Example 1 with ContentAccessCertificate
use of org.candlepin.model.ContentAccessCertificate in project candlepin by candlepin.
the class ConsumerResource method getEntitlementCertificateSerials.
@ApiOperation(notes = "Retrieves a list of Certiticate Serials Return the " + "client certificate metadata a for the given consumer. This is a small" + " subset of data clients can use to determine which certificates they" + " need to update/fetch.", value = "getEntitlementCertificateSerials")
@ApiResponses({ @ApiResponse(code = 404, message = "") })
@GET
@Path("{consumer_uuid}/certificates/serials")
@Produces(MediaType.APPLICATION_JSON)
@Wrapped(element = "serials")
@UpdateConsumerCheckIn
public List<CertificateSerialDto> getEntitlementCertificateSerials(@PathParam("consumer_uuid") @Verify(Consumer.class) String consumerUuid) {
log.debug("Getting client certificate serials for consumer: {}", consumerUuid);
Consumer consumer = consumerCurator.verifyAndLookupConsumer(consumerUuid);
ConsumerType ctype = this.consumerTypeCurator.getConsumerType(consumer);
if (ctype.isType(ConsumerTypeEnum.SHARE)) {
logShareConsumerRequestWarning("cert serial fetch", consumer);
return new ArrayList<>();
}
revokeOnGuestMigration(consumer);
poolManager.regenerateDirtyEntitlements(consumer);
List<CertificateSerialDto> allCerts = new LinkedList<>();
for (Long id : entCertService.listEntitlementSerialIds(consumer)) {
allCerts.add(new CertificateSerialDto(id));
}
// add content access cert if needed
try {
ContentAccessCertificate cac = contentAccessCertService.getCertificate(consumer);
if (cac != null) {
allCerts.add(new CertificateSerialDto(cac.getSerial().getId()));
}
} catch (IOException ioe) {
throw new BadRequestException(i18n.tr("Cannot retrieve content access certificate"), ioe);
} catch (GeneralSecurityException gse) {
throw new BadRequestException(i18n.tr("Cannot retrieve content access certificate", gse));
}
return allCerts;
}
Also used :
DeletedConsumer(org.candlepin.model.DeletedConsumer)
Consumer(org.candlepin.model.Consumer)
CertificateSerialDto(org.candlepin.model.CertificateSerialDto)
GeneralSecurityException(java.security.GeneralSecurityException)
ArrayList(java.util.ArrayList)
BadRequestException(org.candlepin.common.exceptions.BadRequestException)
ContentAccessCertificate(org.candlepin.model.ContentAccessCertificate)
IOException(java.io.IOException)
ConsumerType(org.candlepin.model.ConsumerType)
LinkedList(java.util.LinkedList)
Path(javax.ws.rs.Path)
UpdateConsumerCheckIn(org.candlepin.auth.UpdateConsumerCheckIn)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Wrapped(org.jboss.resteasy.annotations.providers.jaxb.Wrapped)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 2 with ContentAccessCertificate
use of org.candlepin.model.ContentAccessCertificate in project candlepin by candlepin.
the class ConsumerResource method getContentAccessBody.
@ApiOperation(notes = "Retrieves the body of the Content Access Certificate for the Consumer", value = "getContentAccessBody", response = String.class)
@ApiResponses({ @ApiResponse(code = 404, message = ""), @ApiResponse(code = 304, message = "") })
@GET
@Path("{consumer_uuid}/accessible_content")
@Produces(MediaType.APPLICATION_JSON)
public Response getContentAccessBody(@PathParam("consumer_uuid") @Verify(Consumer.class) String consumerUuid, @HeaderParam("If-Modified-Since") @DefaultValue("Thu, 01 Jan 1970 00:00:00 GMT") @DateFormat({ "EEE, dd MMM yyyy HH:mm:ss z" }) Date since) {
log.debug("Getting content access certificate for consumer: {}", consumerUuid);
Consumer consumer = consumerCurator.verifyAndLookupConsumer(consumerUuid);
ConsumerType ctype = this.consumerTypeCurator.getConsumerType(consumer);
if (ctype.isType(ConsumerTypeEnum.SHARE)) {
throw new BadRequestException(i18n.tr("Content access body can not be requested for a share consumer"));
}
Owner owner = ownerCurator.findOwnerById(consumer.getOwnerId());
String cam = owner.getContentAccessMode();
if (!ContentAccessCertServiceAdapter.ORG_ENV_ACCESS_MODE.equals(cam)) {
throw new BadRequestException(i18n.tr("Content access mode does not allow this request."));
}
if (!contentAccessCertService.hasCertChangedSince(consumer, since)) {
return Response.status(Response.Status.NOT_MODIFIED).entity("Not modified since date supplied.").build();
}
ContentAccessListing result = new ContentAccessListing();
try {
ContentAccessCertificate cac = contentAccessCertService.getCertificate(consumer);
if (cac == null) {
throw new BadRequestException(i18n.tr("Cannot retrieve content access certificate"));
}
String cert = cac.getCert();
String certificate = cert.substring(0, cert.indexOf("-----BEGIN ENTITLEMENT DATA-----\n"));
String json = cert.substring(cert.indexOf("-----BEGIN ENTITLEMENT DATA-----\n"));
List<String> pieces = new ArrayList<>();
pieces.add(certificate);
pieces.add(json);
result.setContentListing(cac.getSerial().getId(), pieces);
result.setLastUpdate(cac.getUpdated());
} catch (IOException ioe) {
throw new BadRequestException(i18n.tr("Cannot retrieve content access certificate"), ioe);
} catch (GeneralSecurityException gse) {
throw new BadRequestException(i18n.tr("Cannot retrieve content access certificate", gse));
}
return Response.ok(result, MediaType.APPLICATION_JSON).build();
}
Also used :
Owner(org.candlepin.model.Owner)
DeletedConsumer(org.candlepin.model.DeletedConsumer)
Consumer(org.candlepin.model.Consumer)
GeneralSecurityException(java.security.GeneralSecurityException)
ContentAccessListing(org.candlepin.resource.dto.ContentAccessListing)
ArrayList(java.util.ArrayList)
BadRequestException(org.candlepin.common.exceptions.BadRequestException)
ContentAccessCertificate(org.candlepin.model.ContentAccessCertificate)
IOException(java.io.IOException)
ConsumerType(org.candlepin.model.ConsumerType)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 3 with ContentAccessCertificate
use of org.candlepin.model.ContentAccessCertificate in project candlepin by candlepin.
the class DefaultContentAccessCertServiceAdapter method getCertificate.
@Transactional
public ContentAccessCertificate getCertificate(Consumer consumer) throws GeneralSecurityException, IOException {
Owner owner = ownerCurator.findOwnerById(consumer.getOwnerId());
// appropriate cert generation
if (!ORG_ENV_ACCESS_MODE.equals(owner.getContentAccessMode()) || !this.consumerIsCertV3Capable(consumer)) {
return null;
}
ContentAccessCertificate existing = consumer.getContentAccessCert();
ContentAccessCertificate result = new ContentAccessCertificate();
String pem = "";
if (existing != null && existing.getSerial().getExpiration().getTime() < (new Date()).getTime()) {
consumer.setContentAccessCert(null);
contentAccessCertificateCurator.delete(existing);
existing = null;
}
if (existing == null) {
Calendar cal = Calendar.getInstance();
cal.add(Calendar.HOUR, -1);
Date startDate = cal.getTime();
cal.add(Calendar.YEAR, 1);
Date endDate = cal.getTime();
CertificateSerial serial = new CertificateSerial(endDate);
// We need the sequence generated id before we create the Certificate,
// otherwise we could have used cascading create
serialCurator.create(serial);
KeyPair keyPair = keyPairCurator.getConsumerKeyPair(consumer);
byte[] pemEncodedKeyPair = pki.getPemEncoded(keyPair.getPrivate());
X509Certificate x509Cert = createX509Certificate(consumer, owner, BigInteger.valueOf(serial.getId()), keyPair, startDate, endDate);
existing = new ContentAccessCertificate();
existing.setSerial(serial);
existing.setKeyAsBytes(pemEncodedKeyPair);
existing.setConsumer(consumer);
log.info("Setting PEM encoded cert.");
pem = new String(this.pki.getPemEncoded(x509Cert));
existing.setCert(pem);
consumer.setContentAccessCert(existing);
contentAccessCertificateCurator.create(existing);
consumerCurator.merge(consumer);
} else {
pem = existing.getCert();
}
Environment env = this.environmentCurator.getConsumerEnvironment(consumer);
// we need to see if this is newer than the previous result
OwnerEnvContentAccess oeca = ownerEnvContentAccessCurator.getContentAccess(owner.getId(), env == null ? null : env.getId());
if (oeca == null) {
String contentJson = createPayloadAndSignature(owner, env);
oeca = new OwnerEnvContentAccess(owner, env, contentJson);
ownerEnvContentAccessCurator.saveOrUpdate(oeca);
}
pem += oeca.getContentJson();
result.setCert(pem);
result.setCreated(existing.getCreated());
result.setUpdated(existing.getUpdated());
result.setId(existing.getId());
result.setConsumer(existing.getConsumer());
result.setKey(existing.getKey());
result.setSerial(existing.getSerial());
return result;
}
Also used :
Owner(org.candlepin.model.Owner)
KeyPair(java.security.KeyPair)
Calendar(java.util.Calendar)
CertificateSerial(org.candlepin.model.CertificateSerial)
Environment(org.candlepin.model.Environment)
ContentAccessCertificate(org.candlepin.model.ContentAccessCertificate)
OwnerEnvContentAccess(org.candlepin.model.OwnerEnvContentAccess)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
Transactional(com.google.inject.persist.Transactional)
Aggregations
ContentAccessCertificate (org.candlepin.model.ContentAccessCertificate)3
ApiOperation (io.swagger.annotations.ApiOperation)2
ApiResponses (io.swagger.annotations.ApiResponses)2
IOException (java.io.IOException)2
GeneralSecurityException (java.security.GeneralSecurityException)2
ArrayList (java.util.ArrayList)2
GET (javax.ws.rs.GET)2
Path (javax.ws.rs.Path)2
Produces (javax.ws.rs.Produces)2
BadRequestException (org.candlepin.common.exceptions.BadRequestException)2
Consumer (org.candlepin.model.Consumer)2
ConsumerType (org.candlepin.model.ConsumerType)2
DeletedConsumer (org.candlepin.model.DeletedConsumer)2
Owner (org.candlepin.model.Owner)2
Transactional (com.google.inject.persist.Transactional)1
KeyPair (java.security.KeyPair)1
X509Certificate (java.security.cert.X509Certificate)1
Calendar (java.util.Calendar)1
Date (java.util.Date)1
LinkedList (java.util.LinkedList)1
