Juan Hernandez has uploaded a new change for review. Change subject: restapi: Provider certificate resources ......................................................................
restapi: Provider certificate resources This patch adds new resources intended to handle the digital certificates of external providers. This resources will be used later when introducing the resources for the external providers themselves. Change-Id: Ibde73089c800138845fb2bc5717853f914aa0389 Related-To: https://bugzilla.redhat.com/1132259 Signed-off-by: Juan Hernandez <juan.hernan...@redhat.com> --- A backend/manager/modules/restapi/interface/definition/src/main/java/org/ovirt/engine/api/resource/ExternalProviderCertificateResource.java A backend/manager/modules/restapi/interface/definition/src/main/java/org/ovirt/engine/api/resource/ExternalProviderCertificatesResource.java M backend/manager/modules/restapi/interface/definition/src/main/resources/api.xsd A backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/BackendExternalProviderCertificateResource.java A backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/BackendExternalProviderCertificatesResource.java A backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/CertificateMapper.java 6 files changed, 295 insertions(+), 4 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/63/33963/1 diff --git a/backend/manager/modules/restapi/interface/definition/src/main/java/org/ovirt/engine/api/resource/ExternalProviderCertificateResource.java b/backend/manager/modules/restapi/interface/definition/src/main/java/org/ovirt/engine/api/resource/ExternalProviderCertificateResource.java new file mode 100644 index 0000000..331039a --- /dev/null +++ b/backend/manager/modules/restapi/interface/definition/src/main/java/org/ovirt/engine/api/resource/ExternalProviderCertificateResource.java @@ -0,0 +1,28 @@ +/* +* Copyright (c) 2014 Red Hat, Inc. +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +package org.ovirt.engine.api.resource; + +import javax.ws.rs.GET; +import javax.ws.rs.Produces; + +import org.ovirt.engine.api.model.Certificate; + +@Produces({ApiMediaType.APPLICATION_XML, ApiMediaType.APPLICATION_JSON, ApiMediaType.APPLICATION_X_YAML}) +public interface ExternalProviderCertificateResource { + @GET + public Certificate get(); +} diff --git a/backend/manager/modules/restapi/interface/definition/src/main/java/org/ovirt/engine/api/resource/ExternalProviderCertificatesResource.java b/backend/manager/modules/restapi/interface/definition/src/main/java/org/ovirt/engine/api/resource/ExternalProviderCertificatesResource.java new file mode 100644 index 0000000..b64f33f --- /dev/null +++ b/backend/manager/modules/restapi/interface/definition/src/main/java/org/ovirt/engine/api/resource/ExternalProviderCertificatesResource.java @@ -0,0 +1,34 @@ +/* +* Copyright (c) 2014 Red Hat, Inc. +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +package org.ovirt.engine.api.resource; + +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; + +import org.ovirt.engine.api.model.Certificates; + +@Path("images") +@Produces({ApiMediaType.APPLICATION_XML, ApiMediaType.APPLICATION_JSON, ApiMediaType.APPLICATION_X_YAML}) +public interface ExternalProviderCertificatesResource { + @GET + public Certificates list(); + + @Path("{id}") + ExternalProviderCertificateResource getCertificate(@PathParam("id") String id); +} diff --git a/backend/manager/modules/restapi/interface/definition/src/main/resources/api.xsd b/backend/manager/modules/restapi/interface/definition/src/main/resources/api.xsd index 0a2119a..ea1bc50 100644 --- a/backend/manager/modules/restapi/interface/definition/src/main/resources/api.xsd +++ b/backend/manager/modules/restapi/interface/definition/src/main/resources/api.xsd @@ -1779,11 +1779,34 @@ <xs:element name="certificate" type="Certificate"/> + <xs:element name="certificates" type="Certificates"/> + <xs:complexType name="Certificate"> - <xs:sequence> - <xs:element name="organization" type="xs:string" minOccurs="0" maxOccurs="1"/> - <xs:element name="subject" type="xs:string" minOccurs="0" maxOccurs="1"/> - </xs:sequence> + <xs:complexContent> + <xs:extension base="BaseResource"> + <xs:sequence> + <xs:element name="organization" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="subject" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="content" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="Certificates"> + <xs:complexContent> + <xs:extension base="BaseResources"> + <xs:sequence> + <xs:element ref="certificate" minOccurs="0" maxOccurs="unbounded"> + <xs:annotation> + <xs:appinfo> + <jaxb:property name="Certificates"/> + </xs:appinfo> + </xs:annotation> + </xs:element> + </xs:sequence> + </xs:extension> + </xs:complexContent> </xs:complexType> <xs:element name="selinux" type="SELinux" /> diff --git a/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/BackendExternalProviderCertificateResource.java b/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/BackendExternalProviderCertificateResource.java new file mode 100644 index 0000000..ae1ab03 --- /dev/null +++ b/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/BackendExternalProviderCertificateResource.java @@ -0,0 +1,79 @@ +/* +* Copyright (c) 2014 Red Hat, Inc. +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +package org.ovirt.engine.api.restapi.resource; + +import java.util.List; + +import org.ovirt.engine.api.model.Certificate; +import org.ovirt.engine.api.resource.ExternalProviderCertificateResource; +import org.ovirt.engine.core.common.businessentities.Provider; +import org.ovirt.engine.core.common.queries.ProviderQueryParameters; +import org.ovirt.engine.core.common.queries.VdcQueryType; +import org.ovirt.engine.core.compat.Guid; + +public class BackendExternalProviderCertificateResource + extends AbstractBackendActionableResource<Certificate, java.security.cert.Certificate> + implements ExternalProviderCertificateResource { + + private String providerId; + + protected BackendExternalProviderCertificateResource(String id, String providerId) { + super(id, Certificate.class, java.security.cert.Certificate.class); + this.providerId = providerId; + } + + @Override + public Certificate get() { + // The resource identifier is actually the index of the certificate in the chain: + int i; + try { + i = Integer.parseInt(id); + } + catch (NumberFormatException exception) { + return notFound(); + } + + // The backend doesn't have a mechanism to retrieve just one of the certificates of the chain, so we have to + // retrieve them all and find the one that matches the identifier: + Provider provider = BackendExternalProviderHelper.getProvider(this, providerId); + ProviderQueryParameters parameters = new ProviderQueryParameters(); + parameters.setProvider(provider); + List<java.security.cert.Certificate> entities = getBackendCollection( + java.security.cert.Certificate.class, + VdcQueryType.GetProviderCertificateChain, parameters + ); + if (entities != null && i >= 0 && i < entities.size()) { + java.security.cert.Certificate entity = entities.get(i); + Certificate model = populate(map(entity), entity); + model.setId(id); + return model; + } + + // No luck: + return notFound(); + } + + @Override + protected Certificate doPopulate(Certificate model, java.security.cert.Certificate entity) { + return model; + } + + @Override + protected Guid asGuidOr404(String id) { + return null; + } +} diff --git a/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/BackendExternalProviderCertificatesResource.java b/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/BackendExternalProviderCertificatesResource.java new file mode 100644 index 0000000..eb92cdb --- /dev/null +++ b/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/BackendExternalProviderCertificatesResource.java @@ -0,0 +1,79 @@ +/* +* Copyright (c) 2014 Red Hat, Inc. +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +package org.ovirt.engine.api.restapi.resource; + +import javax.ws.rs.core.Response; +import java.util.List; + +import org.ovirt.engine.api.model.Certificate; +import org.ovirt.engine.api.model.Certificates; +import org.ovirt.engine.api.resource.ExternalProviderCertificateResource; +import org.ovirt.engine.api.resource.ExternalProviderCertificatesResource; +import org.ovirt.engine.core.common.businessentities.Provider; +import org.ovirt.engine.core.common.queries.ProviderQueryParameters; +import org.ovirt.engine.core.common.queries.VdcQueryType; + +public class BackendExternalProviderCertificatesResource + extends AbstractBackendCollectionResource<Certificate, java.security.cert.Certificate> + implements ExternalProviderCertificatesResource { + /** + * The identifier of the provider. + */ + private String providerId; + + public BackendExternalProviderCertificatesResource(String providerId) { + super(Certificate.class, java.security.cert.Certificate.class); + this.providerId = providerId; + } + + @Override + public Certificates list() { + Provider provider = BackendExternalProviderHelper.getProvider(this, providerId); + ProviderQueryParameters parameters = new ProviderQueryParameters(); + parameters.setProvider(provider); + return mapCollection(getBackendCollection(VdcQueryType.GetProviderCertificateChain, parameters)); + } + + @Override + protected Certificate doPopulate(Certificate model, java.security.cert.Certificate entity) { + return model; + } + + protected Certificates mapCollection(List<java.security.cert.Certificate> entities) { + Certificates collection = new Certificates(); + if (entities != null) { + for (int i = 0; i < entities.size(); i++) { + java.security.cert.Certificate entity = entities.get(i); + Certificate model = populate(map(entity), entity); + model.setId(String.valueOf(i)); + collection.getCertificates().add(model); + } + } + return collection; + } + + @Override + protected Response performRemove(String id) { + throw new UnsupportedOperationException(); + } + + @Override + @SingleEntityResource + public ExternalProviderCertificateResource getCertificate(String id) { + return inject(new BackendExternalProviderCertificateResource(id, providerId)); + } +} diff --git a/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/CertificateMapper.java b/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/CertificateMapper.java new file mode 100644 index 0000000..2b57b9e --- /dev/null +++ b/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/CertificateMapper.java @@ -0,0 +1,48 @@ +/* +* Copyright (c) 2014 Red Hat, Inc. +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +package org.ovirt.engine.api.restapi.types; + +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; + +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.codec.binary.StringUtils; +import org.ovirt.engine.api.model.Certificate; + +public class CertificateMapper { + @Mapping(from = java.security.cert.Certificate.class, to = Certificate.class) + public static Certificate map(java.security.cert.Certificate entity, Certificate template) { + try { + Certificate model = template != null? template: new Certificate(); + X509Certificate x509 = (X509Certificate) entity; + try { + byte[] content = x509.getEncoded(); + byte[] encoded = Base64.encodeBase64(content, false); + String text = StringUtils.newStringUtf8(encoded); + model.setContent(text); + } + catch (CertificateEncodingException exception) { + throw new IllegalArgumentException("Can't encode X.509 certificate", exception); + } + model.setSubject(x509.getSubjectDN().toString()); + return model; + } + catch (ClassCastException exception) { + throw new IllegalArgumentException("Only X.509 certificates are supported", exception); + } + } +} -- To view, visit http://gerrit.ovirt.org/33963 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ibde73089c800138845fb2bc5717853f914aa0389 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Juan Hernandez <juan.hernan...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
