summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristina Fu <cfu@redhat.com>2016-04-05 11:44:00 -0700
committerChristina Fu <cfu@redhat.com>2016-04-13 14:51:54 -0700
commite832349f8846ab398b17b98ebe9862bc700d1b7f (patch)
treee9d6da783634e9cc9ad81794d7178c8126710a13
parent8e291fba835f6640a262e01333aa58cf9bd5220f (diff)
downloadpki-e832349f8846ab398b17b98ebe9862bc700d1b7f.tar.gz
pki-e832349f8846ab398b17b98ebe9862bc700d1b7f.tar.xz
pki-e832349f8846ab398b17b98ebe9862bc700d1b7f.zip
Ticket #2271 TMS- clean up key archival request records in ldap
This patch does the following: * it adds in the kra request an extra field called "delayLDAPCommit" * when the request comes in to be processed, it sets this field to "false" * by default, if this field does not exist, the updateRequest() method will just write to ldap, just like before; however, if this field exists and it contains "true" then it will delay the write * once the request is processed and all unwanted fields are cleared from the request record, it will set "delayLDAPCommit" to "false", and call updateRequest(), which will then do the actual write to ldap * In addition, I also screened through both KRA and TPS code and removed debug messages that contain those fields.
Diffstat
-rw-r--r--base/kra/src/com/netscape/kra/NetkeyKeygenService.java6
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java15
-rw-r--r--base/server/cmscore/src/com/netscape/cmscore/request/ARequestQueue.java11
-rw-r--r--base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java21
-rw-r--r--base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java2
-rw-r--r--base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java12
6 files changed, 45 insertions, 22 deletions
diff --git a/base/kra/src/com/netscape/kra/NetkeyKeygenService.java b/base/kra/src/com/netscape/kra/NetkeyKeygenService.java
index f409eea96..e77ef25db 100644
--- a/base/kra/src/com/netscape/kra/NetkeyKeygenService.java
+++ b/base/kra/src/com/netscape/kra/NetkeyKeygenService.java
@@ -410,6 +410,12 @@ public class NetkeyKeygenService implements IService {
audit(auditMessage);
String rWrappedDesKeyString = request.getExtDataInString(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY);
+ // the request reocrd field delayLDAPCommit == "true" will cause
+ // updateRequest() to delay actual write to ldap
+ request.setExtData("delayLDAPCommit", "true");
+ // wrappedDesKey no longer needed. removing.
+ request.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, "");
+
// CMS.debug("NetkeyKeygenService: received DRM-trans-wrapped DES key ="+rWrappedDesKeyString);
wrapped_des_key = com.netscape.cmsutil.util.Utils.SpecialDecode(rWrappedDesKeyString);
CMS.debug("NetkeyKeygenService: wrapped_des_key specialDecoded");
diff --git a/base/server/cms/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java b/base/server/cms/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
index 83f159a83..7cf750a33 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
@@ -234,6 +234,19 @@ public class GenerateKeyPairServlet extends CMSServlet {
String ivString = thisreq.getExtDataInString("iv_s");
/*
+ * clean up fields in request
+ */
+ thisreq.setExtData("wrappedUserPrivate", "");
+ thisreq.setExtData("public_key", "");
+ thisreq.setExtData("iv_s", "");
+ thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, "");
+ String test = thisreq.getExtDataInString("wrappedUserPrivate");
+
+ // now that fields are cleared, we can really write to ldap
+ thisreq.setExtData("delayLDAPCommit", "false");
+ queue.updateRequest(thisreq);
+
+ /*
if (selectedToken == null)
status = "4";
*/
@@ -251,7 +264,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
value = sb.toString();
}
- CMS.debug("processServerSideKeyGen:outputString.encode " + value);
+ //CMS.debug("processServerSideKeyGen:outputString.encode " + value);
try {
resp.setContentLength(value.length());
diff --git a/base/server/cmscore/src/com/netscape/cmscore/request/ARequestQueue.java b/base/server/cmscore/src/com/netscape/cmscore/request/ARequestQueue.java
index 3d82f8eb5..798da3fa5 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/request/ARequestQueue.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/request/ARequestQueue.java
@@ -540,6 +540,8 @@ public abstract class ARequestQueue
}
public void updateRequest(IRequest r) {
+ // defualt is to really update ldap
+ String delayLDAPCommit = r.getExtDataInString("delayLDAPCommit");
((Request) r).mModificationTime = CMS.getCurrentDate();
String name = getUserIdentity();
@@ -547,9 +549,12 @@ public abstract class ARequestQueue
if (name != null)
r.setExtData(IRequest.UPDATED_BY, name);
- // TODO: use a state flag to determine whether to call
- // addRequest or modifyRequest (see newRequest as well)
- modifyRequest(r);
+ // by default, write request to LDAP
+ if (delayLDAPCommit == null || !delayLDAPCommit.equals("true")) {
+ // TODO: use a state flag to determine whether to call
+ // addRequest or modifyRequest (see newRequest as well)
+ modifyRequest(r);
+ } // else: delay the write to ldap
}
// PRIVATE functions
diff --git a/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java b/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java
index 1f7347ddd..0f3de3351 100644
--- a/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java
+++ b/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java
@@ -107,7 +107,7 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler
"&" + IRemoteRequest.KRA_Trans_DesKey + "=" +
sDesKey;
- CMS.debug("KRARemoteRequestHandler: outgoing request for ECC: " + request);
+ //CMS.debug("KRARemoteRequestHandler: outgoing request for ECC: " + request);
resp =
conn.send("GenerateKeyPair",
@@ -127,7 +127,7 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler
"&" + IRemoteRequest.KRA_Trans_DesKey + "=" +
sDesKey;
- CMS.debug("KRARemoteRequestHandler: outgoing request for RSA: " + request);
+ //CMS.debug("KRARemoteRequestHandler: outgoing request for RSA: " + request);
resp =
conn.send("GenerateKeyPair",
@@ -144,8 +144,8 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler
String content = resp.getContent();
- CMS.debug("KRARemoteRequestHandler: serverSideKeyGen(): got content = " + content);
if (content != null && !content.equals("")) {
+ CMS.debug("KRARemoteRequestHandler: serverSideKeyGen(): got content");
Hashtable<String, Object> response =
parseResponse(content);
@@ -192,8 +192,7 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler
CMS.debug("KRARemoteRequestHandler: serverSideKeyGen(): response missing name-value pair for: " +
IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey);
} else {
- CMS.debug("KRARemoteRequestHandler:serverSideKeyGen(): got IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey= "
- + value);
+ CMS.debug("KRARemoteRequestHandler:serverSideKeyGen(): got IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey");
response.put(IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey, value);
}
@@ -202,8 +201,7 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler
CMS.debug("KRARemoteRequestHandler: serverSideKeyGen(): response missing name-value pair for: " +
IRemoteRequest.KRA_RESPONSE_IV_Param);
} else {
- CMS.debug("KRARemoteRequestHandler:serverSideKeyGen(): got IRemoteRequest.KRA_RESPONSE_IV_Param= "
- + value);
+ CMS.debug("KRARemoteRequestHandler:serverSideKeyGen(): got IRemoteRequest.KRA_RESPONSE_IV_Param");
response.put(IRemoteRequest.KRA_RESPONSE_IV_Param, value);
}
@@ -283,7 +281,7 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler
"&" + IRemoteRequest.KRA_Trans_DesKey + "=" +
sDesKey;
}
- CMS.debug("KRARemoteRequestHandler: recoverKey(): sendMsg =" + sendMsg);
+ //CMS.debug("KRARemoteRequestHandler: recoverKey(): sendMsg =" + sendMsg);
HttpResponse resp =
conn.send("TokenKeyRecovery",
sendMsg);
@@ -294,8 +292,8 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler
String content = resp.getContent();
- CMS.debug("KRARemoteRequestHandler: recoverKey(): got content = " + content);
if (content != null && !content.equals("")) {
+ CMS.debug("KRARemoteRequestHandler: recoverKey(): got content");
Hashtable<String, Object> response =
parseResponse(content);
@@ -337,8 +335,7 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler
CMS.debug("KRARemoteRequestHandler: recoverKey(): response missing name-value pair for: " +
IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey);
} else {
- CMS.debug("KRARemoteRequestHandler:recoverKey(): got IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey= "
- + value);
+ CMS.debug("KRARemoteRequestHandler:recoverKey(): got IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey");
response.put(IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey, value);
}
@@ -347,7 +344,7 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler
CMS.debug("KRARemoteRequestHandler: recoverKey(): response missing name-value pair for: " +
IRemoteRequest.KRA_RESPONSE_IV_Param);
} else {
- CMS.debug("KRARemoteRequestHandler:recoverKey(): got IRemoteRequest.KRA_RESPONSE_IV_Param= " + value);
+ CMS.debug("KRARemoteRequestHandler:recoverKey(): got IRemoteRequest.KRA_RESPONSE_IV_Param");
response.put(IRemoteRequest.KRA_RESPONSE_IV_Param, value);
}
diff --git a/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java b/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java
index 32dd7a200..bc9d12c19 100644
--- a/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java
+++ b/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java
@@ -537,9 +537,11 @@ public class TPSEngine {
boolean archive,
boolean isECC) throws TPSException {
+/*
CMS.debug("TPSEngine.serverSideKeyGen entering... keySize: " + keySize + " cuid: " + cuid + " userid: "
+ userid + " drmConnId: " + drmConnId + " wrappedDesKey: " + wrappedDesKey + " archive: " + archive
+ " isECC: " + isECC);
+*/
if (cuid == null || userid == null || drmConnId == null || wrappedDesKey == null) {
throw new TPSException("TPSEngine.serverSideKeyGen: Invalid input data!",
diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
index 07f7fa0d0..19df79f53 100644
--- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
+++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
@@ -2816,7 +2816,7 @@ public class TPSEnrollProcessor extends TPSProcessor {
TPSBuffer privKeyBuff = new TPSBuffer(Util.uriDecodeFromHex(wrappedPrivKeyStr));
privKeyBlob.add(privKeyBuff);
- CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8 privKeyBlob: " + privKeyBlob.toHexString());
+ //CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8 privKeyBlob: " + privKeyBlob.toHexString());
byte[] perms = { 0x40,
0x00,
@@ -2840,7 +2840,7 @@ public class TPSEnrollProcessor extends TPSProcessor {
CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8 : keyCheck: " + keyCheck.toHexString());
// String ivParams = ssKeyGenResponse.getIVParam();
- CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8: ivParams: " + ivParams);
+ //CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8: ivParams: " + ivParams);
TPSBuffer ivParamsBuff = new TPSBuffer(Util.uriDecodeFromHex(ivParams));
if (ivParamsBuff.size() == 0) {
@@ -2851,9 +2851,9 @@ public class TPSEnrollProcessor extends TPSProcessor {
TPSBuffer kekWrappedDesKey = channel.getKekDesKey();
- if (kekWrappedDesKey != null)
- CMS.debug("TPSEnrollProcessor.importPrivateKeyPKCS8: keyWrappedDesKey: " + kekWrappedDesKey.toHexString());
- else
+ if (kekWrappedDesKey != null) {
+ //CMS.debug("TPSEnrollProcessor.importPrivateKeyPKCS8: keyWrappedDesKey: " + kekWrappedDesKey.toHexString());
+ } else
CMS.debug("TPSEnrollProcessor.iportPrivateKeyPKC8: null kekWrappedDesKey!");
byte alg = (byte) 0x80;
@@ -2873,7 +2873,7 @@ public class TPSEnrollProcessor extends TPSProcessor {
}
data.add((byte) ivParamsBuff.size());
data.add(ivParamsBuff);
- CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8: key data outgoing: " + data.toHexString());
+ //CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8: key data outgoing: " + data.toHexString());
int pe1 = (cEnrollInfo.getKeyUser() << 4) + cEnrollInfo.getPrivateKeyNumber();
int pe2 = (cEnrollInfo.getKeyUsage() << 4) + cEnrollInfo.getPublicKeyNumber();
generated by cgit (git 2.34.1) at 2024-05-08 02:41:29 +0000