/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package com.intel.mtwilson.tag.rest.v2.rpc;
import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement;
import com.intel.dcsg.cpg.io.UUID;
import com.intel.mtwilson.tag.model.Certificate;
import com.intel.mtwilson.tag.model.X509AttributeCertificate;
import com.intel.mtwilson.launcher.ws.ext.RPC;
import com.intel.mtwilson.repository.RepositoryException;
import com.intel.mtwilson.repository.RepositoryInvalidInputException;
import com.intel.mtwilson.tag.dao.TagJdbi;
import com.intel.mtwilson.tag.dao.jdbi.CertificateDAO;
import com.intel.mtwilson.tag.dao.jdbi.CertificateRequestDAO;
import com.intel.mtwilson.tag.model.CertificateRequest;
import com.intel.mtwilson.tag.model.CertificateRequestLocator;
import org.apache.shiro.authz.annotation.RequiresPermissions;
/**
* For use by an external CA if one is configured. The external CA would
* use the /tag-certificate-requests search API to find pending requests,
* generate the certificates, and then post the certificates back using
* this RPC.
*
* @author ssbangal
*/
@RPC("approve-tag-certificate-request")
@JacksonXmlRootElement(localName="approve_tag_certificate_request")
public class ApproveTagCertificateRequest implements Runnable{
private static final org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(ApproveTagCertificateRequest.class);
private UUID certificateRequestId;
private byte[] certificate;
public UUID getCertificateRequestId() {
return certificateRequestId;
}
public void setCertificateRequestId(UUID certificateRequestId) {
this.certificateRequestId = certificateRequestId;
}
public byte[] getCertificate() {
return certificate;
}
public void setCertificate(byte[] certificate) {
this.certificate = certificate;
}
@Override
@RequiresPermissions({"tag_certificates:create","tag_certificate_requests:store"})
public void run() {
log.debug("RPC: ApproveTagCertificateRequest - Got request to auto approve certificate request with ID {}.", certificateRequestId);
CertificateRequestLocator locator = new CertificateRequestLocator();
locator.id = certificateRequestId;
try (CertificateRequestDAO certRequestdao = TagJdbi.certificateRequestDao();
CertificateDAO certDao = TagJdbi.certificateDao()) {
CertificateRequest obj = certRequestdao.findById(certificateRequestId);
if (obj != null) {
X509AttributeCertificate cert = X509AttributeCertificate.valueOf(certificate);
log.debug("RPC: ApproveTagCertificateRequest - Received certificate: {}", String.format("issuer: %s subject: %s from: %s to: %s attrs: %s",
cert.getIssuer(), cert.getSubject(), cert.getNotBefore().toString(), cert.getNotAfter().toString()));
Certificate certificate = Certificate.valueOf(cert.getEncoded());
UUID newCertId = new UUID();
certificate.setId(newCertId);
certDao.insert(certificate.getId(), certificate.getCertificate(), certificate.getSha1().toHexString(), certificate.getSha256().toHexString(),
certificate.getSubject(), certificate.getIssuer(), certificate.getNotBefore(), certificate.getNotAfter());
//certRequestdao.updateApproved(certificateRequestId.toString(), newCertId.toString()); // automatically sets status to 'Done' in db
certRequestdao.updateStatus(certificateRequestId, "Done");
} else {
log.error("RPC: ApproveTagCertificateRequest - Certificate request id {} specified for auto approval is not valid.", certificateRequestId);
throw new RepositoryInvalidInputException(locator);
}
} catch (RepositoryException re) {
throw re;
} catch (Exception ex) {
log.error("RPC: ApproveTagCertificateRequest - Error during approval of certificate request.", ex);
throw new RepositoryException(ex);
}
}
}