From da25f8ae35433abea32690cf9a4afd22359db4ce Mon Sep 17 00:00:00 2001
From: Marco Fargetta <mfargett@redhat.com>
Date: Mon, 26 Aug 2024 19:11:11 +0200
Subject: [PATCH] Add TPS ConfigService to v2 APIs

---
 .../server/tps/rest/v2/ConfigServlet.java     | 112 ++++++++++++++++++
 .../server/tps/rest/v2/filters/ConfigACL.java |  28 +++++
 .../tps/rest/v2/filters/ConfigAuthMethod.java |  21 ++++
 3 files changed, 161 insertions(+)
 create mode 100644 base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/ConfigServlet.java
 create mode 100644 base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/ConfigACL.java
 create mode 100644 base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/ConfigAuthMethod.java

diff --git a/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/ConfigServlet.java b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/ConfigServlet.java
new file mode 100644
index 00000000000..3bcfc5e5a77
--- /dev/null
+++ b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/ConfigServlet.java
@@ -0,0 +1,112 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package org.dogtagpki.server.tps.rest.v2;
+
+import java.io.PrintWriter;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.dogtagpki.common.ConfigData;
+import org.dogtagpki.server.tps.config.ConfigDatabase;
+import org.dogtagpki.server.tps.config.ConfigRecord;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.netscape.certsrv.base.BadRequestException;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.base.WebAction;
+import com.netscape.certsrv.logging.ILogger;
+import com.netscape.certsrv.util.JSONSerializer;
+
+@WebServlet(
+        name = "tpsConfig",
+        urlPatterns = "/v2/config/*")
+public class ConfigServlet extends TPSServlet {
+    private static final long serialVersionUID = 1L;
+    private static final Logger logger = LoggerFactory.getLogger(ConfigServlet.class);
+
+    @WebAction(method = HttpMethod.GET, paths = {""})
+    public void getConfig(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        HttpSession session = request.getSession();
+        logger.debug("ConfigServlet.getConfig(): session: {}", session.getId());
+        ConfigData configData = new ConfigData();
+        try {
+            ConfigDatabase configDatabase = new ConfigDatabase();
+            ConfigRecord configRecord = configDatabase.getRecord("Generals");
+
+            Map<String, String> properties = configDatabase.getProperties(configRecord, null);
+
+            configData.setProperties(properties);
+        } catch (PKIException e) {
+            throw e;
+        } catch (Exception e) {
+            throw new PKIException(e.getMessage());
+        }
+        PrintWriter out = response.getWriter();
+        out.println(configData.toJSON());
+    }
+
+    @WebAction(method = HttpMethod.PATCH, paths = {""})
+    public void updateConfig(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        String method = "ConfigServlet.updateConfig";
+        Map<String, String> auditModParams = new HashMap<>();
+
+        HttpSession session = request.getSession();
+        logger.debug("ConfigServlet.updateConfig(): session: {}", session.getId());
+        String requestData = request.getReader().lines().collect(Collectors.joining());
+        ConfigData configData = JSONSerializer.fromJSON(requestData, ConfigData.class);
+        if (configData == null) {
+            BadRequestException e = new BadRequestException("Config data is null.");
+            auditModParams.put("Info", e.toString());
+            auditConfigTokenGeneral(ILogger.FAILURE, method, auditModParams, e.toString());
+            throw e;
+        }
+        try {
+            ConfigDatabase configDatabase = new ConfigDatabase();
+            ConfigRecord configRecord = configDatabase.getRecord("Generals");
+
+            Map<String, String> newProperties = configData.getProperties();
+            if (newProperties != null) {
+                // validate new properties
+                configDatabase.validateProperties(configRecord, null, newProperties);
+
+                // remove old properties
+                configDatabase.removeProperties(configRecord, null);
+
+                // add new properties
+                configDatabase.addProperties(configRecord, null, newProperties);
+            }
+
+            configDatabase.commit();
+
+            Map<String, String> properties = configDatabase.getProperties(configRecord, null);
+            configData =  new ConfigData();
+            configData.setProperties(properties);
+            auditConfigTokenGeneral(ILogger.SUCCESS, method,
+                    newProperties, null);
+        } catch (PKIException e) {
+            logger.error(method +": " + e.getMessage(), e);
+            auditConfigTokenGeneral(ILogger.FAILURE, method,
+                    auditModParams, e.toString());
+            throw e;
+
+        } catch (Exception e) {
+            logger.error(method +": " + e.getMessage(), e);
+            auditConfigTokenGeneral(ILogger.FAILURE, method,
+                    auditModParams, e.toString());
+            throw new PKIException(e.getMessage());
+        }
+        PrintWriter out = response.getWriter();
+        out.println(configData.toJSON());
+    }
+
+}
diff --git a/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/ConfigACL.java b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/ConfigACL.java
new file mode 100644
index 00000000000..d6d5e42a4b8
--- /dev/null
+++ b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/ConfigACL.java
@@ -0,0 +1,28 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package org.dogtagpki.server.tps.rest.v2.filters;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebFilter;
+
+import org.dogtagpki.server.rest.v2.filters.ACLFilter;
+
+@WebFilter(servletNames = "tpsConfig")
+public class ConfigACL extends ACLFilter {
+    private static final long serialVersionUID = 1L;
+
+    @Override
+    public void init() throws ServletException {
+        setAcl("config.read");
+
+        Map<String, String> aclMap = new HashMap<>();
+        aclMap.put("PATCH:", "config.modify");
+        setAclMap(aclMap);
+    }
+}
diff --git a/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/ConfigAuthMethod.java b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/ConfigAuthMethod.java
new file mode 100644
index 00000000000..79bbc28ed4c
--- /dev/null
+++ b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/ConfigAuthMethod.java
@@ -0,0 +1,21 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package org.dogtagpki.server.tps.rest.v2.filters;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebFilter;
+
+import org.dogtagpki.server.rest.v2.filters.AuthMethodFilter;
+
+@WebFilter(servletNames = "tpsConfig")
+public class ConfigAuthMethod extends AuthMethodFilter {
+    private static final long serialVersionUID = 1L;
+
+    @Override
+    public void init() throws ServletException {
+        setAuthMethod("config");
+    }
+}