ImportProviderCertificateCommand.java

package org.ovirt.engine.core.bll.provider;

import java.io.ByteArrayInputStream;
import java.security.cert.CertificateFactory;
import java.util.Collections;
import java.util.List;

import org.apache.commons.codec.binary.Base64;
import org.ovirt.engine.core.bll.CommandBase;
import org.ovirt.engine.core.bll.context.CommandContext;
import org.ovirt.engine.core.bll.utils.PermissionSubject;
import org.ovirt.engine.core.common.AuditLogType;
import org.ovirt.engine.core.common.VdcObjectType;
import org.ovirt.engine.core.common.action.ImportProviderCertificateParameters;
import org.ovirt.engine.core.common.businessentities.ActionGroup;
import org.ovirt.engine.core.common.businessentities.Provider;
import org.ovirt.engine.core.common.errors.EngineError;
import org.ovirt.engine.core.common.errors.EngineException;
import org.ovirt.engine.core.common.errors.EngineMessage;
import org.ovirt.engine.core.compat.Guid;

/*
 * This command class imports a certificate of an external provider into the external trust store.
 * This class is deprecated, eventually {@link ImportProviderCertificateCommand should be used}
 */
public class ImportProviderCertificateCommand<P extends ImportProviderCertificateParameters> extends CommandBase<P> {

    public ImportProviderCertificateCommand(Guid commandId) {
        super(commandId);
    }

    public ImportProviderCertificateCommand(P parameters, CommandContext cmdContext) {
        super(parameters, cmdContext);
    }

    private Provider<?> getProvider() {
        return getParameters().getProvider();
    }

    public String getProviderName() {
        return getProvider().getName();
    }

    @Override
    protected void executeCommand() {
        try {
            String encoded = getParameters().getCertificate();
            if (encoded == null || encoded.isEmpty()) {
                throw new RuntimeException("Certificate is missing");
            }

            try (ByteArrayInputStream bis = new ByteArrayInputStream(new Base64(0).decode(encoded))) {
                ExternalTrustStoreInitializer.addCertificate(CertificateFactory.getInstance("X.509").generateCertificate(bis));
            }
            setSucceeded(true);
        } catch (Throwable e) {
            handleException(e);
        }
    }

    @Override
    public List<PermissionSubject> getPermissionCheckSubjects() {
        // Currently it requires what's required for adding a new Provider
        // Need to revisit that when designing the permission scheme for providers
        return Collections.singletonList(new PermissionSubject(Guid.SYSTEM,
                VdcObjectType.System,
                ActionGroup.CREATE_STORAGE_POOL));
    }

    @Override
    public AuditLogType getAuditLogTypeValue() {
        return getSucceeded() ? AuditLogType.PROVIDER_CERTIFICATE_IMPORTED
                : AuditLogType.PROVIDER_CERTIFICATE_IMPORT_FAILED;
    }

    @Override
    protected void setActionMessageParameters() {
        addValidationMessage(EngineMessage.VAR__ACTION__IMPORT);
        addValidationMessage(EngineMessage.VAR__TYPE__PROVIDER_CERTIFICATE);
    }

    private void handleException(Throwable e) {
        log.error(String.format("Failed to import certificate: %1$s", e.getMessage()));
        log.debug("Exception", e);
        throw new EngineException(EngineError.PROVIDER_IMPORT_CERTIFICATE_ERROR, e.getMessage());
    }
}