Aik.java

/*
 * Copyright (C) 2014 Intel Corporation
 * All rights reserved.
 */
package com.intel.mtwilson.trustagent.ws.v2;

import com.intel.dcsg.cpg.crypto.SimpleKeystore;
import com.intel.dcsg.cpg.io.FileResource;
import com.intel.mtwilson.jaxrs2.mediatype.CryptoMediaType;
import com.intel.mtwilson.launcher.ws.ext.V2;
import com.intel.mtwilson.trustagent.TrustagentConfiguration;
import com.intel.mtwilson.trustagent.TrustagentRepository;
import java.io.File;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
//import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;

/**
 * This was previously called create_identity
 * 
 * @author jbuhacoff
 */
@V2
@Path("/aik")
public class Aik {
    private static final org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(Aik.class);
    
    protected TrustagentConfiguration getConfiguration() throws IOException {
        return TrustagentConfiguration.loadConfiguration();
    }
    
    @GET
    @Produces({CryptoMediaType.APPLICATION_PKIX_CERT, CryptoMediaType.APPLICATION_X_PEM_FILE})
    public X509Certificate getIdentity() throws IOException, CertificateException {
        TrustagentConfiguration configuration = getConfiguration();
        if( configuration.isDaaEnabled() ) {
            log.debug("daa is currently not supported");
//                new CreateIdentityDaaCmd(context).execute();
//                new BuildIdentityXMLCmd(context).execute();
            return null;
        }
        else {
            TrustagentRepository repository = new TrustagentRepository(configuration);
            X509Certificate aikCertificate = repository.getAikCertificate();
            if( aikCertificate == null ) {
                throw new WebApplicationException(Response.serverError().header("Error", "Cannot load AIK certificate file").build());
            }
            return aikCertificate;
        }
    }
 
    @GET
    @Path("/ca")
    @Produces({CryptoMediaType.APPLICATION_PKIX_CERT, CryptoMediaType.APPLICATION_X_PEM_FILE})
    public X509Certificate getIdentityCA() throws IOException {
        TrustagentConfiguration configuration = getConfiguration();
        File keystoreFile = configuration.getTrustagentKeystoreFile();
        if( !keystoreFile.exists() ) {
            log.error("Missing keystore file: {}", keystoreFile.getAbsolutePath());
//            response.setStatus(Response.Status.NOT_FOUND.getStatusCode());
//            return null;
            throw new WebApplicationException(Response.serverError().header("Error", "Missing CA keystore file").build());
        }
        try {
            SimpleKeystore keystore = new SimpleKeystore(new FileResource(keystoreFile), configuration.getTrustagentKeystorePassword());
            X509Certificate privacyCACertificate = keystore.getX509Certificate("privacy", SimpleKeystore.CA);
            return privacyCACertificate;
        }
        catch(KeyManagementException | NoSuchAlgorithmException | UnrecoverableEntryException | KeyStoreException | CertificateEncodingException e) {
            log.error("Unable to load Privacy CA certificate from keystore file");
            log.debug("Unable to load Privacy CA certificate from keystore file", e);
//            response.setStatus(Response.Status.NOT_FOUND.getStatusCode());
//            return null;
            throw new WebApplicationException(Response.serverError().header("Error", "Cannot load Privacy CA certificate file").build());
        }
    }
}