package net.curisit.securis.services; import java.io.File; import java.io.IOException; import java.text.MessageFormat; import java.util.Date; import java.util.List; import javax.inject.Inject; import javax.persistence.EntityManager; import javax.persistence.TypedQuery; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; import javax.ws.rs.DefaultValue; import javax.ws.rs.FormParam; import javax.ws.rs.GET; import javax.ws.rs.POST; import javax.ws.rs.PUT; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.Status; import net.curisit.integrity.commons.Utils; import net.curisit.securis.DefaultExceptionHandler; import net.curisit.securis.LicenseGenerator; import net.curisit.securis.SeCurisException; import net.curisit.securis.beans.LicenseBean; import net.curisit.securis.beans.RequestBean; import net.curisit.securis.beans.SignedLicenseBean; import net.curisit.securis.db.Application; import net.curisit.securis.db.BlockedRequest; import net.curisit.securis.db.License; import net.curisit.securis.db.LicenseHistory; import net.curisit.securis.db.LicenseStatus; import net.curisit.securis.db.Pack; import net.curisit.securis.db.PackStatus; import net.curisit.securis.db.User; import net.curisit.securis.ioc.EnsureTransaction; import net.curisit.securis.security.BasicSecurityContext; import net.curisit.securis.security.Securable; import net.curisit.securis.services.exception.SeCurisServiceException; import net.curisit.securis.services.exception.SeCurisServiceException.ErrorCodes; import net.curisit.securis.services.helpers.LicenseHelper; import net.curisit.securis.services.helpers.UserHelper; import net.curisit.securis.utils.Config; import net.curisit.securis.utils.EmailManager; import net.curisit.securis.utils.JsonUtils; import net.curisit.securis.utils.LicUtils; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.ObjectUtils; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import com.fasterxml.jackson.annotation.JsonAutoDetect; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonProperty; /** * License resource, this service will provide methods to create, modify and * delete licenses * * @author roberto */ @Path("/license") public class LicenseResource { private static final Logger LOG = LogManager.getLogger(LicenseResource.class); @Inject private EmailManager emailManager; @Inject private UserHelper userHelper; @Inject private LicenseHelper licenseHelper; @Context EntityManager em; @Inject private LicenseGenerator licenseGenerator; /** * * @return the server version in format majorVersion.minorVersion */ @GET @Path("/") @Securable @Produces({ MediaType.APPLICATION_JSON }) public Response index(@QueryParam("packId") Integer packId, @Context BasicSecurityContext bsc) { LOG.info("Getting licenses list "); // EntityManager em = emProvider.get(); em.clear(); if (!bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN)) { Pack pack = em.find(Pack.class, packId); if (pack == null) { return Response.ok().build(); } if (!bsc.getOrganizationsIds().contains(pack.getOrganization().getId())) { LOG.error("Pack with id {} not accesible by user {}", pack, bsc.getUserPrincipal()); return Response.status(Status.UNAUTHORIZED) .header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Unathorized access to pack licenses").build(); } } TypedQuery q = em.createNamedQuery("list-licenses-by-pack", License.class); q.setParameter("packId", packId); List list = q.getResultList(); return Response.ok(list).build(); } /** * * @return the server version in format majorVersion.minorVersion * @throws SeCurisServiceException */ @GET @Path("/{licId}") @Securable @Produces({ MediaType.APPLICATION_JSON }) public Response get(@PathParam("licId") Integer licId, @Context BasicSecurityContext bsc) throws SeCurisServiceException { LOG.info("Getting organization data for id: {}: ", licId); // EntityManager em = emProvider.get(); em.clear(); License lic = getCurrentLicense(licId, bsc, em); return Response.ok(lic).build(); } /** * * @return The license file, only of license is active * @throws SeCurisServiceException */ @GET @Path("/{licId}/download") @Securable @Produces({ MediaType.APPLICATION_OCTET_STREAM }) @EnsureTransaction public Response download(@PathParam("licId") Integer licId, @Context BasicSecurityContext bsc) throws SeCurisServiceException { // EntityManager em = emProvider.get(); License lic = getCurrentLicense(licId, bsc, em); if (lic.getLicenseData() == null) { LOG.error("License with id {} has not license file generated", licId, bsc.getUserPrincipal()); throw new SeCurisServiceException(Status.FORBIDDEN.getStatusCode(), "License has not contain data to generate license file"); } if (!License.Status.isActionValid(License.Action.DOWNLOAD, lic.getStatus())) { LOG.error("License with id {} is not active, so It can not downloaded", licId, bsc.getUserPrincipal()); throw new SeCurisServiceException(ErrorCodes.WRONG_STATUS, "License is not active, so It can not be downloaded"); } em.persist(licenseHelper.createLicenseHistoryAction(lic, userHelper.getUser(bsc, em), LicenseHistory.Actions.DOWNLOAD)); return Response .ok(lic.getLicenseData()) .header("Content-Disposition", String.format("attachment; filename=\"%s\"", lic.getPack().getLicenseType().getApplication().getLicenseFilename())).build(); } /** * Activate the given license * * @param licId * @param bsc * @return * @throws SeCurisServiceException */ @PUT @POST @Path("/{licId}/activate") @Securable @EnsureTransaction @Consumes(MediaType.APPLICATION_JSON) @Produces({ MediaType.APPLICATION_JSON }) public Response activate(@PathParam("licId") Integer licId, @Context BasicSecurityContext bsc) throws SeCurisServiceException { // EntityManager em = emProvider.get(); License lic = getCurrentLicense(licId, bsc, em); if (!License.Status.isActionValid(License.Action.ACTIVATION, lic.getStatus())) { LOG.error("License with id {} can not be activated from current license status", licId); throw new SeCurisServiceException(ErrorCodes.INVALID_DATA, "License with id " + licId + " can not be activated from the current license status"); } if (lic.getPack().getNumAvailables() == 0) { throw new SeCurisServiceException(ErrorCodes.NO_AVAILABLE_LICENSES, "The pack has not available licenses"); } validateRequestData(lic.getPack(), lic.getRequestData()); License existingLicense = License.findActiveLicenseByRequestData(lic.getRequestData(), em); if (existingLicense != null && existingLicense.getStatus() == LicenseStatus.ACTIVE) { throw new SeCurisServiceException(ErrorCodes.NO_AVAILABLE_LICENSES, "The pack has not available licenses"); } lic.setStatus(LicenseStatus.ACTIVE); lic.setModificationTimestamp(new Date()); em.persist(lic); User user = userHelper.getUser(bsc.getUserPrincipal().getName(), em); em.persist(licenseHelper.createLicenseHistoryAction(lic, user, LicenseHistory.Actions.ACTIVATE)); return Response.ok(lic).build(); } /** * Send license file by email to the organization * * @param licId * @param bsc * @return * @throws SeCurisServiceException */ @PUT @POST @Path("/{licId}/send") @Securable @EnsureTransaction @Consumes(MediaType.APPLICATION_JSON) @Produces({ MediaType.APPLICATION_JSON }) public Response send(@PathParam("licId") Integer licId, @DefaultValue("false") @FormParam("add_cc") Boolean addCC, @Context BasicSecurityContext bsc) throws SeCurisServiceException, SeCurisException { // EntityManager em = emProvider.get(); License lic = getCurrentLicense(licId, bsc, em); Application app = lic.getPack().getLicenseType().getApplication(); File licFile = null; if (lic.getLicenseData() == null) { throw new SeCurisServiceException(ErrorCodes.NOT_FOUND, "There is no license file available"); } if (lic.getFullName() == null) { throw new SeCurisServiceException(ErrorCodes.NOT_FOUND, "Please add an user name in license data to send it the license file"); } User user = userHelper.getUser(bsc.getUserPrincipal().getName(), em); try { String subject = MessageFormat.format(Config.get(Config.KEYS.EMAIL_LIC_DEFAULT_SUBJECT), lic.getPack().getAppName()); String email_tpl = IOUtils.toString(this.getClass().getResourceAsStream("/lic_email.template.en")); String body = MessageFormat.format(email_tpl, lic.getFullName(), app.getName()); licFile = licenseHelper.createTemporaryLicenseFile(lic, app.getLicenseFilename()); emailManager.sendEmail(subject, body, lic.getEmail(), addCC ? user.getEmail() : null, licFile); } catch (IOException e) { LOG.error("Error creating temporary license file", e); throw new SeCurisServiceException(Status.NOT_FOUND.getStatusCode(), "There is no license file available"); } finally { if (licFile != null) { licFile.delete(); licFile.getParentFile().delete(); } } // lic.setModificationTimestamp(new Date()); // em.merge(lic); em.persist(licenseHelper.createLicenseHistoryAction(lic, user, LicenseHistory.Actions.SEND, "Email sent to: " + lic.getEmail())); return Response.ok(lic).build(); } /** * Cancel given license * * @param licId * @param bsc * @return * @throws SeCurisServiceException */ @PUT @POST @Path("/{licId}/cancel") @Securable @EnsureTransaction @Consumes(MediaType.APPLICATION_JSON) @Produces({ MediaType.APPLICATION_JSON }) public Response cancel(@PathParam("licId") Integer licId, CancellationLicenseActionBean actionData, @Context BasicSecurityContext bsc) throws SeCurisServiceException { // EntityManager em = emProvider.get(); License lic = getCurrentLicense(licId, bsc, em); if (!License.Status.isActionValid(License.Action.CANCEL, lic.getStatus())) { LOG.error("License with id {} can not be canceled from current license status", licId); throw new SeCurisServiceException(Status.FORBIDDEN.getStatusCode(), "License with id " + licId + " can not be canceled from the current license status"); } if (actionData.reason == null) { LOG.error("To cancel an active License we need a reason, lic ID: {}, user: {}", lic.getId(), bsc.getUserPrincipal().getName()); throw new SeCurisServiceException(Status.FORBIDDEN.getStatusCode(), "Active license with id " + licId + " can not be canceled without a reason"); } licenseHelper.cancelLicense(lic, actionData.reason, bsc, em); return Response.ok(lic).build(); } /** * Check if there is some pack with the same code * * @param code * Pack code * @param em * DB session object * @return true if code is already used, false * otherwise */ private boolean checkIfCodeExists(String code, EntityManager em) { TypedQuery query = em.createNamedQuery("license-by-code", License.class); query.setParameter("code", code); int lics = query.getResultList().size(); return lics > 0; } @POST @Path("/") @Consumes(MediaType.APPLICATION_JSON) @Securable @Produces({ MediaType.APPLICATION_JSON }) @EnsureTransaction public Response create(License lic, @Context BasicSecurityContext bsc) throws SeCurisServiceException { // EntityManager em = emProvider.get(); if (checkIfCodeExists(lic.getCode(), em)) { throw new SeCurisServiceException(ErrorCodes.INVALID_DATA, "The license code is already used in an existing license"); } if (!LicUtils.checkValidLicenseCodeCrc(lic.getCode())) { throw new SeCurisServiceException(ErrorCodes.INVALID_DATA, "The license code is not valid"); } Pack pack = null; if (lic.getPackId() != null) { pack = em.find(Pack.class, lic.getPackId()); } if (pack == null) { LOG.error("License pack with id {} not found in DB", lic.getPackId()); throw new SeCurisServiceException(ErrorCodes.NOT_FOUND, "License's pack not found with ID: " + lic.getPackId()); } else { if (!bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN) && !bsc.getOrganizationsIds().contains(pack.getOrganization().getId())) { LOG.error("License for pack with id {} can not be created by user {}", pack.getId(), bsc.getUserPrincipal()); throw new SeCurisServiceException(ErrorCodes.UNAUTHORIZED_ACCESS, "Unathorized action on pack license"); } if (pack.getStatus() != PackStatus.ACTIVE) { LOG.error("Current pack, {}, is not active so licenses cannot be created", pack.getId()); throw new SeCurisServiceException(ErrorCodes.WRONG_STATUS, "Current pack is not active so licenses cannot be created"); } } User createdBy = userHelper.getUser(bsc.getUserPrincipal().getName(), em); if (lic.getRequestData() != null) { License existingLicense = License.findActiveLicenseByRequestData(lic.getRequestData(), em); if (existingLicense != null) { throw new SeCurisServiceException(ErrorCodes.DUPLICATED_REQUEST_DATA, "There is already an active license for current request data"); } if (pack.getNumAvailables() > 0) { SignedLicenseBean signedLicense = generateLicense(lic, em); // If user provide a request data the license status is passed // directly to ACTIVE lic.setStatus(LicenseStatus.ACTIVE); try { lic.setRequestData(JsonUtils.toJSON(signedLicense, RequestBean.class)); if (BlockedRequest.isRequestBlocked(lic.getRequestData(), em)) { throw new SeCurisServiceException(ErrorCodes.BLOCKED_REQUEST_DATA, "Given request data is blocked and cannot be activated"); } lic.setLicenseData(JsonUtils.toJSON(signedLicense)); } catch (SeCurisException e) { LOG.error("Error generating license JSON", e); throw new SeCurisServiceException(ErrorCodes.INVALID_FORMAT, "Error generating license JSON"); } } } else { lic.setStatus(LicenseStatus.CREATED); } lic.setCodeSuffix(LicUtils.getLicenseCodeSuffix(lic.getCode())); lic.setCreatedBy(createdBy); lic.setCreationTimestamp(new Date()); lic.setModificationTimestamp(lic.getCreationTimestamp()); em.persist(lic); em.persist(licenseHelper.createLicenseHistoryAction(lic, createdBy, LicenseHistory.Actions.CREATE)); if (lic.getStatus() == LicenseStatus.ACTIVE) { em.persist(licenseHelper.createLicenseHistoryAction(lic, createdBy, LicenseHistory.Actions.ACTIVATE, "Activated on creation")); } return Response.ok(lic).build(); } private SignedLicenseBean generateLicense(License license, EntityManager em) throws SeCurisServiceException { SignedLicenseBean sl = null; Pack pack = em.find(Pack.class, license.getPackId()); RequestBean rb = validateRequestData(pack, license.getRequestData()); try { LicenseBean lb = licenseGenerator.generateLicense(rb, licenseHelper.extractPackMetadata(pack.getMetadata()), licenseHelper.getExpirationDateFromPack(pack, false), license.getCode(), pack.getAppName()); sl = new SignedLicenseBean(lb); } catch (SeCurisException e) { throw new SeCurisServiceException(ErrorCodes.INVALID_LICENSE_REQUEST_DATA, "Error generating license: " + e.toString()); } return sl; } /** * We check if the given request data is valid for the current Pack and has * a valid format * * @param pack * @param requestData * @throws SeCurisServiceException */ private RequestBean validateRequestData(Pack pack, String requestData) throws SeCurisServiceException { if (requestData == null) { throw new SeCurisServiceException(ErrorCodes.INVALID_REQUEST_DATA, "Request data is empty"); } RequestBean rb = null; try { rb = JsonUtils.json2object(requestData, RequestBean.class); } catch (SeCurisException e) { throw new SeCurisServiceException(ErrorCodes.INVALID_REQUEST_DATA_FORMAT, "Request data has not a valid format"); } if (!rb.getCustomerCode().equals(pack.getOrganization().getCode())) { throw new SeCurisServiceException(ErrorCodes.INVALID_REQUEST_DATA_FORMAT, "Request data not valid, wrong Organization code"); } if (!rb.getLicenseTypeCode().equals(pack.getLicenseTypeCode())) { throw new SeCurisServiceException(ErrorCodes.INVALID_REQUEST_DATA_FORMAT, "Request data not valid, wrong License type code"); } // TODO: [rsanchez] Verify that if pack code is null we ignore it if (rb.getPackCode() != null && !rb.getPackCode().equals(pack.getCode())) { throw new SeCurisServiceException(ErrorCodes.INVALID_REQUEST_DATA_FORMAT, "Request data not valid, wrong Pack code"); } return rb; } @PUT @POST @Path("/{licId}") @Securable @EnsureTransaction @Consumes(MediaType.APPLICATION_JSON) @Produces({ MediaType.APPLICATION_JSON }) public Response modify(License lic, @PathParam("licId") Integer licId, @Context BasicSecurityContext bsc) throws SeCurisServiceException { LOG.info("Modifying license with id: {}", licId); // EntityManager em = emProvider.get(); License currentLicense = getCurrentLicense(licId, bsc, em); currentLicense.setComments(lic.getComments()); currentLicense.setFullName(lic.getFullName()); currentLicense.setEmail(lic.getEmail()); if (currentLicense.getStatus() == LicenseStatus.CREATED && !ObjectUtils.equals(currentLicense.getReqDataHash(), lic.getReqDataHash())) { if (lic.getRequestData() != null) { SignedLicenseBean signedLicense = generateLicense(lic, em); try { // Next 2 lines are necessary to normalize the String that // contains // the request. currentLicense.setRequestData(JsonUtils.toJSON(signedLicense, RequestBean.class)); LOG.info("JSON generated for request: \n{}", currentLicense.getRequestData()); if (BlockedRequest.isRequestBlocked(currentLicense.getRequestData(), em)) { throw new SeCurisServiceException(ErrorCodes.BLOCKED_REQUEST_DATA, "Given request data is blocked and cannot be used again"); } currentLicense.setLicenseData(JsonUtils.toJSON(signedLicense)); } catch (SeCurisException e) { LOG.error("Error generaing license JSON", e); throw new SeCurisServiceException(ErrorCodes.INVALID_FORMAT, "Error generaing license JSON"); } } else { // This set method could pass a null value currentLicense.setRequestData(null); } } currentLicense.setModificationTimestamp(new Date()); em.persist(currentLicense); em.persist(licenseHelper.createLicenseHistoryAction(lic, userHelper.getUser(bsc, em), LicenseHistory.Actions.MODIFY)); return Response.ok(currentLicense).build(); } @DELETE @Path("/{licId}") @EnsureTransaction @Securable @Produces({ MediaType.APPLICATION_JSON }) public Response delete(@PathParam("licId") Integer licId, @Context BasicSecurityContext bsc) throws SeCurisServiceException { LOG.info("Deleting license with id: {}", licId); // EntityManager em = emProvider.get(); License lic = getCurrentLicense(licId, bsc, em); if (!License.Status.isActionValid(License.Action.DELETE, lic.getStatus())) { LOG.error("License {} can not be deleted with status {}", lic.getCode(), lic.getStatus()); throw new SeCurisServiceException(ErrorCodes.WRONG_STATUS, "License can not be deleted in current status: " + lic.getStatus().name()); } if (lic.getStatus() == LicenseStatus.BLOCKED) { // If license is removed and it's blocked then the blocked request // should be removed, that is, // the license deletion will unblock the request data BlockedRequest blockedReq = em.find(BlockedRequest.class, lic.getReqDataHash()); if (blockedReq != null) { // This if is to avoid some race condition or if the request has // been already removed manually em.remove(blockedReq); } } em.remove(lic); return Response.ok(Utils.createMap("success", true, "id", licId)).build(); } @POST @Path("/{licId}/block") @EnsureTransaction @Securable @Produces({ MediaType.APPLICATION_JSON }) public Response block(@PathParam("licId") Integer licId, @Context BasicSecurityContext bsc) throws SeCurisServiceException { LOG.info("Blocking license with id: {}", licId); // EntityManager em = emProvider.get(); License lic = getCurrentLicense(licId, bsc, em); if (!License.Status.isActionValid(License.Action.BLOCK, lic.getStatus())) { LOG.error("License can only be blocked in CANCELLED status, current: {}", lic.getStatus().name()); throw new SeCurisServiceException(ErrorCodes.WRONG_STATUS, "License can only be blocked in CANCELLED status"); } if (BlockedRequest.isRequestBlocked(lic.getRequestData(), em)) { throw new SeCurisServiceException(ErrorCodes.BLOCKED_REQUEST_DATA, "Given request data is already blocked"); } BlockedRequest blockedReq = new BlockedRequest(); blockedReq.setCreationTimestamp(new Date()); blockedReq.setBlockedBy(userHelper.getUser(bsc, em)); blockedReq.setRequestData(lic.getRequestData()); em.persist(blockedReq); lic.setStatus(LicenseStatus.BLOCKED); lic.setModificationTimestamp(new Date()); em.merge(lic); em.persist(licenseHelper.createLicenseHistoryAction(lic, userHelper.getUser(bsc, em), LicenseHistory.Actions.BLOCK)); return Response.ok(Utils.createMap("success", true, "id", licId)).build(); } @POST @Path("/{licId}/unblock") @EnsureTransaction @Securable @Produces({ MediaType.APPLICATION_JSON }) public Response unblock(@PathParam("licId") Integer licId, @Context BasicSecurityContext bsc) throws SeCurisServiceException { LOG.info("Unblocking license with id: {}", licId); // EntityManager em = emProvider.get(); License lic = getCurrentLicense(licId, bsc, em); if (BlockedRequest.isRequestBlocked(lic.getRequestData(), em)) { BlockedRequest blockedReq = em.find(BlockedRequest.class, lic.getReqDataHash()); em.remove(blockedReq); lic.setStatus(LicenseStatus.CANCELLED); lic.setModificationTimestamp(new Date()); em.merge(lic); em.persist(licenseHelper.createLicenseHistoryAction(lic, userHelper.getUser(bsc, em), LicenseHistory.Actions.UNBLOCK)); } else { LOG.info("Request data for license {} is NOT blocked", licId); } return Response.ok(Utils.createMap("success", true, "id", licId)).build(); } private License getCurrentLicense(Integer licId, BasicSecurityContext bsc, EntityManager em) throws SeCurisServiceException { if (licId == null || "".equals(licId)) { LOG.error("License ID is mandatory"); throw new SeCurisServiceException(Status.NOT_FOUND.getStatusCode(), "Missing license ID"); } License lic = em.find(License.class, licId); if (lic == null) { LOG.error("License with id {} not found in DB", licId); throw new SeCurisServiceException(Status.NOT_FOUND.getStatusCode(), "License not found for ID: " + licId); } if (!bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN) && !bsc.getOrganizationsIds().contains(lic.getPack().getOrganization().getId())) { LOG.error("License with id {} is not accesible by user {}", licId, bsc.getUserPrincipal()); throw new SeCurisServiceException(Status.UNAUTHORIZED.getStatusCode(), "Unathorized access to license data"); } return lic; } @JsonAutoDetect @JsonIgnoreProperties(ignoreUnknown = true) static class CancellationLicenseActionBean { @JsonProperty private String reason; } }