("Error looking up domain.", e);
      return Response.serverError().cacheControl(noCache).build();
    }

    // now make the association
    try {
      bundleDao.associateTrustBundleToDomain(
          entityDomain.getId(), entityBundle.getId(), incoming, outgoing);
      return Response.noContent().cacheControl(noCache).build();
    } catch (Exception e) {
      log.error("Error associating trust bundle to domain.", e);
      return Response.serverError().cacheControl(noCache).build();
    }
  }
示例#5
0
  /**
   * Removes a trust bundle from all domains.
   *
   * @param bundleName The name of the trust bundle to remove from all domains.
   * @return Status of 200 if the trust bundle was removed from all domains or a status of 404 if a
   *     trust bundle with the given name does not exist.
   */
  @DELETE
  @Path("{bundle}/deleteFromBundle")
  public Response disassociateTrustBundleFromDomains(@PathParam("bundle") String bundleName) {
    // make sure the bundle exists
    org.nhindirect.config.store.TrustBundle entityBundle;
    try {
      entityBundle = bundleDao.getTrustBundleByName(bundleName);
      if (entityBundle == null)
        return Response.status(Status.NOT_FOUND).cacheControl(noCache).build();
    } catch (Exception e) {
      log.error("Error looking up bundle.", e);
      return Response.serverError().cacheControl(noCache).build();
    }

    // now make the disassociation
    try {
      bundleDao.disassociateTrustBundleFromDomains(entityBundle.getId());
      return Response.ok().cacheControl(noCache).build();
    } catch (Exception e) {
      log.error("Error disassociating trust bundle from domains.", e);
      return Response.serverError().cacheControl(noCache).build();
    }
  }
示例#6
0
  /**
   * Deletes a trust bundle.
   *
   * @param bundleName The name of the bundle to delete.
   * @return Status of 200 if the trust bundle was deleted or a status of 404 if a trust bundle with
   *     the given name does not exist.
   */
  @DELETE
  @Path("{bundle}")
  public Response deleteBundle(@PathParam("bundle") String bundleName) {
    // make sure it exists
    org.nhindirect.config.store.TrustBundle entityBundle;
    try {
      entityBundle = bundleDao.getTrustBundleByName(bundleName);
      if (entityBundle == null)
        return Response.status(Status.NOT_FOUND).cacheControl(noCache).build();
    } catch (Exception e) {
      log.error("Error looking up bundle.", e);
      return Response.serverError().cacheControl(noCache).build();
    }

    try {
      bundleDao.deleteTrustBundles(new long[] {entityBundle.getId()});

      return Response.ok().cacheControl(noCache).build();
    } catch (Exception e) {
      log.error("Error deleting trust bundle.", e);
      return Response.serverError().cacheControl(noCache).build();
    }
  }