summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2012-01-18 23:28:11 -0500
committerAde Lee <alee@redhat.com>2012-02-08 16:02:24 -0500
commit0e038046bfdb2cf174450dcb80e2f0b2887947e2 (patch)
treeed274bba39abacd4d6da87a57415efda43e49811
parentd1247e1a404426c9ca2ceeffc52f2b73a0fb6d06 (diff)
downloadpki-0e038046bfdb2cf174450dcb80e2f0b2887947e2.tar.gz
pki-0e038046bfdb2cf174450dcb80e2f0b2887947e2.tar.xz
pki-0e038046bfdb2cf174450dcb80e2f0b2887947e2.zip
New DRM proxy client and tests
Added new interfaces for each Resource, and renamed old Resource service classes.
-rw-r--r--pki/.classpath3
-rw-r--r--pki/base/common/src/CMakeLists.txt7
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResource.java75
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResourceService.java80
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/CMSResourceService.java (renamed from pki/base/common/src/com/netscape/cms/servlet/base/CMSResource.java)2
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/KeyResource.java114
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java123
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/KeysResource.java94
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/KeysResourceService.java90
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestResource.java141
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestResourceService.java139
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResource.java121
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResourceService.java111
-rw-r--r--pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java114
-rw-r--r--pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java437
15 files changed, 1148 insertions, 503 deletions
diff --git a/pki/.classpath b/pki/.classpath
index 07ba2826b..c4d60d871 100644
--- a/pki/.classpath
+++ b/pki/.classpath
@@ -13,6 +13,7 @@
<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/tks/src"/>
<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/util/src"/>
<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/silent/src"/>
+ <classpathentry kind="src" path="base/kra/functional/src"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="lib" path="/usr/share/java/idm-console-mcc.jar"/>
<classpathentry kind="lib" path="/usr/share/java/idm-console-base.jar"/>
@@ -25,5 +26,7 @@
<classpathentry kind="lib" path="/usr/share/java/xerces-j2.jar"/>
<classpathentry kind="lib" path="/usr/share/java/junit4.jar"/>
<classpathentry kind="lib" path="/usr/share/candlepin/lib/jaxrs-api-2.2.1.GA.jar"/>
+ <classpathentry kind="lib" path="/usr/share/candlepin/lib/resteasy-jaxrs-2.2.1.GA.jar"/>
+ <classpathentry kind="lib" path="/usr/share/java/apache-commons-cli.jar"/>
<classpathentry kind="output" path="build/classes"/>
</classpath>
diff --git a/pki/base/common/src/CMakeLists.txt b/pki/base/common/src/CMakeLists.txt
index 4666a2d11..067321dac 100644
--- a/pki/base/common/src/CMakeLists.txt
+++ b/pki/base/common/src/CMakeLists.txt
@@ -538,6 +538,7 @@ set(pki-cms_java_SRCS
com/netscape/cms/servlet/admin/RAAdminServlet.java
com/netscape/cms/servlet/admin/AdminResources.java
com/netscape/cms/servlet/admin/SystemCertificateResource.java
+ com/netscape/cms/servlet/admin/SystemCertificateResourceService.java
com/netscape/cms/servlet/key/DisplayBySerial.java
com/netscape/cms/servlet/key/SrchKey.java
com/netscape/cms/servlet/key/DisplayTransport.java
@@ -553,7 +554,9 @@ set(pki-cms_java_SRCS
com/netscape/cms/servlet/key/KeyRecordParser.java
com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java
com/netscape/cms/servlet/key/KeyResource.java
+ com/netscape/cms/servlet/key/KeyResourceService.java
com/netscape/cms/servlet/key/KeysResource.java
+ com/netscape/cms/servlet/key/KeysResourceService.java
com/netscape/cms/servlet/key/model/KeyDAO.java
com/netscape/cms/servlet/key/model/KeyDataInfo.java
com/netscape/cms/servlet/key/model/KeyDataInfos.java
@@ -561,7 +564,7 @@ set(pki-cms_java_SRCS
com/netscape/cms/servlet/base/IndexServlet.java
com/netscape/cms/servlet/base/UserInfo.java
com/netscape/cms/servlet/base/PortsServlet.java
- com/netscape/cms/servlet/base/CMSResource.java
+ com/netscape/cms/servlet/base/CMSResourceService.java
com/netscape/cms/servlet/base/CMSServlet.java
com/netscape/cms/servlet/base/CMSStartServlet.java
com/netscape/cms/servlet/base/ProxyServlet.java
@@ -651,7 +654,9 @@ set(pki-cms_java_SRCS
com/netscape/cms/servlet/request/CertReqParser.java
com/netscape/cms/servlet/request/KeyReqParser.java
com/netscape/cms/servlet/request/KeyRequestResource.java
+ com/netscape/cms/servlet/request/KeyRequestResourceService.java
com/netscape/cms/servlet/request/KeyRequestsResource.java
+ com/netscape/cms/servlet/request/KeyRequestsResourceService.java
com/netscape/cms/servlet/request/model/ArchivalRequestData.java
com/netscape/cms/servlet/request/model/KeyRequestDAO.java
com/netscape/cms/servlet/request/model/KeyRequestInfo.java
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResource.java b/pki/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResource.java
index b1e47ec3a..6c4c0bc54 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResource.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResource.java
@@ -1,88 +1,21 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-
package com.netscape.cms.servlet.admin;
-import java.security.cert.CertificateEncodingException;
-
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Request;
import javax.ws.rs.core.Response;
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
-import com.netscape.certsrv.security.ITransportKeyUnit;
-import com.netscape.cms.servlet.base.CMSResource;
-import com.netscape.cms.servlet.cert.model.CertificateData;
-
-/**
- * This is the class used to list, retrieve and modify system certificates for all Java subsystems.
- *
- * @author alee
- *
- */
@Path("/config/cert")
-public class SystemCertificateResource extends CMSResource {
-
- @Context
- Request request;
+public interface SystemCertificateResource {
/**
* Used to retrieve the transport certificate
*/
@GET
@Path("/transport")
+ //@ClientResponseType(CertificateData.class)
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
- public Response getTransportCert() {
- CertificateData cert = null;
- IKeyRecoveryAuthority kra = null;
-
- // auth and authz
-
- kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra");
- if (kra == null) {
- // no KRA
- throw new WebApplicationException(Response.Status.NOT_FOUND);
- }
-
- ITransportKeyUnit tu = kra.getTransportKeyUnit();
- if (tu == null) {
- CMS.debug("getTransportCert: transport key unit is null");
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
- }
- org.mozilla.jss.crypto.X509Certificate transportCert = tu.getCertificate();
- if (transportCert == null) {
- CMS.debug("getTransportCert: transport cert is null");
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
- }
- try {
- cert = createCertificateData(transportCert);
- } catch (CertificateEncodingException e) {
- CMS.debug("getTransportCert: certificate encoding exception with transport cert");
- e.printStackTrace();
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
- }
- return sendConditionalGetResponse(DEFAULT_LONG_CACHE_LIFETIME, cert, request);
- }
+ public Response getTransportCert();
-}
+} \ No newline at end of file
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResourceService.java b/pki/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResourceService.java
new file mode 100644
index 000000000..48f410c73
--- /dev/null
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResourceService.java
@@ -0,0 +1,80 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2012 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+package com.netscape.cms.servlet.admin;
+
+import java.security.cert.CertificateEncodingException;
+
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Request;
+import javax.ws.rs.core.Response;
+
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
+import com.netscape.certsrv.security.ITransportKeyUnit;
+import com.netscape.cms.servlet.base.CMSResourceService;
+import com.netscape.cms.servlet.cert.model.CertificateData;
+
+/**
+ * This is the class used to list, retrieve and modify system certificates for all Java subsystems.
+ *
+ * @author alee
+ *
+ */
+public class SystemCertificateResourceService extends CMSResourceService implements SystemCertificateResource {
+
+ @Context
+ Request request;
+
+ /**
+ * Used to retrieve the transport certificate
+ */
+ public Response getTransportCert() {
+ CertificateData cert = null;
+ IKeyRecoveryAuthority kra = null;
+
+ // auth and authz
+
+ kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra");
+ if (kra == null) {
+ // no KRA
+ throw new WebApplicationException(Response.Status.NOT_FOUND);
+ }
+
+ ITransportKeyUnit tu = kra.getTransportKeyUnit();
+ if (tu == null) {
+ CMS.debug("getTransportCert: transport key unit is null");
+ throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ }
+ org.mozilla.jss.crypto.X509Certificate transportCert = tu.getCertificate();
+ if (transportCert == null) {
+ CMS.debug("getTransportCert: transport cert is null");
+ throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ }
+ try {
+ cert = createCertificateData(transportCert);
+ } catch (CertificateEncodingException e) {
+ CMS.debug("getTransportCert: certificate encoding exception with transport cert");
+ e.printStackTrace();
+ throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ }
+ return sendConditionalGetResponse(DEFAULT_LONG_CACHE_LIFETIME, cert, request);
+ }
+
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSResource.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSResourceService.java
index 48b04859b..74d847d0a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSResource.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSResourceService.java
@@ -34,7 +34,7 @@ import com.netscape.cms.servlet.cert.model.CertificateData;
* @author alee
*
*/
-public class CMSResource {
+public class CMSResourceService {
protected static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----";
protected static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----";
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeyResource.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeyResource.java
index 3f8e8b2cf..c6ddda698 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/KeyResource.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/KeyResource.java
@@ -1,53 +1,18 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2011 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-
package com.netscape.cms.servlet.key;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriInfo;
-import com.netscape.cms.servlet.base.CMSResource;
-import com.netscape.cms.servlet.key.model.KeyDAO;
import com.netscape.cms.servlet.key.model.KeyData;
-import com.netscape.cms.servlet.request.model.KeyRequestDAO;
-import com.netscape.cms.servlet.request.model.KeyRequestInfo;
import com.netscape.cms.servlet.request.model.RecoveryRequestData;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.certsrv.base.EBaseException;
-/**
- * @author alee
- *
- */
+
@Path("/key")
-public class KeyResource extends CMSResource {
-
- @Context
- UriInfo uriInfo;
-
+public interface KeyResource {
+
/**
* Used to retrieve a key
* @param data
@@ -57,80 +22,11 @@ public class KeyResource extends CMSResource {
@Path("retrieve")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
- public KeyData retrieveKey(RecoveryRequestData data) {
- // auth and authz
- String keyId = validateRequest(data);
- KeyDAO dao = new KeyDAO();
- KeyData keyData;
- try {
- keyData = dao.getKey(keyId, data);
- } catch (EBaseException e) {
- // log error
- e.printStackTrace();
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
- }
- if (keyData == null) {
- // no key record
- throw new WebApplicationException(Response.Status.GONE);
- }
- return keyData;
- }
+ public KeyData retrieveKey(RecoveryRequestData data);
// retrieval - used to test integration with a browser
@POST
@Path("retrieve")
@Produces(MediaType.TEXT_XML)
- public KeyData retrieveKey(MultivaluedMap<String, String> form) {
- RecoveryRequestData data = new RecoveryRequestData(form);
- return retrieveKey(data);
- }
-
- private String validateRequest(RecoveryRequestData data) {
- // confirm that at least one wrapping method exists
- if ((data.getTransWrappedSessionKey() == null) && (data.getTransWrappedSessionKey() == null)) {
- // log error
- throw new WebApplicationException(Response.Status.BAD_REQUEST);
- }
-
- // confirm request exists
- String reqId = data.getRequestId();
- if (reqId == null) {
- // log error
- throw new WebApplicationException(Response.Status.BAD_REQUEST);
- }
- KeyRequestDAO reqDAO = new KeyRequestDAO();
- KeyRequestInfo reqInfo;
- try {
- reqInfo = reqDAO.getRequest(reqId, uriInfo);
- } catch (EBaseException e1) {
- // failed to get request
- e1.printStackTrace();
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
- }
- if (reqInfo == null) {
- // request not found
- throw new WebApplicationException(Response.Status.GONE);
- }
-
- //confirm request is of the right type
- String type = reqInfo.getRequestType();
- if (!type.equals(IRequest.SECURITY_DATA_RECOVERY_REQUEST)) {
- // log error
- throw new WebApplicationException(Response.Status.BAD_REQUEST);
- }
-
- //confirm that agent is originator of request, else throw 401
- // TO-DO
-
- // confirm request is in approved state
- String status = reqInfo.getRequestStatus();
- if (!status.equals(RequestStatus.APPROVED.toString())) {
- // log error
- throw new WebApplicationException(Response.Status.UNAUTHORIZED);
- }
-
- String keyURL = reqInfo.getKeyURL();
- return keyURL.substring(keyURL.lastIndexOf("/"));
- }
-
+ public KeyData retrieveKey(MultivaluedMap<String, String> form);
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java
new file mode 100644
index 000000000..887820c3f
--- /dev/null
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java
@@ -0,0 +1,123 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2011 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+package com.netscape.cms.servlet.key;
+
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+
+import com.netscape.cms.servlet.base.CMSResourceService;
+import com.netscape.cms.servlet.key.model.KeyDAO;
+import com.netscape.cms.servlet.key.model.KeyData;
+import com.netscape.cms.servlet.request.model.KeyRequestDAO;
+import com.netscape.cms.servlet.request.model.KeyRequestInfo;
+import com.netscape.cms.servlet.request.model.RecoveryRequestData;
+import com.netscape.certsrv.request.IRequest;
+import com.netscape.certsrv.request.RequestStatus;
+import com.netscape.certsrv.base.EBaseException;
+/**
+ * @author alee
+ *
+ */
+public class KeyResourceService extends CMSResourceService implements KeyResource{
+
+ @Context
+ UriInfo uriInfo;
+
+ /**
+ * Used to retrieve a key
+ * @param data
+ * @return
+ */
+ public KeyData retrieveKey(RecoveryRequestData data) {
+ // auth and authz
+ String keyId = validateRequest(data);
+ KeyDAO dao = new KeyDAO();
+ KeyData keyData;
+ try {
+ keyData = dao.getKey(keyId, data);
+ } catch (EBaseException e) {
+ // log error
+ e.printStackTrace();
+ throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ }
+ if (keyData == null) {
+ // no key record
+ throw new WebApplicationException(Response.Status.GONE);
+ }
+ return keyData;
+ }
+
+ // retrieval - used to test integration with a browser
+ public KeyData retrieveKey(MultivaluedMap<String, String> form) {
+ RecoveryRequestData data = new RecoveryRequestData(form);
+ return retrieveKey(data);
+ }
+
+ private String validateRequest(RecoveryRequestData data) {
+ // confirm that at least one wrapping method exists
+ if ((data.getTransWrappedSessionKey() == null) && (data.getTransWrappedSessionKey() == null)) {
+ // log error
+ throw new WebApplicationException(Response.Status.BAD_REQUEST);
+ }
+
+ // confirm request exists
+ String reqId = data.getRequestId();
+ if (reqId == null) {
+ // log error
+ throw new WebApplicationException(Response.Status.BAD_REQUEST);
+ }
+ KeyRequestDAO reqDAO = new KeyRequestDAO();
+ KeyRequestInfo reqInfo;
+ try {
+ reqInfo = reqDAO.getRequest(reqId, uriInfo);
+ } catch (EBaseException e1) {
+ // failed to get request
+ e1.printStackTrace();
+ throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ }
+ if (reqInfo == null) {
+ // request not found
+ throw new WebApplicationException(Response.Status.GONE);
+ }
+
+ //confirm request is of the right type
+ String type = reqInfo.getRequestType();
+ if (!type.equals(IRequest.SECURITY_DATA_RECOVERY_REQUEST)) {
+ // log error
+ throw new WebApplicationException(Response.Status.BAD_REQUEST);
+ }
+
+ //confirm that agent is originator of request, else throw 401
+ // TO-DO
+
+ // confirm request is in approved state
+ String status = reqInfo.getRequestStatus();
+ if (!status.equals(RequestStatus.APPROVED.toString())) {
+ // log error
+ throw new WebApplicationException(Response.Status.UNAUTHORIZED);
+ }
+
+ String keyURL = reqInfo.getKeyURL();
+ return keyURL.substring(keyURL.lastIndexOf("/"));
+ }
+
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeysResource.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeysResource.java
index 4cf5db3f4..35cd5ccbe 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/KeysResource.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/KeysResource.java
@@ -1,23 +1,3 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2011 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-/**
- *
- */
package com.netscape.cms.servlet.key;
import javax.ws.rs.DefaultValue;
@@ -25,81 +5,19 @@ import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.cms.servlet.base.CMSResource;
-import com.netscape.cms.servlet.key.model.KeyDAO;
import com.netscape.cms.servlet.key.model.KeyDataInfos;
-
-/**
- * @author alee
- *
- */
+
@Path("/keys")
-public class KeysResource extends CMSResource {
-
- private static final String DEFAULT_MAXTIME = "10";
- private static final String DEFAULT_MAXRESULTS = "100";
-
- @Context
- UriInfo uriInfo;
-
- /**
- * Used to generate list of key infos based on the search parameters
- */
+public interface KeysResource {
+ public static final String DEFAULT_MAXTIME = "10";
+ public static final String DEFAULT_MAXRESULTS = "100";
+
@GET
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
public KeyDataInfos listKeys(@QueryParam("clientID") String clientID,
@QueryParam("status") String status,
@DefaultValue(DEFAULT_MAXRESULTS) @QueryParam("maxResults") int maxResults,
- @DefaultValue(DEFAULT_MAXTIME) @QueryParam("maxTime") int maxTime) {
- // auth and authz
-
- // get ldap filter
- String filter = createSearchFilter(status, clientID);
- CMS.debug("listKeys: filter is " + filter);
-
- KeyDAO dao = new KeyDAO();
- KeyDataInfos infos;
- try {
- infos = dao.listKeys(filter, maxResults, maxTime, uriInfo);
- } catch (EBaseException e) {
- e.printStackTrace();
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
- }
- return infos;
- }
+ @DefaultValue(DEFAULT_MAXTIME) @QueryParam("maxTime") int maxTime);
- private String createSearchFilter(String status, String clientID) {
- String filter = "";
- int matches = 0;
-
- if ((status == null) && (clientID == null)) {
- filter = "(serialno=*)";
- return filter;
- }
-
- if (status != null) {
- filter += "(status=" + status + ")";
- matches ++;
- }
-
- if (clientID != null) {
- filter += "(clientID=" + clientID + ")";
- matches ++;
- }
-
- if (matches > 1) {
- filter = "(&" + filter + ")";
- }
-
- return filter;
- }
-
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeysResourceService.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeysResourceService.java
new file mode 100644
index 000000000..b5032fa86
--- /dev/null
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/KeysResourceService.java
@@ -0,0 +1,90 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2011 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+/**
+ *
+ */
+package com.netscape.cms.servlet.key;
+
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.cms.servlet.base.CMSResourceService;
+import com.netscape.cms.servlet.key.model.KeyDAO;
+import com.netscape.cms.servlet.key.model.KeyDataInfos;
+
+/**
+ * @author alee
+ *
+ */
+public class KeysResourceService extends CMSResourceService implements KeysResource {
+
+ @Context
+ UriInfo uriInfo;
+
+ /**
+ * Used to generate list of key infos based on the search parameters
+ */
+ public KeyDataInfos listKeys(String clientID, String status, int maxResults, int maxTime) {
+ // auth and authz
+
+ // get ldap filter
+ String filter = createSearchFilter(status, clientID);
+ CMS.debug("listKeys: filter is " + filter);
+
+ KeyDAO dao = new KeyDAO();
+ KeyDataInfos infos;
+ try {
+ infos = dao.listKeys(filter, maxResults, maxTime, uriInfo);
+ } catch (EBaseException e) {
+ e.printStackTrace();
+ throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ }
+ return infos;
+ }
+
+ private String createSearchFilter(String status, String clientID) {
+ String filter = "";
+ int matches = 0;
+
+ if ((status == null) && (clientID == null)) {
+ filter = "(serialno=*)";
+ return filter;
+ }
+
+ if (status != null) {
+ filter += "(status=" + status + ")";
+ matches ++;
+ }
+
+ if (clientID != null) {
+ filter += "(clientID=" + clientID + ")";
+ matches ++;
+ }
+
+ if (matches > 1) {
+ filter = "(&" + filter + ")";
+ }
+
+ return filter;
+ }
+
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestResource.java b/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestResource.java
index 154986624..0a476c49c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestResource.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestResource.java
@@ -1,21 +1,3 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2011 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-
package com.netscape.cms.servlet.request;
import javax.ws.rs.GET;
@@ -24,146 +6,57 @@ import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.Consumes;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriInfo;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.cms.servlet.base.CMSResource;
import com.netscape.cms.servlet.request.model.ArchivalRequestData;
-import com.netscape.cms.servlet.request.model.KeyRequestDAO;
import com.netscape.cms.servlet.request.model.KeyRequestInfo;
import com.netscape.cms.servlet.request.model.RecoveryRequestData;
-
-/**
- * @author alee
- *
- */
+
@Path("/keyrequest")
-public class KeyRequestResource extends CMSResource {
+public interface KeyRequestResource {
- @Context
- UriInfo uriInfo;
-
/**
* Used to retrieve key request info for a specific request
*/
@GET
@Path("{id}")
- @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
- public KeyRequestInfo getRequestInfo(@PathParam("id") String id) {
- // auth and authz
- KeyRequestDAO dao = new KeyRequestDAO();
- KeyRequestInfo info;
- try {
- info = dao.getRequest(id, uriInfo);
- } catch (EBaseException e) {
- // log error
- e.printStackTrace();
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
- }
- if (info == null) {
- // request does not exist
- throw new WebApplicationException(Response.Status.NOT_FOUND);
- }
- return info;
- }
-
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
+ public KeyRequestInfo getRequestInfo(@PathParam("id") String id);
+
// Archiving - used to test integration with a browser
@POST
@Path("archive")
@Produces({ MediaType.TEXT_XML })
- public KeyRequestInfo archiveKey(MultivaluedMap<String, String> form) {
- ArchivalRequestData data = new ArchivalRequestData(form);
- return archiveKey(data);
- }
+ public KeyRequestInfo archiveKey(MultivaluedMap<String, String> form);
@POST
@Path("archive")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
- public KeyRequestInfo archiveKey(ArchivalRequestData data) {
- // auth and authz
- KeyRequestDAO dao = new KeyRequestDAO();
- KeyRequestInfo info;
- try {
- info = dao.submitRequest(data, uriInfo);
- } catch (EBaseException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
- }
- return info;
- }
-
+ public KeyRequestInfo archiveKey(ArchivalRequestData data);
+
//Recovery - used to test integration with a browser
@POST
@Path("recover")
@Produces({ MediaType.TEXT_XML })
- public KeyRequestInfo recoverKey(MultivaluedMap<String, String> form) {
- RecoveryRequestData data = new RecoveryRequestData(form);
- return recoverKey(data);
- }
+ public KeyRequestInfo recoverKey(MultivaluedMap<String, String> form);
@POST
@Path("recover")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
- public KeyRequestInfo recoverKey(RecoveryRequestData data) {
- // auth and authz
- KeyRequestDAO dao = new KeyRequestDAO();
- KeyRequestInfo info;
- try {
- info = dao.submitRequest(data, uriInfo);
- } catch (EBaseException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
- }
- return info;
- }
-
+ public KeyRequestInfo recoverKey(RecoveryRequestData data);
+
@POST
@Path("approve/{id}")
- public void approveRequest(@PathParam("id") String id) {
- // auth and authz
- KeyRequestDAO dao = new KeyRequestDAO();
- try {
- dao.approveRequest(id);
- } catch (EBaseException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
- }
- }
-
+ public void approveRequest(@PathParam("id") String id);
+
@POST
@Path("reject/{id}")
- public void rejectRequest(@PathParam("id") String id) {
- // auth and authz
- KeyRequestDAO dao = new KeyRequestDAO();
- try {
- dao.rejectRequest(id);
- } catch (EBaseException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
- }
- }
-
+ public void rejectRequest(@PathParam("id") String id);
+
@POST
@Path("cancel/{id}")
- public void cancelRequest(@PathParam("id") String id) {
- // auth and authz
- KeyRequestDAO dao = new KeyRequestDAO();
- try {
- dao.cancelRequest(id);
- } catch (EBaseException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
- }
- }
+ public void cancelRequest(@PathParam("id") String id);
+
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestResourceService.java b/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestResourceService.java
new file mode 100644
index 000000000..da08c4d69
--- /dev/null
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestResourceService.java
@@ -0,0 +1,139 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2011 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+package com.netscape.cms.servlet.request;
+
+import javax.ws.rs.PathParam;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.cms.servlet.base.CMSResourceService;
+import com.netscape.cms.servlet.request.model.ArchivalRequestData;
+import com.netscape.cms.servlet.request.model.KeyRequestDAO;
+import com.netscape.cms.servlet.request.model.KeyRequestInfo;
+import com.netscape.cms.servlet.request.model.RecoveryRequestData;
+
+/**
+ * @author alee
+ *
+ */
+public class KeyRequestResourceService extends CMSResourceService implements KeyRequestResource {
+
+ @Context
+ UriInfo uriInfo;
+
+ /**
+ * Used to retrieve key request info for a specific request
+ */
+ public KeyRequestInfo getRequestInfo(String id) {
+ // auth and authz
+ KeyRequestDAO dao = new KeyRequestDAO();
+ KeyRequestInfo info;
+ try {
+ info = dao.getRequest(id, uriInfo);
+ } catch (EBaseException e) {
+ // log error
+ e.printStackTrace();
+ throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ }
+ if (info == null) {
+ // request does not exist
+ throw new WebApplicationException(Response.Status.NOT_FOUND);
+ }
+ return info;
+ }
+
+ // Archiving - used to test integration with a browser
+ public KeyRequestInfo archiveKey(MultivaluedMap<String, String> form) {
+ ArchivalRequestData data = new ArchivalRequestData(form);
+ return archiveKey(data);
+ }
+
+ public KeyRequestInfo archiveKey(ArchivalRequestData data) {
+ // auth and authz
+ KeyRequestDAO dao = new KeyRequestDAO();
+ KeyRequestInfo info;
+ try {
+ info = dao.submitRequest(data, uriInfo);
+ } catch (EBaseException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ }
+ return info;
+ }
+
+ //Recovery - used to test integration with a browser
+ public KeyRequestInfo recoverKey(MultivaluedMap<String, String> form) {
+ RecoveryRequestData data = new RecoveryRequestData(form);
+ return recoverKey(data);
+ }
+
+ public KeyRequestInfo recoverKey(RecoveryRequestData data) {
+ // auth and authz
+ KeyRequestDAO dao = new KeyRequestDAO();
+ KeyRequestInfo info;
+ try {
+ info = dao.submitRequest(data, uriInfo);
+ } catch (EBaseException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ }
+ return info;
+ }
+
+ public void approveRequest(@PathParam("id") String id) {
+ // auth and authz
+ KeyRequestDAO dao = new KeyRequestDAO();
+ try {
+ dao.approveRequest(id);
+ } catch (EBaseException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ }
+ }
+
+ public void rejectRequest(@PathParam("id") String id) {
+ // auth and authz
+ KeyRequestDAO dao = new KeyRequestDAO();
+ try {
+ dao.rejectRequest(id);
+ } catch (EBaseException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ }
+ }
+
+ public void cancelRequest(@PathParam("id") String id) {
+ // auth and authz
+ KeyRequestDAO dao = new KeyRequestDAO();
+ try {
+ dao.cancelRequest(id);
+ } catch (EBaseException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ }
+ }
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResource.java b/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResource.java
index ce53053d4..0f8fbc78f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResource.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResource.java
@@ -1,21 +1,3 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2011 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-
package com.netscape.cms.servlet.request;
import javax.ws.rs.DefaultValue;
@@ -23,32 +5,16 @@ import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriInfo;
-
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.cms.servlet.base.CMSResource;
-import com.netscape.cms.servlet.request.model.KeyRequestDAO;
import com.netscape.cms.servlet.request.model.KeyRequestInfos;
-
-/**
- * @author alee
- *
- */
-@Path("/keyrequests")
-public class KeyRequestsResource extends CMSResource {
- private static final int DEFAULT_START = 0;
- private static final String DEFAULT_PAGESIZE = "20";
- private static final String DEFAULT_MAXRESULTS = "100";
- private static final String DEFAULT_MAXTIME = "10";
+@Path("/keyrequests")
+public interface KeyRequestsResource {
- @Context
- UriInfo uriInfo;
+ public static final String DEFAULT_START = "0";
+ public static final String DEFAULT_PAGESIZE = "20";
+ public static final String DEFAULT_MAXRESULTS = "100";
+ public static final String DEFAULT_MAXTIME = "10";
/**
* Used to generate list of key requests based on the search parameters
@@ -56,74 +22,11 @@ public class KeyRequestsResource extends CMSResource {
@GET
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
public KeyRequestInfos listRequests(@QueryParam("requestState") String requestState,
- @QueryParam("requestType") String requestType,
- @QueryParam("clientID") String clientID,
- @QueryParam("start") String start_s,
- @DefaultValue(DEFAULT_PAGESIZE) @QueryParam("pageSize") int pageSize,
- @DefaultValue(DEFAULT_MAXRESULTS) @QueryParam("maxResults") int maxResults,
- @DefaultValue(DEFAULT_MAXTIME) @QueryParam("maxTime") int maxTime) {
- // auth and authz
-
- // get ldap filter
- String filter = createSearchFilter(requestState, requestType, clientID);
- CMS.debug("listRequests: filter is " + filter);
-
-
- // get start marker
- int start = DEFAULT_START;
- if (start_s != null) {
- try {
- if (start_s.trim().startsWith("0x")) {
- start = Integer.parseInt(start_s.trim().substring(2), 16);
- } else {
- start = Integer.parseInt(start_s.trim());
- }
- } catch (NumberFormatException e) {
- CMS.debug("listRequests: NumberformatException: Invalid value for start " + start_s);
- throw new WebApplicationException(Response.Status.NOT_FOUND);
- }
- }
-
- KeyRequestDAO reqDAO = new KeyRequestDAO();
- KeyRequestInfos requests;
- try {
- requests = reqDAO.listRequests(filter, start, pageSize, maxResults, maxTime, uriInfo);
- } catch (EBaseException e) {
- CMS.debug("listRequests: error in obtaining request results" + e);
- e.printStackTrace();
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
- }
- return requests;
- }
+ @QueryParam("requestType") String requestType,
+ @QueryParam("clientID") String clientID,
+ @DefaultValue(DEFAULT_START) @QueryParam("start") String start_s,
+ @DefaultValue(DEFAULT_PAGESIZE) @QueryParam("pageSize") int pageSize,
+ @DefaultValue(DEFAULT_MAXRESULTS) @QueryParam("maxResults") int maxResults,
+ @DefaultValue(DEFAULT_MAXTIME) @QueryParam("maxTime") int maxTime);
- private String createSearchFilter(String requestState, String requestType, String clientID) {
- String filter = "";
- int matches = 0;
-
- if ((requestState == null) && (requestType == null) && (clientID == null)) {
- filter = "(requeststate=*)";
- return filter;
- }
-
- if (requestState != null) {
- filter += "(requeststate=" + requestState + ")";
- matches ++;
- }
-
- if (requestType != null) {
- filter += "(requesttype=" + requestType + ")";
- matches ++;
- }
-
- if (clientID != null) {
- filter += "(clientID=" + clientID + ")";
- matches ++;
- }
-
- if (matches > 1) {
- filter = "(&" + filter + ")";
- }
-
- return filter;
- }
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResourceService.java b/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResourceService.java
new file mode 100644
index 000000000..290868ab5
--- /dev/null
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResourceService.java
@@ -0,0 +1,111 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2011 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+package com.netscape.cms.servlet.request;
+
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.cms.servlet.base.CMSResourceService;
+import com.netscape.cms.servlet.request.model.KeyRequestDAO;
+import com.netscape.cms.servlet.request.model.KeyRequestInfos;
+
+/**
+ * @author alee
+ *
+ */
+public class KeyRequestsResourceService extends CMSResourceService implements KeyRequestsResource{
+
+ @Context
+ UriInfo uriInfo;
+
+ /**
+ * Used to generate list of key requests based on the search parameters
+ */
+ public KeyRequestInfos listRequests(String requestState, String requestType, String clientID,
+ String start_s, int pageSize, int maxResults,
+ int maxTime) {
+ // auth and authz
+
+ // get ldap filter
+ String filter = createSearchFilter(requestState, requestType, clientID);
+ CMS.debug("listRequests: filter is " + filter);
+
+
+ // get start marker
+ int start = Integer.parseInt(KeyRequestsResource.DEFAULT_START);
+ if (start_s != null) {
+ try {
+ if (start_s.trim().startsWith("0x")) {
+ start = Integer.parseInt(start_s.trim().substring(2), 16);
+ } else {
+ start = Integer.parseInt(start_s.trim());
+ }
+ } catch (NumberFormatException e) {
+ CMS.debug("listRequests: NumberformatException: Invalid value for start " + start_s);
+ throw new WebApplicationException(Response.Status.NOT_FOUND);
+ }
+ }
+
+ KeyRequestDAO reqDAO = new KeyRequestDAO();
+ KeyRequestInfos requests;
+ try {
+ requests = reqDAO.listRequests(filter, start, pageSize, maxResults, maxTime, uriInfo);
+ } catch (EBaseException e) {
+ CMS.debug("listRequests: error in obtaining request results" + e);
+ e.printStackTrace();
+ throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ }
+ return requests;
+ }
+
+ private String createSearchFilter(String requestState, String requestType, String clientID) {
+ String filter = "";
+ int matches = 0;
+
+ if ((requestState == null) && (requestType == null) && (clientID == null)) {
+ filter = "(requeststate=*)";
+ return filter;
+ }
+
+ if (requestState != null) {
+ filter += "(requeststate=" + requestState + ")";
+ matches ++;
+ }
+
+ if (requestType != null) {
+ filter += "(requesttype=" + requestType + ")";
+ matches ++;
+ }
+
+ if (clientID != null) {
+ filter += "(clientID=" + clientID + ")";
+ matches ++;
+ }
+
+ if (matches > 1) {
+ filter = "(&" + filter + ")";
+ }
+
+ return filter;
+ }
+}
diff --git a/pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java b/pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java
new file mode 100644
index 000000000..8447faaec
--- /dev/null
+++ b/pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java
@@ -0,0 +1,114 @@
+package com.netscape.cms.servlet.test;
+
+import java.util.Collection;
+import java.util.Iterator;
+
+import javax.ws.rs.core.Response;
+
+import org.jboss.resteasy.client.ProxyFactory;
+
+import com.netscape.cms.servlet.admin.SystemCertificateResource;
+import com.netscape.cms.servlet.cert.model.CertificateData;
+import com.netscape.cms.servlet.key.KeyResource;
+import com.netscape.cms.servlet.key.KeysResource;
+import com.netscape.cms.servlet.key.model.KeyData;
+import com.netscape.cms.servlet.key.model.KeyDataInfo;
+import com.netscape.cms.servlet.key.model.KeyDataInfos;
+import com.netscape.cms.servlet.request.KeyRequestResource;
+import com.netscape.cms.servlet.request.KeyRequestsResource;
+import com.netscape.cms.servlet.request.model.ArchivalRequestData;
+import com.netscape.cms.servlet.request.model.KeyRequestInfo;
+import com.netscape.cms.servlet.request.model.KeyRequestInfos;
+import com.netscape.cms.servlet.request.model.RecoveryRequestData;
+
+public class DRMRestClient {
+
+ private KeyResource keyClient;
+ private KeysResource keysClient;
+ private KeyRequestsResource keyRequestsClient;
+ private KeyRequestResource keyRequestClient;
+ private SystemCertificateResource systemCertClient;
+
+ public DRMRestClient(String baseUri) {
+ systemCertClient = ProxyFactory.create(SystemCertificateResource.class, baseUri);
+ keyRequestsClient = ProxyFactory.create(KeyRequestsResource.class, baseUri);
+ keyRequestClient = ProxyFactory.create(KeyRequestResource.class, baseUri);
+ keysClient = ProxyFactory.create(KeysResource.class, baseUri);
+ keyClient = ProxyFactory.create(KeyResource.class, baseUri);
+ }
+
+ public String getTransportCert() {
+ Response response = systemCertClient.getTransportCert();
+ CertificateData certData = (CertificateData) response.getEntity();
+ String transportCert = certData.getB64();
+ return transportCert;
+ }
+
+ public Collection<KeyRequestInfo> listRequests(String requestState, String requestType) {
+ KeyRequestInfos infos = keyRequestsClient.listRequests(requestState, requestType, null, "0", 100, 100, 10);
+ Collection<KeyRequestInfo> list = infos.getRequests();
+ return list;
+ }
+
+ public KeyRequestInfo archiveSecurityData(byte[] encoded, String clientId) {
+ // create archival request
+ ArchivalRequestData data = new ArchivalRequestData();
+ String req1 = com.netscape.osutil.OSUtil.BtoA(encoded);
+ data.setWrappedPrivateData(req1);
+ data.setClientId(clientId);
+
+ KeyRequestInfo info = keyRequestClient.archiveKey(data);
+ return info;
+ }
+
+ public KeyDataInfo getKeyData(String clientId, String status) {
+ KeyDataInfos infos = keysClient.listKeys(clientId, status, 100, 10);
+ Collection<KeyDataInfo> list = infos.getKeyInfos();
+ Iterator<KeyDataInfo> iter = list.iterator();
+
+ while (iter.hasNext()) {
+ KeyDataInfo info = iter.next();
+ if (info != null) {
+ // return the first one
+ return info;
+ }
+ }
+ return null;
+ }
+
+ public KeyRequestInfo requestRecovery(String keyId, byte[] rpwd, byte[] rkey) {
+ // create recovery request
+ RecoveryRequestData data = new RecoveryRequestData();
+ data.setKeyId(keyId);
+ if (rpwd != null) {
+ data.setTransWrappedPassphrase(com.netscape.osutil.OSUtil.BtoA(rpwd));
+ }
+ if (rkey != null) {
+ data.setTransWrappedSessionKey(com.netscape.osutil.OSUtil.BtoA(rkey));
+ }
+
+ KeyRequestInfo info = keyRequestClient.recoverKey(data);
+ return info;
+ }
+
+ public void approveRecovery(String recoveryId) {
+ keyRequestClient.approveRequest(recoveryId);
+ }
+
+ public KeyData retrieveKey(String keyId, String requestId, byte[] rpwd, byte[] rkey) {
+ // create recovery request
+ RecoveryRequestData data = new RecoveryRequestData();
+ data.setKeyId(keyId);
+ data.setRequestId(requestId);
+ if (rkey != null) {
+ data.setTransWrappedSessionKey(com.netscape.osutil.OSUtil.BtoA(rkey));
+ } else {
+ data.setTransWrappedPassphrase(com.netscape.osutil.OSUtil.BtoA(rpwd));
+ }
+ KeyData key = keyClient.retrieveKey(data);
+ return key;
+ }
+
+
+
+} \ No newline at end of file
diff --git a/pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java b/pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java
new file mode 100644
index 000000000..f222e5413
--- /dev/null
+++ b/pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java
@@ -0,0 +1,437 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2012 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cms.servlet.test;
+
+import java.io.ByteArrayOutputStream;
+import java.io.CharConversionException;
+import java.io.IOException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateEncodingException;
+import java.util.Calendar;
+import java.util.Collection;
+import java.util.Iterator;
+import org.mozilla.jss.CryptoManager;
+import org.mozilla.jss.asn1.BIT_STRING;
+import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
+import org.mozilla.jss.asn1.OCTET_STRING;
+import org.mozilla.jss.asn1.SEQUENCE;
+import org.mozilla.jss.crypto.AlreadyInitializedException;
+import org.mozilla.jss.crypto.BadPaddingException;
+import org.mozilla.jss.crypto.Cipher;
+import org.mozilla.jss.crypto.CryptoToken;
+import org.mozilla.jss.crypto.EncryptionAlgorithm;
+import org.mozilla.jss.crypto.IVParameterSpec;
+import org.mozilla.jss.crypto.IllegalBlockSizeException;
+import org.mozilla.jss.crypto.KeyGenAlgorithm;
+import org.mozilla.jss.crypto.KeyGenerator;
+import org.mozilla.jss.crypto.KeyWrapAlgorithm;
+import org.mozilla.jss.crypto.KeyWrapper;
+import org.mozilla.jss.crypto.SymmetricKey;
+import org.mozilla.jss.crypto.TokenException;
+import org.mozilla.jss.crypto.X509Certificate;
+import org.mozilla.jss.pkix.crmf.EncryptedKey;
+import org.mozilla.jss.pkix.crmf.EncryptedValue;
+import org.mozilla.jss.pkix.crmf.PKIArchiveOptions;
+import org.mozilla.jss.pkix.primitive.AVA;
+import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier;
+import org.mozilla.jss.util.Password;
+
+import org.apache.commons.cli.CommandLine;
+import org.apache.commons.cli.CommandLineParser;
+import org.apache.commons.cli.HelpFormatter;
+import org.apache.commons.cli.Options;
+import org.apache.commons.cli.ParseException;
+import org.apache.commons.cli.PosixParser;
+import com.netscape.cms.servlet.key.model.KeyData;
+import com.netscape.cms.servlet.key.model.KeyDataInfo;
+import com.netscape.cms.servlet.request.model.KeyRequestInfo;
+
+@SuppressWarnings("deprecation")
+public class DRMTest {
+
+ public static void usage(Options options) {
+ HelpFormatter formatter = new HelpFormatter();
+ formatter.printHelp("DRMTest", options);
+ System.exit(1);
+ }
+
+ public static void main(String args[]) {
+ String host = null;
+ String port = null;
+ String token_pwd = null;
+
+ // parse command line arguments
+ Options options = new Options();
+ options.addOption("h", true, "Hostname of the DRM");
+ options.addOption("p", true, "Port of the DRM");
+ options.addOption("w", true, "Token password");
+
+ try {
+ CommandLineParser parser = new PosixParser();
+ CommandLine cmd = parser.parse(options, args);
+
+ if (cmd.hasOption("h")) {
+ host = cmd.getOptionValue("h");
+ } else {
+ System.err.println("Error: no hostname provided.");
+ usage(options);
+ }
+
+ if (cmd.hasOption("p")) {
+ port = cmd.getOptionValue("p");
+ } else {
+ System.err.println("Error: no port provided");
+ usage(options);
+ }
+
+ if (cmd.hasOption("w")) {
+ token_pwd = cmd.getOptionValue("w");
+ } else {
+ System.err.println("Error: no token password provided");
+ usage(options);
+ }
+
+ } catch (ParseException e) {
+ System.err.println("Error in parsing command line options: " + e.getMessage());
+ usage(options);
+ }
+
+ // Initialize token
+ String db_dir = "./";
+ try {
+ CryptoManager.initialize(db_dir);
+ } catch (AlreadyInitializedException e) {
+ // it is ok if it is already initialized
+ } catch (Exception e) {
+ log("INITIALIZATION ERROR: " + e.toString());
+ System.exit(1);
+ }
+
+ // log into token
+ CryptoManager manager = null;
+ CryptoToken token = null;
+ try {
+ manager = CryptoManager.getInstance();
+ token = manager.getInternalKeyStorageToken();
+ Password password = new Password(token_pwd.toCharArray());
+ try {
+ token.login(password);
+ } catch (Exception e) {
+ log("login Exception: " + e.toString());
+ if (!token.isLoggedIn()) {
+ token.initPassword(password, password);
+ }
+ }
+ } catch (Exception e) {
+ log("Exception in logging into token:" + e.toString());
+ }
+
+ // Set base URI
+ String baseUri = "http://" + host + ":" + port + "/pki";
+
+ DRMRestClient client = new DRMRestClient(baseUri);
+
+ // Test 1: Get transport certificate from DRM
+ String transportCert = client.getTransportCert();
+ log("Transport Cert retrieved from DRM: " + transportCert);
+
+ // Test 2: Get list of completed key archival requests
+ log("\n\nList of completed archival requests");
+ Collection<KeyRequestInfo> list = client.listRequests("complete", "enrolment");
+ Iterator<KeyRequestInfo> iter = list.iterator();
+ while (iter.hasNext()) {
+ KeyRequestInfo info = iter.next();
+ printRequestInfo(info);
+ }
+
+ // Test 3: Get list of key recovery requests
+ log("\n\nList of completed recovery requests");
+ Collection<KeyRequestInfo> list2 = client.listRequests("complete", "recovery");
+ Iterator<KeyRequestInfo> iter2 = list2.iterator();
+ while (iter2.hasNext()) {
+ KeyRequestInfo info = iter2.next();
+ printRequestInfo(info);
+ }
+
+ // Test 4: Generate and archive a symmetric key
+ log("Archiving symmetric key");
+ SymmetricKey vek = null;
+ String keyId = null;
+ KeyGenerator kg1 = null;
+ String clientId = "UUID: 123-45-6789 VEK " + Calendar.getInstance().getTime().toString();
+ try {
+ kg1 = token.getKeyGenerator(KeyGenAlgorithm.DES3);
+ vek = kg1.generate();
+ byte[] encoded = createPKIArchiveOptions(manager, token, transportCert, vek, null, kg1);
+
+ KeyRequestInfo info = client.archiveSecurityData(encoded, clientId);
+ log("Archival Results:");
+ printRequestInfo(info);
+ keyId = getId(info.getKeyURL());
+ } catch (Exception e) {
+ log("Exception in archiving symmetric key:" + e.getMessage());
+ e.printStackTrace();
+ }
+
+ //Test 5: Get keyId for active key with client ID
+ log("Getting key ID for symmetric key");
+ KeyDataInfo keyInfo = client.getKeyData(clientId, "active");
+ String keyId2 = getId(keyInfo.getKeyURL());
+ if (keyId2 == null) {
+ log("No archived key found");
+ } else {
+ log("Archived Key found: " + keyId);
+ }
+
+ if (!keyId.equals(keyId2)) {
+ log("Error: key ids from search and archival do not match");
+ }
+
+ // Test 6: Submit a recovery request for the symmetric key using a session key
+ log("Submitting a recovery request for the symmetric key using session key");
+ SymmetricKey recoveryKey = null;
+ String recoveryRequestId = null;
+ byte[] wrappedRecoveryKey = null;
+ try {
+ recoveryKey = kg1.generate();
+ wrappedRecoveryKey = wrapSymmetricKey(manager, token, transportCert, recoveryKey);
+ KeyRequestInfo info = client.requestRecovery(keyId, null, wrappedRecoveryKey);
+ recoveryRequestId = getId(info.getRequestURL());
+ } catch (Exception e) {
+ log("Exception in recovering symmetric key using session key: " + e.getMessage());
+ }
+
+ // Test 7: Approve recovery
+ log("Approving recovery request: " + recoveryRequestId);
+ client.approveRecovery(recoveryRequestId);
+
+ // Test 8: Get key
+ log("Getting key: " + keyId);
+
+ KeyData keyData = client.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey);
+ String recoveredWrappedKey = keyData.getWrappedPrivateData();
+ String recoveredKey = unwrap(recoveredWrappedKey, recoveryKey);
+
+ if (!recoveredKey.equals(com.netscape.osutil.OSUtil.BtoA(vek.getEncoded()))) {
+ log("Error: recovered and archived keys do not match!");
+ }
+
+ // Test 9: Submit a recovery request for the symmetric key using a passphrase
+ log("Submitting a recovery request for the symmetric key using session key");
+ String recoveryPassphrase = "Gimme me keys please";
+ byte[] wrappedRecoveryPassphrase = wrapPassphrase(recoveryPassphrase, transportCert);
+ KeyRequestInfo info = client.requestRecovery(keyId, wrappedRecoveryPassphrase, null);
+ recoveryRequestId = getId(info.getRequestURL());
+
+ //Test 10: Approve recovery
+ log("Approving recovery request: " + recoveryRequestId);
+ client.approveRecovery(recoveryRequestId);
+
+ // Test 11: Get key
+ log("Getting key: " + keyId);
+ keyData = client.retrieveKey(keyId, recoveryRequestId, wrappedRecoveryPassphrase, null);
+ recoveredWrappedKey = keyData.getWrappedPrivateData();
+ recoveredKey = unwrap(recoveredWrappedKey, recoveryKey);
+
+ if (!recoveredKey.equals(com.netscape.osutil.OSUtil.BtoA(vek.getEncoded()))) {
+ log("Error: recovered and archived keys do not match!");
+ }
+
+ // Test 12: Generate and archive a passphrase
+ String passphrase = "Green Eggs and Ham 123";
+ clientId = "UUID: 123-45-6789 RKEK " + Calendar.getInstance().getTime().toString();
+ try {
+ byte[] encoded = createPKIArchiveOptions(manager, token, transportCert, null, passphrase, kg1);
+ info = client.archiveSecurityData(encoded, clientId);
+ log("Archival Results:");
+ printRequestInfo(info);
+ keyId = getId(info.getKeyURL());
+ } catch (Exception e) {
+ log("Exception in archiving symmetric key:" + e.toString());
+ e.printStackTrace();
+ }
+
+ //Test 13: Get keyId for active passphrase with client ID
+ log("Getting key ID for passphrase");
+ keyInfo = client.getKeyData(clientId, "active");
+ keyId2 = getId(keyInfo.getKeyURL());
+ if (keyId2 == null) {
+ log("No archived key found");
+ } else {
+ log("Archived Key found: " + keyId);
+ }
+
+ if (!keyId.equals(keyId2)) {
+ log("Error: key ids from search and archival do not match");
+ }
+
+ // Test 14: Submit a recovery request for the passphrase using a session key
+ log("Submitting a recovery request for the passphrase using session key");
+ recoveryKey = null;
+ recoveryRequestId = null;
+ wrappedRecoveryKey = null;
+ try {
+ recoveryKey = kg1.generate();
+ wrappedRecoveryKey = wrapSymmetricKey(manager, token, transportCert, recoveryKey);
+ info = client.requestRecovery(keyId, null, wrappedRecoveryKey);
+ recoveryRequestId = getId(info.getRequestURL());
+ } catch (Exception e) {
+ log("Exception in recovering passphrase using session key: " + e.getMessage());
+ }
+
+ // Test 15: Approve recovery
+ log("Approving recovery request: " + recoveryRequestId);
+ client.approveRecovery(recoveryRequestId);
+
+ // Test 16: Get key
+ log("Getting passphrase: " + keyId);
+
+ keyData = client.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey);
+ recoveredWrappedKey = keyData.getWrappedPrivateData();
+ recoveredKey = unwrap(recoveredWrappedKey, recoveryKey);
+
+ if (!unwrap(recoveredKey).equals(passphrase)) {
+ log("Error: recovered and archived passphrases do not match!");
+ }
+
+ // Test 17: Submit a recovery request for the passphrase using a passphrase
+ log("Submitting a recovery request for the passphrase using a passphrase");
+ info = client.requestRecovery(keyId, wrappedRecoveryPassphrase, null);
+ recoveryRequestId = getId(info.getRequestURL());
+
+ //Test 18: Approve recovery
+ log("Approving recovery request: " + recoveryRequestId);
+ client.approveRecovery(recoveryRequestId);
+
+ // Test 19: Get key
+ log("Getting passphrase: " + keyId);
+ keyData = client.retrieveKey(keyId, recoveryRequestId, wrappedRecoveryPassphrase, null);
+ recoveredWrappedKey = keyData.getWrappedPrivateData();
+ recoveredKey = unwrap(recoveredWrappedKey, recoveryKey);
+
+ if (!unwrap(recoveredKey).equals(passphrase)) {
+ log("Error: recovered and archived passphrases do not match!");
+ }
+
+ }
+
+ private static String unwrap(String recoveredKey) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ private static byte[] wrapPassphrase(String recoveryPassphrase, String transportCert) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ private static void log(String string) {
+ // TODO Auto-generated method stub
+ System.out.println(string);
+ }
+
+ private static String unwrap(String recoveredWrappedKey, SymmetricKey recoveryKey) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ private static String getId(String link) {
+ return link.substring(link.lastIndexOf("/"));
+ }
+
+ private static byte[] createPKIArchiveOptions(CryptoManager manager, CryptoToken token, String transportCert,
+ SymmetricKey vek, String passphrase, KeyGenerator kg1) throws TokenException, CharConversionException,
+ NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException,
+ CertificateEncodingException, IOException, IllegalStateException, IllegalBlockSizeException,
+ BadPaddingException {
+ EncryptionAlgorithm encryptionAlgorithm = null;
+ byte[] key_data = null;
+ byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
+ IVParameterSpec IV = null;
+ IV = new IVParameterSpec(iv);
+
+ //generate session key
+ SymmetricKey sk = kg1.generate();
+
+ if (passphrase != null) {
+ Cipher cipher = null;
+ encryptionAlgorithm = EncryptionAlgorithm.DES3_CBC_PAD;
+ cipher = token.getCipherContext(encryptionAlgorithm);
+ log("cipher " + cipher);
+
+ if (cipher != null) {
+ cipher.initEncrypt(sk, IV);
+ key_data = cipher.doFinal(passphrase.getBytes());
+ log("Pass phrase mode key_data: " + key_data);
+
+ // Try to decrypt
+ cipher.initDecrypt(sk, IV);
+ byte[] decrypted = cipher.doFinal(key_data);
+ String s = new String(decrypted);
+ log("Re decrypted pass phrase " + s);
+
+ } else {
+ throw new IOException("Failed to create cipher");
+ }
+ } else {
+ // wrap payload using session key
+ KeyWrapper wrapper1 = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD);
+ wrapper1.initWrap(sk, new IVParameterSpec(iv));
+ key_data = wrapper1.wrap(vek);
+ }
+
+ // wrap session key using transport key
+ byte[] session_data = wrapSymmetricKey(manager, token, transportCert, sk);
+
+ // create PKIArchiveOptions structure
+ AlgorithmIdentifier algS = new AlgorithmIdentifier(new OBJECT_IDENTIFIER("1.2.840.113549.3.7"),
+ new OCTET_STRING(iv));
+ EncryptedValue encValue = new EncryptedValue(null, algS, new BIT_STRING(session_data, 0), null, null,
+ new BIT_STRING(key_data, 0));
+ EncryptedKey key = new EncryptedKey(encValue);
+ PKIArchiveOptions opt = new PKIArchiveOptions(key);
+ SEQUENCE seq = new SEQUENCE();
+ seq.addElement(new AVA(new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.5.1.4"), opt));
+
+ ByteArrayOutputStream bo = new ByteArrayOutputStream();
+ seq.encode(bo);
+ byte[] encoded = bo.toByteArray();
+ return encoded;
+ }
+
+ private static byte[] wrapSymmetricKey(CryptoManager manager, CryptoToken token, String transportCert,
+ SymmetricKey sk) throws CertificateEncodingException, TokenException, NoSuchAlgorithmException,
+ InvalidKeyException, InvalidAlgorithmParameterException {
+ byte transport[] = com.netscape.osutil.OSUtil.AtoB(transportCert);
+ X509Certificate tcert = manager.importCACertPackage(transport);
+ KeyWrapper rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA);
+ rsaWrap.initWrap(tcert.getPublicKey(), null);
+ byte session_data[] = rsaWrap.wrap(sk);
+ return session_data;
+ }
+
+ private static void printRequestInfo(KeyRequestInfo info) {
+ log("KeyRequestURL: " + info.getRequestURL());
+ log("Key URL: " + info.getKeyURL());
+ log("Status: " + info.getRequestStatus());
+ log("Type: " + info.getRequestType());
+ }
+
+}