Add get CA file REST API.
diff --git a/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasClient.java b/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasClient.java
index c59e70d..f208033 100755
--- a/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasClient.java
+++ b/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasClient.java
@@ -382,7 +382,7 @@
try {
kdcRep = KrbCodec.decodeMessage(byteBuffer);
} catch (IOException e) {
- throw new HasException("Krb decoding message failed", e);
+ throw new HasException("Krb decoding message failed. " + e.getMessage());
}
return kdcRep;
} else {
@@ -433,7 +433,7 @@
try {
encKdcRepPart.decode(decryptedData);
} catch (IOException e) {
- throw new HasException("Failed to decode EncAsRepPart", e);
+ throw new HasException("Failed to decode EncAsRepPart. " + e.getMessage());
}
kdcRep.setEncPart(encKdcRepPart);
@@ -458,7 +458,7 @@
try {
cCache.store(ccacheFile);
} catch (IOException e) {
- throw new HasException("Failed to store tgt", e);
+ throw new HasException("Failed to store tgt. " + e.getMessage());
}
} else {
throw new IllegalArgumentException("Invalid ccache file, "
@@ -482,7 +482,7 @@
}
} catch (IOException e) {
throw new HasException("Failed to create ccache file "
- + ccacheFile.getAbsolutePath(), e);
+ + ccacheFile.getAbsolutePath() + ". " + e.getMessage());
}
}
@@ -554,7 +554,7 @@
try {
url = new URL("http://" + host + ":" + port + "/has/v1/getcert");
} catch (MalformedURLException e) {
- throw new HasException("Failed to create a URL object.", e);
+ throw new HasException("Failed to create a URL object." + e.getMessage());
}
try {
httpConn = (HttpURLConnection) url.openConnection();
@@ -566,7 +566,7 @@
httpConn.setRequestMethod("GET");
} catch (ProtocolException e) {
LOG.error("Fail to add principal. " + e);
- throw new HasException("Failed to set the method for URL request.", e);
+ throw new HasException("Failed to set the method for URL request. " + e.getMessage());
}
try {
@@ -579,11 +579,12 @@
InputStream in = HasClientUtil.getInputStream(httpConn);
certificate = (X509Certificate) factory.generateCertificate(in);
} catch (CertificateException e) {
- throw new HasException("Failed to get certificate from HAS server", e);
+ throw new HasException("Failed to get certificate from HAS server. "
+ + e.getMessage());
}
} catch (IOException e) {
- throw new HasException("IO error occurred.", e);
+ throw new HasException("IO error occurred. " + e.getMessage());
}
return certificate;
@@ -624,7 +625,8 @@
caRoot = (X509Certificate) factory.generateCertificate(in);
}
} catch (CertificateException | IOException e) {
- throw new HasException("Failed to get certificate from ca root file", e);
+ throw new HasException("Failed to get certificate from ca root file. "
+ + e.getMessage());
}
// Verify certificate with root certificate
@@ -661,7 +663,8 @@
trustStore.store(out, password.toCharArray());
out.close();
} catch (IOException | GeneralSecurityException e) {
- throw new HasException("Failed to create and save truststore file", e);
+ throw new HasException("Failed to create and save truststore file. "
+ + e.getMessage());
}
return password;
}
@@ -681,7 +684,8 @@
IOUtil.writeFile(content, new File(clientConfigFolder + "/ssl-client.conf"));
} catch (IOException e) {
- throw new HasException("Failed to create client ssl configuration file", e);
+ throw new HasException("Failed to create client ssl configuration file. "
+ + e.getMessage());
}
}
}
diff --git a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/ConfigApi.java b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/ConfigApi.java
index 2a70a34..262ad77 100644
--- a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/ConfigApi.java
+++ b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/ConfigApi.java
@@ -275,4 +275,42 @@
}
return Response.status(Response.Status.FORBIDDEN).entity("HTTPS required.\n").build();
}
+
+ /**
+ * Get CA file.
+ *
+ * @return Response
+ */
+ @GET
+ @Path("/getcert")
+ @Produces(MediaType.TEXT_PLAIN)
+ public Response getCert() {
+ final HasServer hasServer = WebServer.getHasServerFromContext(context);
+ String errMessage = null;
+ File cert = null;
+ try {
+ HasConfig hasConfig = HasUtil.getHasConfig(
+ new File(hasServer.getConfDir(), "has-server.conf"));
+ if (hasConfig != null) {
+ String certPath = hasConfig.getSslClientCert();
+ cert = new File(certPath);
+ if (!cert.exists()) {
+ errMessage = "Cert file not found in HAS server.";
+ WebServer.LOG.error("Cert file not found in HAS server.");
+ }
+ } else {
+ errMessage = "has-server.conf not found.";
+ WebServer.LOG.error("has-server.conf not found.");
+ }
+ } catch (HasException e) {
+ errMessage = "Failed to get cert file" + e.getMessage();
+ WebServer.LOG.error("Failed to get cert file" + e.getMessage());
+ }
+ if (errMessage == null) {
+ return Response.ok(cert).header("Content-Disposition",
+ "attachment;filename=" + cert.getName()).build();
+ } else {
+ return Response.status(Response.Status.NOT_FOUND).entity(errMessage).build();
+ }
+ }
}