diff options
author | Endi S. Dewata <edewata@redhat.com> | 2014-02-17 16:07:52 -0500 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2014-02-19 11:10:13 -0500 |
commit | abda3f089591fb9db31f6ddeb174e86c6bc0fbee (patch) | |
tree | c87095613684e80e4320426cc7bc529d01d5efbf | |
parent | f28f20174d269dc0ef8ed67fb927e7d4efad7ed2 (diff) | |
download | pki-abda3f089591fb9db31f6ddeb174e86c6bc0fbee.tar.gz pki-abda3f089591fb9db31f6ddeb174e86c6bc0fbee.tar.xz pki-abda3f089591fb9db31f6ddeb174e86c6bc0fbee.zip |
Updated REST interface for keys.
The REST interface for keys has been modified to return Response
objects to allow better handling of server responses. Key-related
methods in KRAClient have been moved into KeyClient. The DRMTest
has been updated accordingly.
Ticket #554
7 files changed, 209 insertions, 212 deletions
diff --git a/base/common/src/com/netscape/certsrv/key/KeyClient.java b/base/common/src/com/netscape/certsrv/key/KeyClient.java index 7ab87fe09..bdb84fddb 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyClient.java +++ b/base/common/src/com/netscape/certsrv/key/KeyClient.java @@ -18,13 +18,16 @@ package com.netscape.certsrv.key; import java.net.URISyntaxException; +import java.util.List; import javax.ws.rs.core.Response; import com.netscape.certsrv.base.ResourceMessage; import com.netscape.certsrv.client.Client; import com.netscape.certsrv.client.PKIClient; +import com.netscape.certsrv.dbs.keydb.KeyId; import com.netscape.certsrv.request.RequestId; +import com.netscape.cmsutil.util.Utils; /** * @author Endi S. Dewata @@ -46,14 +49,52 @@ public class KeyClient extends Client { public KeyInfoCollection findKeys(String clientID, String status, Integer maxSize, Integer maxTime, Integer start, Integer size) { - return keyClient.listKeys(clientID, status, maxSize, maxTime, start, size); + Response response = keyClient.listKeys(clientID, status, maxSize, maxTime, start, size); + return client.getEntity(response, KeyInfoCollection.class); + } + + public KeyInfo getActiveKeyInfo(String clientID) { + Response response = keyClient.getActiveKeyInfo(clientID); + return client.getEntity(response, KeyInfo.class); + } + + public KeyData retrieveKey(KeyId keyId, RequestId requestId, byte[] rpwd, byte[] rkey, byte[] nonceData) { + // create recovery request + KeyRecoveryRequest data = new KeyRecoveryRequest(); + data.setKeyId(keyId); + data.setRequestId(requestId); + if (rkey != null) { + data.setTransWrappedSessionKey(Utils.base64encode(rkey)); + } + if (rpwd != null) { + data.setSessionWrappedPassphrase(Utils.base64encode(rpwd)); + } + + if (nonceData != null) { + data.setNonceData(Utils.base64encode(nonceData)); + } + + return retrieveKey(data); } public KeyData retrieveKey(KeyRecoveryRequest data) { - return keyClient.retrieveKey(data); + Response response = keyClient.retrieveKey(data); + return client.getEntity(response, KeyData.class); + } + + public KeyRequestInfoCollection findRequests(String requestState, String requestType) { + return findRequests( + requestState, + requestType, + null, + new RequestId(0), + 100, + 100, + 10 + ); } - public KeyRequestInfoCollection findKeyRequests( + public KeyRequestInfoCollection findRequests( String requestState, String requestType, String clientID, @@ -71,15 +112,65 @@ public class KeyClient extends Client { maxTime); } + public KeyRequestInfo getRequestInfo(RequestId id) { + return keyRequestClient.getRequestInfo(id); + } + + public KeyRequestResponse archiveSecurityData(byte[] encoded, String clientId, String dataType, String algorithm, int strength) { + // create archival request + KeyArchivalRequest data = new KeyArchivalRequest(); + String req1 = Utils.base64encode(encoded); + data.setWrappedPrivateData(req1); + data.setClientId(clientId); + data.setDataType(dataType); + data.setKeyAlgorithm(algorithm); + data.setKeySize(strength); + + return createRequest(data); + } + + public KeyRequestResponse requestRecovery(KeyId keyId, byte[] rpwd, byte[] rkey, byte[] nonceData) { + // create recovery request + KeyRecoveryRequest data = new KeyRecoveryRequest(); + data.setKeyId(keyId); + if (rpwd != null) { + data.setSessionWrappedPassphrase(Utils.base64encode(rpwd)); + } + if (rkey != null) { + data.setTransWrappedSessionKey(Utils.base64encode(rkey)); + } + + if (nonceData != null) { + data.setNonceData(Utils.base64encode(nonceData)); + } + + return createRequest(data); + } + + public KeyRequestResponse requestKeyRecovery(String keyId, String b64Certificate) { + // create key recovery request + KeyRecoveryRequest data = new KeyRecoveryRequest(); + data.setKeyId(new KeyId(keyId)); + data.setCertificate(b64Certificate); + + return createRequest(data); + } + + public KeyRequestResponse generateKey(String clientId, String keyAlgorithm, int keySize, List<String> usages) { + SymKeyGenerationRequest data = new SymKeyGenerationRequest(); + data.setClientId(clientId); + data.setKeyAlgorithm(keyAlgorithm); + data.setKeySize(new Integer(keySize)); + data.setUsages(usages); + + return createRequest(data); + } + public KeyRequestResponse createRequest(ResourceMessage data) { Response response = keyRequestClient.createRequest(data); return client.getEntity(response, KeyRequestResponse.class); } - public KeyRequestInfo getRequestInfo(RequestId id) { - return keyRequestClient.getRequestInfo(id); - } - public void approveRequest(RequestId id) { keyRequestClient.approveRequest(id); } diff --git a/base/common/src/com/netscape/certsrv/key/KeyResource.java b/base/common/src/com/netscape/certsrv/key/KeyResource.java index 04d57fd2b..78ce15344 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyResource.java +++ b/base/common/src/com/netscape/certsrv/key/KeyResource.java @@ -4,10 +4,14 @@ import javax.ws.rs.Consumes; import javax.ws.rs.GET; import javax.ws.rs.POST; import javax.ws.rs.Path; +import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MultivaluedMap; +import javax.ws.rs.core.Response; + +import org.jboss.resteasy.annotations.ClientResponseType; import com.netscape.certsrv.acls.ACLMapping; import com.netscape.certsrv.authentication.AuthMethodMapping; @@ -19,14 +23,20 @@ import com.netscape.certsrv.authentication.AuthMethodMapping; public interface KeyResource { @GET + @ClientResponseType(entityType=KeyInfoCollection.class) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - public KeyInfoCollection listKeys(@QueryParam("clientID") String clientID, + public Response listKeys(@QueryParam("clientID") String clientID, @QueryParam("status") String status, @QueryParam("maxResults") Integer maxResults, @QueryParam("maxTime") Integer maxTime, @QueryParam("start") Integer start, @QueryParam("size") Integer size); + @GET + @Path("active/{clientID}") + @ClientResponseType(entityType=KeyInfo.class) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + public Response getActiveKeyInfo(@PathParam("clientID") String clientID); /** * Used to retrieve a key @@ -35,14 +45,16 @@ public interface KeyResource { */ @POST @Path("retrieve") + @ClientResponseType(entityType=KeyData.class) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - public KeyData retrieveKey(KeyRecoveryRequest data); + public Response retrieveKey(KeyRecoveryRequest data); // retrieval - used to test integration with a browser @POST @Path("retrieve") + @ClientResponseType(entityType=KeyData.class) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Consumes({ MediaType.APPLICATION_FORM_URLENCODED }) - public KeyData retrieveKey(MultivaluedMap<String, String> form); + public Response retrieveKey(MultivaluedMap<String, String> form); } diff --git a/base/common/src/com/netscape/certsrv/kra/KRAClient.java b/base/common/src/com/netscape/certsrv/kra/KRAClient.java index 52ec25349..1cdb879e6 100644 --- a/base/common/src/com/netscape/certsrv/kra/KRAClient.java +++ b/base/common/src/com/netscape/certsrv/kra/KRAClient.java @@ -1,39 +1,18 @@ package com.netscape.certsrv.kra; import java.net.URISyntaxException; -import java.util.Collection; -import java.util.Iterator; -import java.util.List; - -import javax.ws.rs.core.Response; import com.netscape.certsrv.client.PKIClient; import com.netscape.certsrv.client.SubsystemClient; -import com.netscape.certsrv.dbs.keydb.KeyId; import com.netscape.certsrv.group.GroupClient; -import com.netscape.certsrv.key.KeyArchivalRequest; -import com.netscape.certsrv.key.KeyData; -import com.netscape.certsrv.key.KeyInfo; -import com.netscape.certsrv.key.KeyInfoCollection; -import com.netscape.certsrv.key.KeyRecoveryRequest; -import com.netscape.certsrv.key.KeyRequestInfo; -import com.netscape.certsrv.key.KeyRequestInfoCollection; -import com.netscape.certsrv.key.KeyRequestResource; -import com.netscape.certsrv.key.KeyRequestResponse; -import com.netscape.certsrv.key.KeyResource; -import com.netscape.certsrv.key.SymKeyGenerationRequest; +import com.netscape.certsrv.key.KeyClient; import com.netscape.certsrv.logging.AuditClient; -import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.selftests.SelfTestClient; import com.netscape.certsrv.system.SystemCertClient; import com.netscape.certsrv.user.UserClient; -import com.netscape.cmsutil.util.Utils; public class KRAClient extends SubsystemClient { - private KeyResource keyClient; - private KeyRequestResource keyRequestClient; - public KRAClient(PKIClient client) throws URISyntaxException { super(client, "kra"); init(); @@ -43,126 +22,9 @@ public class KRAClient extends SubsystemClient { addClient(new AuditClient(client, name)); addClient(new GroupClient(client, name)); + addClient(new KeyClient(client, name)); addClient(new SelfTestClient(client, name)); addClient(new SystemCertClient(client, name)); addClient(new UserClient(client, name)); - - keyRequestClient = createProxy(KeyRequestResource.class); - keyClient = createProxy(KeyResource.class); - } - - public Collection<KeyRequestInfo> listRequests(String requestState, String requestType) { - KeyRequestInfoCollection infos = keyRequestClient.listRequests( - requestState, requestType, null, new RequestId(0), 100, 100, 10 - ); - Collection<KeyRequestInfo> list = infos.getEntries(); - return list; - } - - public KeyRequestResponse archiveSecurityData(byte[] encoded, String clientId, String dataType, String algorithm, int strength) { - // create archival request - KeyArchivalRequest data = new KeyArchivalRequest(); - String req1 = Utils.base64encode(encoded); - data.setWrappedPrivateData(req1); - data.setClientId(clientId); - data.setDataType(dataType); - data.setKeyAlgorithm(algorithm); - data.setKeySize(strength); - - Response response = keyRequestClient.createRequest(data); - return client.getEntity(response, KeyRequestResponse.class); - } - - public KeyInfo getKeyData(String clientId, String status) { - KeyInfoCollection infos = keyClient.listKeys(clientId, status, null, null, null, null); - Collection<KeyInfo> list = infos.getEntries(); - Iterator<KeyInfo> iter = list.iterator(); - - while (iter.hasNext()) { - KeyInfo info = iter.next(); - if (info != null) { - // return the first one - return info; - } - } - return null; - } - - public KeyRequestResponse requestRecovery(KeyId keyId, byte[] rpwd, byte[] rkey, byte[] nonceData) { - // create recovery request - KeyRecoveryRequest data = new KeyRecoveryRequest(); - data.setKeyId(keyId); - if (rpwd != null) { - data.setSessionWrappedPassphrase(Utils.base64encode(rpwd)); - } - if (rkey != null) { - data.setTransWrappedSessionKey(Utils.base64encode(rkey)); - } - - if (nonceData != null) { - data.setNonceData(Utils.base64encode(nonceData)); - } - - Response response = keyRequestClient.createRequest(data); - return client.getEntity(response, KeyRequestResponse.class); - } - - public void approveRecovery(RequestId recoveryId) { - keyRequestClient.approveRequest(recoveryId); - } - - public KeyData retrieveKey(KeyId keyId, RequestId requestId, byte[] rpwd, byte[] rkey, byte[] nonceData) { - // create recovery request - KeyRecoveryRequest data = new KeyRecoveryRequest(); - data.setKeyId(keyId); - data.setRequestId(requestId); - if (rkey != null) { - data.setTransWrappedSessionKey(Utils.base64encode(rkey)); - } - if (rpwd != null) { - data.setSessionWrappedPassphrase(Utils.base64encode(rpwd)); - } - - if (nonceData != null) { - data.setNonceData(Utils.base64encode(nonceData)); - } - - KeyData key = keyClient.retrieveKey(data); - return key; - } - - public KeyRequestInfo getRequest(RequestId id) { - return keyRequestClient.getRequestInfo(id); - } - - public KeyRequestResponse requestKeyRecovery(String keyId, String b64Certificate) { - // create key recovery request - KeyRecoveryRequest data = new KeyRecoveryRequest(); - data.setKeyId(new KeyId(keyId)); - data.setCertificate(b64Certificate); - - Response response = keyRequestClient.createRequest(data); - return client.getEntity(response, KeyRequestResponse.class); - } - - public KeyData recoverKey(RequestId requestId, String passphrase) { - // recover key based on approved request - KeyRecoveryRequest data = new KeyRecoveryRequest(); - data.setRequestId(requestId); - data.setPassphrase(passphrase); - - KeyData key = keyClient.retrieveKey(data); - return key; - } - - public KeyRequestResponse generateKey(String clientId, String keyAlgorithm, int keySize, List<String> usages) { - SymKeyGenerationRequest data = new SymKeyGenerationRequest(); - data.setClientId(clientId); - data.setKeyAlgorithm(keyAlgorithm); - data.setKeySize(new Integer(keySize)); - data.setUsages(usages); - - Response response = keyRequestClient.createRequest(data); - return client.getEntity(response, KeyRequestResponse.class); } } diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyRequestFindCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyRequestFindCLI.java index 4714aae31..633d34d03 100644 --- a/base/java-tools/src/com/netscape/cmstools/key/KeyRequestFindCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/key/KeyRequestFindCLI.java @@ -103,7 +103,7 @@ public class KeyRequestFindCLI extends CLI { s = cmd.getOptionValue("maxTime"); Integer maxTime = s == null ? null : Integer.valueOf(s); - KeyRequestInfoCollection keys = keyCLI.keyClient.findKeyRequests( + KeyRequestInfoCollection keys = keyCLI.keyClient.findRequests( status, type, clientID, start, pageSize, maxResults, maxTime); MainCLI.printMessage(keys.getTotal() + " entries matched"); diff --git a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java index 5e7dd855f..5b2d39af3 100644 --- a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java +++ b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java @@ -19,7 +19,6 @@ package com.netscape.cms.servlet.test; import java.util.ArrayList; import java.util.Calendar; -import java.util.Collection; import java.util.Iterator; import java.util.List; import java.util.Random; @@ -43,9 +42,11 @@ import org.mozilla.jss.util.Password; import com.netscape.certsrv.client.ClientConfig; import com.netscape.certsrv.client.PKIClient; import com.netscape.certsrv.dbs.keydb.KeyId; +import com.netscape.certsrv.key.KeyClient; import com.netscape.certsrv.key.KeyData; import com.netscape.certsrv.key.KeyInfo; import com.netscape.certsrv.key.KeyRequestInfo; +import com.netscape.certsrv.key.KeyRequestInfoCollection; import com.netscape.certsrv.key.KeyRequestResource; import com.netscape.certsrv.key.KeyRequestResponse; import com.netscape.certsrv.key.SymKeyGenerationRequest; @@ -205,6 +206,7 @@ public class DRMTest { KRAClient client; SystemCertClient systemCertClient; + KeyClient keyClient; try { ClientConfig config = new ClientConfig(); config.setServerURI(protocol + "://" + host + ":" + port + "/kra"); @@ -212,6 +214,7 @@ public class DRMTest { client = new KRAClient(new PKIClient(config)); systemCertClient = (SystemCertClient)client.getClient("systemcert"); + keyClient = (KeyClient)client.getClient("key"); } catch (Exception e) { e.printStackTrace(); @@ -227,11 +230,11 @@ public class DRMTest { // Test 2: Get list of completed key archival requests log("\n\nList of completed archival requests"); - Collection<KeyRequestInfo> list = client.listRequests("complete", "securityDataEnrollment"); - if (list == null) { + KeyRequestInfoCollection list = keyClient.findRequests("complete", "securityDataEnrollment"); + if (list.getTotal() == 0) { log("No requests found"); } else { - Iterator<KeyRequestInfo> iter = list.iterator(); + Iterator<KeyRequestInfo> iter = list.getEntries().iterator(); while (iter.hasNext()) { KeyRequestInfo info = iter.next(); printRequestInfo(info); @@ -240,11 +243,11 @@ public class DRMTest { // Test 3: Get list of key recovery requests log("\n\nList of completed recovery requests"); - Collection<KeyRequestInfo> list2 = client.listRequests("complete", "securityDataRecovery"); - if (list2 == null) { + KeyRequestInfoCollection list2 = keyClient.findRequests("complete", "securityDataRecovery"); + if (list2.getTotal() == 0) { log("No requests found"); } else { - Iterator<KeyRequestInfo> iter2 = list2.iterator(); + Iterator<KeyRequestInfo> iter2 = list2.getEntries().iterator(); while (iter2.hasNext()) { KeyRequestInfo info = iter2.next(); printRequestInfo(info); @@ -259,7 +262,7 @@ public class DRMTest { byte[] encoded = CryptoUtil.createPKIArchiveOptions(manager, token, transportCert, vek, null, KeyGenAlgorithm.DES3, ivps); - KeyRequestResponse info = client.archiveSecurityData(encoded, clientId, + KeyRequestResponse info = keyClient.archiveSecurityData(encoded, clientId, KeyRequestResource.SYMMETRIC_KEY_TYPE, KeyRequestResource.DES3_ALGORITHM, 0); log("Archival Results:"); printRequestInfo(info.getRequestInfo()); @@ -272,7 +275,7 @@ public class DRMTest { //Test 5: Get keyId for active key with client ID log("Getting key ID for symmetric key"); - keyInfo = client.getKeyData(clientId, "active"); + keyInfo = keyClient.getActiveKeyInfo(clientId); printKeyInfo(keyInfo); KeyId keyId2 = keyInfo.getKeyId(); if (keyId2 == null) { @@ -292,7 +295,7 @@ public class DRMTest { try { recoveryKey = CryptoUtil.generateKey(token, KeyGenAlgorithm.DES3); wrappedRecoveryKey = CryptoUtil.wrapSymmetricKey(manager, token, transportCert, recoveryKey); - KeyRequestResponse info = client.requestRecovery(keyId, null, wrappedRecoveryKey, + KeyRequestResponse info = keyClient.requestRecovery(keyId, null, wrappedRecoveryKey, ivps.getIV()); recoveryRequestId = info.getRequestInfo().getRequestId(); } catch (Exception e) { @@ -301,12 +304,12 @@ public class DRMTest { // Test 7: Approve recovery log("Approving recovery request: " + recoveryRequestId); - client.approveRecovery(recoveryRequestId); + keyClient.approveRequest(recoveryRequestId); // Test 8: Get key log("Getting key: " + keyId); - keyData = client.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey, ivps.getIV()); + keyData = keyClient.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey, ivps.getIV()); wrappedRecoveredKey = keyData.getWrappedPrivateData(); ivps_server = new IVParameterSpec(Utils.base64decode(keyData.getNonceData())); @@ -335,7 +338,7 @@ public class DRMTest { EncryptionAlgorithm.DES3_CBC_PAD); wrappedRecoveryKey = CryptoUtil.wrapSymmetricKey(manager, token, transportCert, recoveryKey); - requestResponse = client.requestRecovery(keyId, wrappedRecoveryPassphrase, wrappedRecoveryKey, ivps.getIV()); + requestResponse = keyClient.requestRecovery(keyId, wrappedRecoveryPassphrase, wrappedRecoveryKey, ivps.getIV()); recoveryRequestId = requestResponse.getRequestInfo().getRequestId(); } catch (Exception e) { log("Exception in recovering symmetric key using passphrase" + e.toString()); @@ -344,11 +347,11 @@ public class DRMTest { //Test 10: Approve recovery log("Approving recovery request: " + recoveryRequestId); - client.approveRecovery(recoveryRequestId); + keyClient.approveRequest(recoveryRequestId); // Test 11: Get key log("Getting key: " + keyId); - keyData = client.retrieveKey(keyId, recoveryRequestId, wrappedRecoveryPassphrase, wrappedRecoveryKey, ivps.getIV()); + keyData = keyClient.retrieveKey(keyId, recoveryRequestId, wrappedRecoveryPassphrase, wrappedRecoveryKey, ivps.getIV()); wrappedRecoveredKey = keyData.getWrappedPrivateData(); try { @@ -371,7 +374,7 @@ public class DRMTest { try { byte[] encoded = CryptoUtil.createPKIArchiveOptions(manager, token, transportCert, null, passphrase, KeyGenAlgorithm.DES3, ivps); - requestResponse = client.archiveSecurityData(encoded, clientId, + requestResponse = keyClient.archiveSecurityData(encoded, clientId, KeyRequestResource.PASS_PHRASE_TYPE, null, 0); log("Archival Results:"); printRequestInfo(requestResponse.getRequestInfo()); @@ -383,7 +386,7 @@ public class DRMTest { //Test 13: Get keyId for active passphrase with client ID log("Getting key ID for passphrase"); - keyInfo = client.getKeyData(clientId, "active"); + keyInfo = keyClient.getActiveKeyInfo(clientId); printKeyInfo(keyInfo); keyId2 = keyInfo.getKeyId(); if (keyId2 == null) { @@ -408,7 +411,7 @@ public class DRMTest { wrappedRecoveryKey = CryptoUtil.wrapSymmetricKey(manager, token, transportCert, recoveryKey); wrappedRecoveryPassphrase = CryptoUtil.wrapPassphrase(token, recoveryPassphrase, ivps, recoveryKey, EncryptionAlgorithm.DES3_CBC_PAD); - requestResponse = client.requestRecovery(keyId, null, wrappedRecoveryKey, ivps.getIV()); + requestResponse = keyClient.requestRecovery(keyId, null, wrappedRecoveryKey, ivps.getIV()); recoveryRequestId = requestResponse.getRequestInfo().getRequestId(); } catch (Exception e) { log("Exception in recovering passphrase using session key: " + e.getMessage()); @@ -416,12 +419,12 @@ public class DRMTest { // Test 15: Approve recovery log("Approving recovery request: " + recoveryRequestId); - client.approveRecovery(recoveryRequestId); + keyClient.approveRequest(recoveryRequestId); // Test 16: Get key log("Getting passphrase: " + keyId); - keyData = client.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey, ivps.getIV()); + keyData = keyClient.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey, ivps.getIV()); wrappedRecoveredKey = keyData.getWrappedPrivateData(); ivps_server = new IVParameterSpec( Utils.base64decode(keyData.getNonceData())); try { @@ -442,16 +445,16 @@ public class DRMTest { // Test 17: Submit a recovery request for the passphrase using a passphrase log("Submitting a recovery request for the passphrase using a passphrase"); - requestResponse = client.requestRecovery(keyId, wrappedRecoveryPassphrase, wrappedRecoveryKey, ivps.getIV()); + requestResponse = keyClient.requestRecovery(keyId, wrappedRecoveryPassphrase, wrappedRecoveryKey, ivps.getIV()); recoveryRequestId = requestResponse.getRequestInfo().getRequestId(); //Test 18: Approve recovery log("Approving recovery request: " + recoveryRequestId); - client.approveRecovery(recoveryRequestId); + keyClient.approveRequest(recoveryRequestId); // Test 19: Get key log("Getting passphrase: " + keyId); - keyData = client.retrieveKey(keyId, recoveryRequestId, wrappedRecoveryPassphrase, wrappedRecoveryKey, ivps.getIV()); + keyData = keyClient.retrieveKey(keyId, recoveryRequestId, wrappedRecoveryPassphrase, wrappedRecoveryKey, ivps.getIV()); wrappedRecoveredKey = keyData.getWrappedPrivateData(); try { recoveredKey = CryptoUtil.unwrapUsingPassphrase(wrappedRecoveredKey, recoveryPassphrase); @@ -471,16 +474,16 @@ public class DRMTest { //Wait until retrieving key before sending input data. log("Submitting a recovery request for the passphrase using a passphrase, wait till end to provide recovery data."); - requestResponse = client.requestRecovery(keyId, null, null, null); + requestResponse = keyClient.requestRecovery(keyId, null, null, null); recoveryRequestId = requestResponse.getRequestInfo().getRequestId(); //Test 21: Approve recovery log("Approving recovery request: " + recoveryRequestId); - client.approveRecovery(recoveryRequestId); + keyClient.approveRequest(recoveryRequestId); // Test 22: Get key log("Getting passphrase: " + keyId); - keyData = client.retrieveKey(keyId, recoveryRequestId, wrappedRecoveryPassphrase, wrappedRecoveryKey, ivps.getIV()); + keyData = keyClient.retrieveKey(keyId, recoveryRequestId, wrappedRecoveryPassphrase, wrappedRecoveryKey, ivps.getIV()); wrappedRecoveredKey = keyData.getWrappedPrivateData(); try { recoveredKey = CryptoUtil.unwrapUsingPassphrase(wrappedRecoveredKey, recoveryPassphrase); @@ -500,7 +503,7 @@ public class DRMTest { RequestId requestId = new RequestId("0xabcdef"); log("Getting non-existent request: " + requestId.toHexString()); try { - client.getRequest(requestId); + keyClient.getRequestInfo(requestId); log("Error: getting non-existent request does not throw an exception"); } catch (RequestNotFoundException e) { log("Success: getting non-existent request throws an exception: "+e.getMessage()+" ("+e.getRequestId().toHexString()+")"); @@ -528,13 +531,13 @@ public class DRMTest { "greWr3xTsy6gF2yphUEkGHh4v22XvK+FLx9Jb6zloMWA2GG9gpUpvMnl1fH4"; log("Requesting X509 key recovery."); - recoveryRequestId = client.requestKeyRecovery(keyID, + recoveryRequestId = keyClient.requestKeyRecovery(keyID, b64Certificate).getRequestInfo().getRequestId(); log("Requesting X509 key recovery request: " + recoveryRequestId); // Test 25: Approve x509 key recovery log("Approving X509 key recovery request: " + recoveryRequestId); - client.approveRecovery(recoveryRequestId); + keyClient.approveRequest(recoveryRequestId); // Test 26: Recover x509 key log("Recovering X509 key based on request: " + recoveryRequestId); @@ -555,11 +558,11 @@ public class DRMTest { // Test 27: Get list of completed key archival requests log("\n\nList of completed archival requests"); - list = client.listRequests("complete", IRequest.SYMKEY_GENERATION_REQUEST); - if (list == null) { + list = keyClient.findRequests("complete", IRequest.SYMKEY_GENERATION_REQUEST); + if (list.getTotal() == 0) { log("No requests found"); } else { - Iterator<KeyRequestInfo> iter = list.iterator(); + Iterator<KeyRequestInfo> iter = list.getEntries().iterator(); while (iter.hasNext()) { KeyRequestInfo info = iter.next(); printRequestInfo(info); @@ -571,7 +574,7 @@ public class DRMTest { List<String> usages = new ArrayList<String>(); usages.add(SymKeyGenerationRequest.DECRYPT_USAGE); usages.add(SymKeyGenerationRequest.ENCRYPT_USAGE); - KeyRequestResponse genKeyResponse = client.generateKey(clientId, + KeyRequestResponse genKeyResponse = keyClient.generateKey(clientId, KeyRequestResource.AES_ALGORITHM, 128, usages); printRequestInfo(genKeyResponse.getRequestInfo()); @@ -579,7 +582,7 @@ public class DRMTest { // test 29: Get keyId for active key with client ID log("Getting key ID for symmetric key"); - keyInfo = client.getKeyData(clientId, "active"); + keyInfo = keyClient.getActiveKeyInfo(clientId); printKeyInfo(keyInfo); keyId2 = keyInfo.getKeyId(); if (keyId2 == null) { @@ -599,7 +602,7 @@ public class DRMTest { try { recoveryKey = CryptoUtil.generateKey(token, KeyGenAlgorithm.DES3); wrappedRecoveryKey = CryptoUtil.wrapSymmetricKey(manager, token, transportCert, recoveryKey); - KeyRequestResponse response = client.requestRecovery(keyId, null, wrappedRecoveryKey, ivps.getIV()); + KeyRequestResponse response = keyClient.requestRecovery(keyId, null, wrappedRecoveryKey, ivps.getIV()); recoveryRequestId = response.getRequestInfo().getRequestId(); } catch (Exception e) { log("Exception in recovering symmetric key using session key: " + e.getMessage()); @@ -607,12 +610,12 @@ public class DRMTest { // Test 31: Approve recovery log("Approving recovery request: " + recoveryRequestId); - client.approveRecovery(recoveryRequestId); + keyClient.approveRequest(recoveryRequestId); // Test 32: Get key log("Getting key: " + keyId); - keyData = client.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey, ivps.getIV()); + keyData = keyClient.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey, ivps.getIV()); wrappedRecoveredKey = keyData.getWrappedPrivateData(); ivps_server = new IVParameterSpec(Utils.base64decode(keyData.getNonceData())); @@ -627,21 +630,21 @@ public class DRMTest { // test 33: Generate symmetric key - invalid algorithm try { - genKeyResponse = client.generateKey("Symmetric Key #1235", "AFS", 128, usages); + genKeyResponse = keyClient.generateKey("Symmetric Key #1235", "AFS", 128, usages); } catch (Exception e) { log("Exception: " + e); } // test 34: Generate symmetric key - invalid key size try { - genKeyResponse = client.generateKey("Symmetric Key #1236", "AES", 135, usages); + genKeyResponse = keyClient.generateKey("Symmetric Key #1236", "AES", 135, usages); } catch (Exception e) { log("Exception: " + e); } // test 35: Generate symmetric key - usages not defined try { - genKeyResponse = client.generateKey("Symmetric Key #1236", "DES", 56, usages); + genKeyResponse = keyClient.generateKey("Symmetric Key #1236", "DES", 56, usages); } catch (Exception e) { log("Exception: " + e); } @@ -657,7 +660,7 @@ public class DRMTest { byte[] encoded = CryptoUtil.createPKIArchiveOptions(manager, token, transportCert, vek, null, KeyGenAlgorithm.DES3, ivps); - KeyRequestResponse response = client.archiveSecurityData(encoded, clientId, + KeyRequestResponse response = keyClient.archiveSecurityData(encoded, clientId, KeyRequestResource.SYMMETRIC_KEY_TYPE, KeyRequestResource.AES_ALGORITHM, 128); log("Archival Results:"); printRequestInfo(response.getRequestInfo()); @@ -669,7 +672,7 @@ public class DRMTest { //Test 37: Get keyId for active key with client ID log("Getting key ID for symmetric key"); - keyInfo = client.getKeyData(clientId, "active"); + keyInfo = keyClient.getActiveKeyInfo(clientId); printKeyInfo(keyInfo); keyId2 = keyInfo.getKeyId(); if (keyId2 == null) { @@ -689,7 +692,7 @@ public class DRMTest { try { recoveryKey = CryptoUtil.generateKey(token, KeyGenAlgorithm.DES3); wrappedRecoveryKey = CryptoUtil.wrapSymmetricKey(manager, token, transportCert, recoveryKey); - KeyRequestResponse response = client.requestRecovery(keyId, null, wrappedRecoveryKey, ivps.getIV()); + KeyRequestResponse response = keyClient.requestRecovery(keyId, null, wrappedRecoveryKey, ivps.getIV()); recoveryRequestId = response.getRequestInfo().getRequestId(); } catch (Exception e) { log("Exception in recovering symmetric key using session key: " + e.getMessage()); @@ -697,12 +700,12 @@ public class DRMTest { // Test 39: Approve recovery log("Approving recovery request: " + recoveryRequestId); - client.approveRecovery(recoveryRequestId); + keyClient.approveRequest(recoveryRequestId); // Test 40: Get key log("Getting key: " + keyId); - keyData = client.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey, ivps.getIV()); + keyData = keyClient.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey, ivps.getIV()); wrappedRecoveredKey = keyData.getWrappedPrivateData(); ivps_server = new IVParameterSpec(Utils.base64decode(keyData.getNonceData())); diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/KeyService.java b/base/server/cms/src/com/netscape/cms/servlet/key/KeyService.java index 20d263fff..d6f252f7b 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/key/KeyService.java +++ b/base/server/cms/src/com/netscape/cms/servlet/key/KeyService.java @@ -22,8 +22,10 @@ package com.netscape.cms.servlet.key; import java.math.BigInteger; import java.net.URI; import java.util.ArrayList; +import java.util.Collection; import java.util.Enumeration; import java.util.Hashtable; +import java.util.Iterator; import java.util.List; import javax.servlet.http.HttpServletRequest; @@ -32,6 +34,7 @@ import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Request; +import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriInfo; @@ -42,6 +45,7 @@ import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.HTTPGoneException; import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.base.ResourceNotFoundException; import com.netscape.certsrv.base.UnauthorizedException; import com.netscape.certsrv.dbs.keydb.IKeyRecord; import com.netscape.certsrv.dbs.keydb.IKeyRepository; @@ -106,7 +110,7 @@ public class KeyService extends PKIService implements KeyResource { * @return */ @Override - public KeyData retrieveKey(KeyRecoveryRequest data) { + public Response retrieveKey(KeyRecoveryRequest data) { if (data == null) { CMS.debug("retrieveKey: data is null"); throw new BadRequestException("Cannot retrieve key. Invalid request"); @@ -142,12 +146,13 @@ public class KeyService extends PKIService implements KeyResource { throw new HTTPGoneException("No key record."); } auditRetrieveKey(ILogger.SUCCESS, requestID, keyId, "None"); - return keyData; + + return createOKResponse(keyData); } // retrieval - used to test integration with a browser @Override - public KeyData retrieveKey(MultivaluedMap<String, String> form) { + public Response retrieveKey(MultivaluedMap<String, String> form) { KeyRecoveryRequest data = new KeyRecoveryRequest(form); return retrieveKey(data); } @@ -323,7 +328,12 @@ public class KeyService extends PKIService implements KeyResource { * Used to generate list of key infos based on the search parameters */ @Override - public KeyInfoCollection listKeys(String clientID, String status, Integer maxResults, Integer maxTime, + public Response listKeys(String clientID, String status, Integer maxResults, Integer maxTime, + Integer start, Integer size) { + return createOKResponse(listKeyInfos(clientID, status, maxResults, maxTime, start, size)); + } + + public KeyInfoCollection listKeyInfos(String clientID, String status, Integer maxResults, Integer maxTime, Integer start, Integer size) { start = start == null ? 0 : start; @@ -377,6 +387,31 @@ public class KeyService extends PKIService implements KeyResource { return infos; } + @Override + public Response getActiveKeyInfo(String clientID) { + + KeyInfoCollection infos = listKeyInfos( + clientID, + "active", + null, + null, + null, + null + ); + + Collection<KeyInfo> list = infos.getEntries(); + Iterator<KeyInfo> iter = list.iterator(); + + while (iter.hasNext()) { + KeyInfo info = iter.next(); + if (info != null) { + // return the first one + return createOKResponse(info); + } + } + + throw new ResourceNotFoundException("Key not found."); + } public KeyInfo createKeyDataInfo(IKeyRecord rec) throws EBaseException { KeyInfo ret = new KeyInfo(); diff --git a/base/server/cms/src/com/netscape/cms/servlet/request/KeyRequestService.java b/base/server/cms/src/com/netscape/cms/servlet/request/KeyRequestService.java index de17c8a96..a81ca0acb 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/request/KeyRequestService.java +++ b/base/server/cms/src/com/netscape/cms/servlet/request/KeyRequestService.java @@ -181,10 +181,8 @@ public class KeyRequestService extends PKIService implements KeyRequestResource response = dao.submitRequest(data, uriInfo); auditArchivalRequestMade(response.getRequestInfo().getRequestId(), ILogger.SUCCESS, data.getClientId()); - return Response - .created(new URI(response.getRequestInfo().getRequestURL())) - .entity(response) - .build(); + return createCreatedResponse(response, new URI(response.getRequestInfo().getRequestURL())); + } catch (EBaseException | URISyntaxException e) { e.printStackTrace(); auditArchivalRequestMade(null, ILogger.FAILURE, data.getClientId()); @@ -216,10 +214,8 @@ public class KeyRequestService extends PKIService implements KeyRequestResource auditRecoveryRequestMade(response.getRequestInfo().getRequestId(), ILogger.SUCCESS, data.getKeyId()); - return Response - .created(new URI(response.getRequestInfo().getRequestURL())) - .entity(response) - .build(); + return createCreatedResponse(response, new URI(response.getRequestInfo().getRequestURL())); + } catch (EBaseException | URISyntaxException e) { e.printStackTrace(); auditRecoveryRequestMade(null, ILogger.FAILURE, data.getKeyId()); @@ -452,10 +448,8 @@ public class KeyRequestService extends PKIService implements KeyRequestResource auditSymKeyGenRequestMade(response.getRequestInfo().getRequestId(), ILogger.SUCCESS, data.getClientId()); - return Response - .created(new URI(response.getRequestInfo().getRequestURL())) - .entity(response) - .build(); + return createCreatedResponse(response, new URI(response.getRequestInfo().getRequestURL())); + } catch (EBaseException | URISyntaxException e) { e.printStackTrace(); auditArchivalRequestMade(null, ILogger.FAILURE, data.getClientId()); |