diff options
author | Abhishek Koneru <akoneru@redhat.com> | 2014-04-09 13:59:26 -0400 |
---|---|---|
committer | Abhishek Koneru <akoneru@redhat.com> | 2014-04-16 17:24:57 -0400 |
commit | 6de5b60438f0edeb3d18f715d90a94191bd05cc8 (patch) | |
tree | 11e16238fe3c181ac43cafdcf9c244a181e461af | |
parent | 8be0ac12ab0c1ff77c2b93a363352fe99aea5343 (diff) | |
download | pki-6de5b60438f0edeb3d18f715d90a94191bd05cc8.tar.gz pki-6de5b60438f0edeb3d18f715d90a94191bd05cc8.tar.xz pki-6de5b60438f0edeb3d18f715d90a94191bd05cc8.zip |
Fixes for comments on patches 87 and 89
24 files changed, 372 insertions, 277 deletions
diff --git a/base/common/CMakeLists.txt b/base/common/CMakeLists.txt index 1094be0c5..f661890f2 100644 --- a/base/common/CMakeLists.txt +++ b/base/common/CMakeLists.txt @@ -57,6 +57,17 @@ install( PATTERN ".gitignore" EXCLUDE ) +install( + DIRECTORY + key + DESTINATION + ${DATA_INSTALL_DIR}/ + FILE_PERMISSIONS + OWNER_READ + GROUP_READ + WORLD_READ +) + # install empty directories install( DIRECTORY diff --git a/base/common/key/templates/archiveKey.xml b/base/common/key/templates/archiveKey.xml new file mode 100644 index 000000000..6f8a01add --- /dev/null +++ b/base/common/key/templates/archiveKey.xml @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<KeyArchivalRequest> + <Attributes> + <Attribute name="description">Template for submitting a key archival request</Attribute> + <Attribute name="clientKeyID"></Attribute> + <Attribute name="dataType">symmetricKey/passphrase/asymmetricKey</Attribute> + <Attribute name="keyAlgorithm"></Attribute> + <Attribute name="keySize">0</Attribute> + <Attribute name="algorithmOID"></Attribute> + <Attribute name="symmetricAlgorithmParams">Base64 encoded NonceData</Attribute> + <Attribute name="wrappedPrivateData">Base64 encoded session key wrapped secret</Attribute> + <Attribute name="transWrappedSessionKey">Base64 encoded transport key wrapped session key</Attribute> + <Attribute name="pkiArchiveOptions">Base 64 encoded PKIArchiveOptions object</Attribute> + </Attributes> + <ClassName>com.netscape.certsrv.key.KeyArchivalRequest</ClassName> +</KeyArchivalRequest> diff --git a/base/common/key/templates/generateKey.xml b/base/common/key/templates/generateKey.xml new file mode 100644 index 000000000..25854e503 --- /dev/null +++ b/base/common/key/templates/generateKey.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<SymKeyGenerationRequest> + <Attributes> + <Attribute name="description">Template for submitting a request for generating a symmetric key.</Attribute> + <Attribute name="clientKeyID"></Attribute> + <Attribute name="keyAlgorithm">[AES/DES/DES3/DESede/RC2/RC4]</Attribute> + <Attribute name="keySize">128</Attribute> + <Attribute name="keyUsage">wrap,unwrap,sign,verify,encrypt,decrypt</Attribute> + </Attributes> + <ClassName>com.netscape.certsrv.key.SymKeyGenerationRequest</ClassName> +</SymKeyGenerationRequest> diff --git a/base/common/key/templates/retrieveKey.xml b/base/common/key/templates/retrieveKey.xml new file mode 100644 index 000000000..4373e0390 --- /dev/null +++ b/base/common/key/templates/retrieveKey.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<KeyRecoveryRequest> + <Attributes> + <Attribute name="description">Template for submitting a key retrieval or key recovery request.</Attribute> + <Attribute name="keyId">1</Attribute> + <Attribute name="requestId">1</Attribute> + <Attribute name="nonceData">Base64 encoded NonceData</Attribute> + <Attribute name="passphrase">Passphrase to encrypt the secret with/Passphrase for the PKCS12 file returned</Attribute> + <Attribute name="sessionWrappedPassphrase">Base64 encoded session key wrapped passphrase</Attribute> + <Attribute name="transWrappedSessionKey">Base64 encoded transport key wrapped session key</Attribute> + <Attribute name="certificate">Base64 certificate used for recoring the key.</Attribute> + </Attributes> + <ClassName>com.netscape.certsrv.key.KeyRecoveryRequest</ClassName> +</KeyRecoveryRequest> diff --git a/base/common/src/com/netscape/certsrv/base/ResourceMessage.java b/base/common/src/com/netscape/certsrv/base/ResourceMessage.java index 65f978ecc..34d7c2b11 100644 --- a/base/common/src/com/netscape/certsrv/base/ResourceMessage.java +++ b/base/common/src/com/netscape/certsrv/base/ResourceMessage.java @@ -1,5 +1,8 @@ package com.netscape.certsrv.base; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.OutputStream; import java.io.StringReader; import java.io.StringWriter; import java.util.ArrayList; @@ -158,6 +161,13 @@ public class ResourceMessage { return sw.toString(); } + public void marshall(OutputStream os) throws JAXBException { + JAXBContext context = JAXBContext.newInstance(this.getClass()); + Marshaller marshaller = context.createMarshaller(); + marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); + marshaller.marshal(this, os); + } + @SuppressWarnings("unchecked") public static <T> T unmarshal(String string, Class<T> clazz) throws Exception { try { @@ -168,4 +178,14 @@ public class ResourceMessage { } } + public static <T> T unmarshall(Class<T> t, String filePath) throws JAXBException, FileNotFoundException { + JAXBContext context = JAXBContext.newInstance(t); + Unmarshaller unmarshaller = context.createUnmarshaller(); + FileInputStream fis = new FileInputStream(filePath); + @SuppressWarnings("unchecked") + T req = (T) unmarshaller.unmarshal(fis); + + return req; + } + } diff --git a/base/common/src/com/netscape/certsrv/key/Key.java b/base/common/src/com/netscape/certsrv/key/Key.java index 1b88075e4..5f5baf707 100644 --- a/base/common/src/com/netscape/certsrv/key/Key.java +++ b/base/common/src/com/netscape/certsrv/key/Key.java @@ -1,5 +1,10 @@ package com.netscape.certsrv.key; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; + import com.netscape.cmsutil.util.Utils; /** @@ -10,18 +15,26 @@ import com.netscape.cmsutil.util.Utils; * @author akoneru * */ +@XmlRootElement(name="Key") +@XmlAccessorType(XmlAccessType.NONE) public class Key { + @XmlElement private byte[] encryptedData; + @XmlElement private byte[] nonceData; + @XmlElement private String p12Data; + @XmlElement private String algorithm; + @XmlElement private Integer size; + @XmlElement private byte[] data; public Key() { diff --git a/base/common/src/com/netscape/certsrv/key/KeyClient.java b/base/common/src/com/netscape/certsrv/key/KeyClient.java index 97793ab39..9363a6a8c 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyClient.java +++ b/base/common/src/com/netscape/certsrv/key/KeyClient.java @@ -195,7 +195,8 @@ public class KeyClient extends Client { if (id == null || status == null) { throw new IllegalArgumentException("Key Id and status must be specified."); } - if ((!status.equalsIgnoreCase(KeyResource.KEY_STATUS_ACTIVE)) && (!status.equalsIgnoreCase(KeyResource.KEY_STATUS_INACTIVE))) { + if (!status.equalsIgnoreCase(KeyResource.KEY_STATUS_ACTIVE) + && !status.equalsIgnoreCase(KeyResource.KEY_STATUS_INACTIVE)) { throw new IllegalArgumentException("Invalid status value."); } Response response = keyClient.modifyKeyStatus(id, status); @@ -670,7 +671,15 @@ public class KeyClient extends Client { if (clientKeyId == null) { throw new IllegalArgumentException("Client Key Identifier must be specified."); } - + //Validate the usages list + List<String> validUsages = SymKeyGenerationRequest.getValidUsagesList(); + if (usages != null) { + for (String usage : usages) { + if (!validUsages.contains(usage)) { + throw new IllegalArgumentException("Invalid usage \"" + usage + "\" specified."); + } + } + } SymKeyGenerationRequest data = new SymKeyGenerationRequest(); data.setClientKeyId(clientKeyId); data.setKeyAlgorithm(keyAlgorithm); diff --git a/base/common/src/com/netscape/certsrv/key/KeyTemplate.java b/base/common/src/com/netscape/certsrv/key/KeyTemplate.java new file mode 100644 index 000000000..25d0d30ff --- /dev/null +++ b/base/common/src/com/netscape/certsrv/key/KeyTemplate.java @@ -0,0 +1,18 @@ +package com.netscape.certsrv.key; + +public class KeyTemplate { + + String id; + String description; + + public KeyTemplate(String id, String description) { + this.id = id; + this.description = description; + } + + public void printTemplateInfo() { + System.out.println(); + System.out.println(" Template ID: " + id); + System.out.println(" Template Description: " + description); + } +}
\ No newline at end of file diff --git a/base/common/src/com/netscape/certsrv/key/SymKeyGenerationRequest.java b/base/common/src/com/netscape/certsrv/key/SymKeyGenerationRequest.java index 27dc69fd5..a2440d7cb 100644 --- a/base/common/src/com/netscape/certsrv/key/SymKeyGenerationRequest.java +++ b/base/common/src/com/netscape/certsrv/key/SymKeyGenerationRequest.java @@ -17,7 +17,7 @@ import com.netscape.certsrv.base.ResourceMessage; * @author alee * */ -@XmlRootElement(name="SymKeyGenerationRequest") +@XmlRootElement(name = "SymKeyGenerationRequest") @XmlAccessorType(XmlAccessType.FIELD) public class SymKeyGenerationRequest extends ResourceMessage { @@ -37,7 +37,7 @@ public class SymKeyGenerationRequest extends ResourceMessage { public List<String> getUsages() { String usageString = attributes.get(KEY_USAGE); - if (! StringUtils.isBlank(usageString)) { + if (!StringUtils.isBlank(usageString)) { return new ArrayList<String>(Arrays.asList(usageString.split(","))); } return new ArrayList<String>(); @@ -49,8 +49,9 @@ public class SymKeyGenerationRequest extends ResourceMessage { public void addUsage(String usage) { List<String> usages = getUsages(); - for (String u: usages) { - if (u.equals(usage)) return; + for (String u : usages) { + if (u.equals(usage)) + return; } usages.add(usage); setUsages(usages); @@ -69,7 +70,7 @@ public class SymKeyGenerationRequest extends ResourceMessage { attributes.put(TRANS_WRAPPED_SESSION_KEY, form.getFirst(TRANS_WRAPPED_SESSION_KEY)); String usageString = attributes.get(KEY_USAGE); - if (! StringUtils.isBlank(usageString)) { + if (!StringUtils.isBlank(usageString)) { setUsages(new ArrayList<String>(Arrays.asList(usageString.split(",")))); } setClassName(getClass().getName()); @@ -156,6 +157,18 @@ public class SymKeyGenerationRequest extends ResourceMessage { } } + public static List<String> getValidUsagesList() { + List<String> list = new ArrayList<String>(); + list.add(WRAP_USAGE); + list.add(UWRAP_USAGE); + list.add(DECRYPT_USAGE); + list.add(ENCRYPT_USAGE); + list.add(KEY_USAGE); + list.add(SIGN_USAGE); + + return list; + } + public static void main(String args[]) throws Exception { SymKeyGenerationRequest before = new SymKeyGenerationRequest(); diff --git a/base/common/src/com/netscape/certsrv/key/Template.java b/base/common/src/com/netscape/certsrv/key/Template.java deleted file mode 100644 index bfcf61eb7..000000000 --- a/base/common/src/com/netscape/certsrv/key/Template.java +++ /dev/null @@ -1,21 +0,0 @@ -package com.netscape.certsrv.key; - - -public class Template{ - String templateID; - String templateName; - String templateDescription; - public Template(String templateID, String templateName, String templateDescription) { - super(); - this.templateID = templateID; - this.templateName = templateName; - this.templateDescription = templateDescription; - } - - public void printTemplateInfo(){ - System.out.println(); - System.out.println(" Template ID: " + templateID); - System.out.println(" Template Name: " + templateName); - System.out.println(" Template Description: " + templateDescription); - } -}
\ No newline at end of file diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyArchiveCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyArchiveCLI.java index ced51ad74..209231c2c 100644 --- a/base/java-tools/src/com/netscape/cmstools/key/KeyArchiveCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/key/KeyArchiveCLI.java @@ -21,7 +21,7 @@ public class KeyArchiveCLI extends CLI { public KeyCLI keyCLI; public KeyArchiveCLI(KeyCLI keyCLI) { - super("archive", "Archive a secret at the DRM.", keyCLI); + super("archive", "Archive a secret in the DRM.", keyCLI); this.keyCLI = keyCLI; } @@ -31,7 +31,7 @@ public class KeyArchiveCLI extends CLI { public void execute(String[] args) { - Option option = new Option(null, "clientKeyId", true, "Unique client key identifier."); + Option option = new Option(null, "clientKeyID", true, "Unique client key identifier."); option.setArgName("Client Key Identifier"); options.addOption(option); @@ -58,7 +58,7 @@ public class KeyArchiveCLI extends CLI { KeyRequestResponse response = null; - if ((requestFile != null) && (requestFile.trim().length() != 0)) { + if (requestFile != null) { // Case where the request template file is used. For pre-encrypted data. try { JAXBContext context = JAXBContext.newInstance(KeyArchivalRequest.class); @@ -91,7 +91,7 @@ public class KeyArchiveCLI extends CLI { } else { // Simple case for archiving a passphrase - String clientKeyId = cmd.getOptionValue("clientKeyId"); + String clientKeyId = cmd.getOptionValue("clientKeyID"); String passphrase = cmd.getOptionValue("passphrase"); if (clientKeyId == null) { System.err.println("Error: Client Key Id is not specified."); diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java index f64b8d762..1b8ae64b5 100644 --- a/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java @@ -43,8 +43,8 @@ public class KeyCLI extends CLI { addModule(new KeyShowCLI(this)); addModule(new KeyRequestShowCLI(this)); addModule(new KeyModifyCLI(this)); - addModule(new KeyRequestTemplateFindCLI(this)); - addModule(new KeyRequestTemplateShowCLI(this)); + addModule(new KeyTemplateFindCLI(this)); + addModule(new KeyTemplateShowCLI(this)); addModule(new KeyArchiveCLI(this)); addModule(new KeyRetrieveCLI(this)); addModule(new KeyGenerateCLI(this)); @@ -72,7 +72,7 @@ public class KeyCLI extends CLI { // create new key client keyClient = new KeyClient(client, subsystem); - if ((client.getConfig().getCertDatabase() != null) && (client.getConfig().getCertPassword() != null)) { + if (client.getConfig().getCertDatabase() != null && client.getConfig().getCertPassword() != null) { keyClient.setCrypto(new NSSCryptoProvider(client.getConfig())); // Set the transport cert for crypto operations diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyGenerateCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyGenerateCLI.java index 5edf9489c..0a07ebabd 100644 --- a/base/java-tools/src/com/netscape/cmstools/key/KeyGenerateCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/key/KeyGenerateCLI.java @@ -1,6 +1,5 @@ package com.netscape.cmstools.key; -import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -27,21 +26,23 @@ public class KeyGenerateCLI extends CLI { public void execute(String[] args) { Option option = new Option(null, "key-algorithm", true, - "Algorithm to be used to create a key.\n Supported types [AES,DES,DES3,RC2,RC4,DESede]"); - option.setArgName("Key algorithm"); + "Algorithm to be used to create a key.\nValid values: AES, DES, DES3, RC2, RC4, DESede."); + option.setArgName("algorithm"); option.setRequired(true); options.addOption(option); - option = new Option(null, "key-size", true, - "Size of the key to be generated. Required for all algorithms AES and RC2.\n" - + "Valid size values:\n AES - 128, 192. 256.\n RC2 - >=8, <=128"); - option.setArgName("Key size"); + option = new Option( + null, + "key-size", + true, + "Size of the key to be generated.\nThis is required for AES, RC2 and RC4.\n" + + "Valid values for AES: 128, 192. 256.\nValid values for RC2: 8-128.\n Valid values for RC4: Any positive integer."); + option.setArgName("size"); options.addOption(option); - option = new Option(null, "usages", true, "Comma seperated list of usages." - + "\n Usage1,Usage2,Usage3.. .\n " - + "Valid usages: [wrap, unwrap, sign, verify, encrypt, decrypt]."); - option.setArgName("Usages"); + option = new Option(null, "usages", true, "Comma separated list of usages." + + "\nValid values: wrap, unwrap, sign, verify, encrypt, decrypt."); + option.setArgName("list of usages"); options.addOption(option); CommandLine cmd = null; @@ -75,8 +76,6 @@ public class KeyGenerateCLI extends CLI { keySize = "56"; break; case KeyRequestResource.RC4_ALGORITHM: - keySize = "0"; - break; case KeyRequestResource.AES_ALGORITHM: case KeyRequestResource.RC2_ALGORITHM: System.err.println("Error: Key size must be specified for the algorithm used."); @@ -88,15 +87,14 @@ public class KeyGenerateCLI extends CLI { System.exit(1); } } - List<String> usagesList = null; - if (cmd.getOptionValue("usages") != null) { - String[] usages = cmd.getOptionValue("usages").split(","); - usagesList = new ArrayList<String>(Arrays.asList(usages)); + List<String> usages = null; + String givenUsages = cmd.getOptionValue("usages"); + if (givenUsages != null) { + usages = Arrays.asList(givenUsages.split(",")); } - KeyRequestResponse response = keyCLI.keyClient.generateSymmetricKey(clientKeyId, keyAlgorithm, Integer.parseInt(keySize), - usagesList, null); + usages, null); MainCLI.printMessage("Key generation request info"); KeyCLI.printKeyRequestInfo(response.getRequestInfo()); diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyModifyCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyModifyCLI.java index e5da6e792..6ae49ce5d 100644 --- a/base/java-tools/src/com/netscape/cmstools/key/KeyModifyCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/key/KeyModifyCLI.java @@ -40,7 +40,7 @@ public class KeyModifyCLI extends CLI { public void execute(String[] args) { - Option option = new Option(null, "status", true, "Status of the key.\n Valid values:[active,inactive]"); + Option option = new Option(null, "status", true, "Status of the key.\nValid values: active, inactive"); option.setRequired(true); option.setArgName("status"); options.addOption(option); @@ -72,11 +72,6 @@ public class KeyModifyCLI extends CLI { keyCLI.keyClient.modifyKeyStatus(keyId, status); KeyInfo keyInfo = keyCLI.keyClient.getKeyInfo(keyId); - if (keyInfo.getStatus().equalsIgnoreCase(status)) { - System.out.println("Success!"); - KeyCLI.printKeyInfo(keyInfo); - } else { - System.out.println("Failure! Key status not modified."); - } + KeyCLI.printKeyInfo(keyInfo); } } diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyRecoverCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyRecoverCLI.java index 9e226cf65..baed8a8df 100644 --- a/base/java-tools/src/com/netscape/cmstools/key/KeyRecoverCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/key/KeyRecoverCLI.java @@ -22,17 +22,17 @@ public class KeyRecoverCLI extends CLI { public KeyCLI keyCLI; public KeyRecoverCLI(KeyCLI keyCLI) { - super("recover", "Recover key", keyCLI); + super("recover", "Create a key recovery request", keyCLI); this.keyCLI = keyCLI; } public void printHelp() { - formatter.printHelp(getFullName() + " <Request ID> [OPTIONS]", options); + formatter.printHelp(getFullName() + " [OPTIONS]", options); } public void execute(String[] args) { - Option option = new Option(null, "keyId", true, "Key Identifier for the secret to be recovered."); + Option option = new Option(null, "keyID", true, "Key Identifier for the secret to be recovered."); option.setArgName("Key Identifier"); options.addOption(option); @@ -54,7 +54,7 @@ public class KeyRecoverCLI extends CLI { KeyRequestResponse response = null; - if ((requestFile != null) && (requestFile.trim().length() != 0)) { + if (requestFile != null) { try { JAXBContext context = JAXBContext.newInstance(KeyRecoveryRequest.class); Unmarshaller unmarshaller = context.createUnmarshaller(); @@ -77,11 +77,11 @@ public class KeyRecoverCLI extends CLI { } } else { - String keyId = cmd.getOptionValue("keyId"); + String keyId = cmd.getOptionValue("keyID"); response = keyCLI.keyClient.recoverKey(new KeyId(keyId), null, null, null, null); } - MainCLI.printMessage("Recovered Key Information"); + MainCLI.printMessage("Key Recovery Request Information"); KeyCLI.printKeyRequestInfo(response.getRequestInfo()); } diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyRequestReviewCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyRequestReviewCLI.java index 9f60fff8b..ef4e6c823 100644 --- a/base/java-tools/src/com/netscape/cmstools/key/KeyRequestReviewCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/key/KeyRequestReviewCLI.java @@ -23,7 +23,7 @@ public class KeyRequestReviewCLI extends CLI { public void execute(String[] args) { Option option = new Option(null, "action", true, - "Action to be performed on the request.\n Available actions - [approve|reject|cancel]."); + "Action to be performed on the request.\nValid values: approve, reject, cancel."); option.setArgName("Action to perform"); option.setRequired(true); options.addOption(option); @@ -40,7 +40,7 @@ public class KeyRequestReviewCLI extends CLI { String[] cmdArgs = cmd.getArgs(); if (cmdArgs.length != 1) { - System.err.println("Error: Invalid arguements provided."); + System.err.println("Error: Invalid arguments provided."); printHelp(); System.exit(1); } diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyRequestShowCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyRequestShowCLI.java index 412748f87..f360d86f3 100644 --- a/base/java-tools/src/com/netscape/cmstools/key/KeyRequestShowCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/key/KeyRequestShowCLI.java @@ -32,7 +32,7 @@ public class KeyRequestShowCLI extends CLI { } public void printHelp() { - formatter.printHelp(getFullName() + " <Request Id>", options); + formatter.printHelp(getFullName() + " <Request ID>", options); } public void execute(String[] args) { diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyRequestTemplateFindCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyRequestTemplateFindCLI.java deleted file mode 100644 index 375cb61b8..000000000 --- a/base/java-tools/src/com/netscape/cmstools/key/KeyRequestTemplateFindCLI.java +++ /dev/null @@ -1,43 +0,0 @@ -package com.netscape.cmstools.key; - -import java.util.ArrayList; - -import com.netscape.certsrv.key.Template; -import com.netscape.cmstools.cli.CLI; -import com.netscape.cmstools.cli.MainCLI; - -public class KeyRequestTemplateFindCLI extends CLI { - public KeyCLI keyCLI; - - public ArrayList<Template> templates = new ArrayList<Template>(); - - public KeyRequestTemplateFindCLI(KeyCLI keyCLI) { - super("template-find", "List request template IDs", keyCLI); - this.keyCLI = keyCLI; - createTemplateList(); - } - - public void printHelp() { - formatter.printHelp(getFullName() + " [OPTIONS]", options); - } - - public void execute(String[] args) { - MainCLI.printMessage("List of templates"); - for (Template template : templates) { - template.printTemplateInfo(); - } - } - - public void createTemplateList() { - Template template = new Template("archiveKey", "Key Archival Request", - "Template file for submitting a key archival request"); - templates.add(template); - template = new Template("retrieveKey", "Key retrieval request", - "Template for submitting a key retrieval or key recovery request."); - templates.add(template); - template = new Template("generateKey", "Symmetric Key generation request", - "Template for submitting a request for generating a symmetric key."); - templates.add(template); - } - -} diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyRequestTemplateShowCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyRequestTemplateShowCLI.java deleted file mode 100644 index 87284f499..000000000 --- a/base/java-tools/src/com/netscape/cmstools/key/KeyRequestTemplateShowCLI.java +++ /dev/null @@ -1,154 +0,0 @@ -package com.netscape.cmstools.key; - -import java.io.FileNotFoundException; -import java.io.FileOutputStream; -import java.io.OutputStream; -import java.util.Arrays; - -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Marshaller; - -import org.apache.commons.cli.CommandLine; -import org.apache.commons.cli.Option; -import org.apache.commons.cli.ParseException; - -import com.netscape.certsrv.base.ResourceMessage; -import com.netscape.certsrv.dbs.keydb.KeyId; -import com.netscape.certsrv.key.KeyArchivalRequest; -import com.netscape.certsrv.key.KeyRecoveryRequest; -import com.netscape.certsrv.key.SymKeyGenerationRequest; -import com.netscape.certsrv.request.RequestId; -import com.netscape.cmstools.cli.CLI; -import com.netscape.cmstools.cli.MainCLI; - -public class KeyRequestTemplateShowCLI extends CLI { - public KeyCLI keyCLI; - - public KeyRequestTemplateShowCLI(KeyCLI keyCLI) { - super("template-show", "Get request template", keyCLI); - this.keyCLI = keyCLI; - } - - public void printHelp() { - formatter.printHelp(getFullName() - + " <Template ID [archiveKey, retrieveKey, recoverKey, generateKey]> [OPTIONS]", options); - } - - public void execute(String[] args) { - - Option option = new Option(null, "output-file", true, "Location where the template has to be stored."); - option.setArgName("File to write the template to."); - options.addOption(option); - - CommandLine cmd = null; - try { - cmd = parser.parse(options, args); - } catch (ParseException e) { - System.err.println("Error: " + e.getMessage()); - printHelp(); - System.exit(-1); - } - ; - - String[] cmdArgs = cmd.getArgs(); - if (cmdArgs.length < 1) { - printHelp(); - System.exit(-1); - } - - String templateId = cmdArgs[0]; - String writeToFile = cmd.getOptionValue("output-file"); - - ResourceMessage data = null; - String message = null; - switch (templateId) { - case "archiveKey": - data = getSampleArchivalRequest(); - message = "key archival request"; - break; - case "retrieveKey": - case "recoverKey": - message = "key recover request"; - data = getSampleRecoveryRequest(); - break; - case "generateKey": - message = "symmetric key generation request"; - data = getSampleGenerationRequest(); - break; - default: - System.err.println("Error: Invalid template id."); - printHelp(); - System.exit(-1); - } - - if ((writeToFile != null) && (writeToFile.trim().length() != 0)) { - try { - FileOutputStream fOS = new FileOutputStream(writeToFile); - printRequestTemplate(data, fOS); - } catch (JAXBException e) { - System.err.println("Error: Cannot write the file"); - if (verbose) - e.printStackTrace(); - } catch (FileNotFoundException e) { - System.err.println("Error: Cannot write the file"); - if (verbose) - e.printStackTrace(); - } - } else { - MainCLI.printMessage("Template for " + message); - try { - printRequestTemplate(data, System.out); - } catch (JAXBException e) { - System.err.println(e.getMessage()); - if (verbose) - e.printStackTrace(); - } - } - } - - public <T> void printRequestTemplate(T t, OutputStream os) throws JAXBException { - JAXBContext context = JAXBContext.newInstance(t.getClass()); - Marshaller marshaller = context.createMarshaller(); - marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); - marshaller.marshal(t, os); - } - - public KeyArchivalRequest getSampleArchivalRequest() { - KeyArchivalRequest data = new KeyArchivalRequest(); - data.setClientKeyId(""); - data.setDataType("symmetricKey/passphrase/asymmetricKey"); - data.setKeyAlgorithm(""); - data.setKeySize(0); - data.setClientKeyId(""); - data.setAlgorithmOID(""); - data.setSymmetricAlgorithmParams("Base64 encoded NonceData"); - data.setWrappedPrivateData("Base64 encoded session key wrapped secret"); - data.setTransWrappedSessionKey("Base64 encoded transport key wrapped session key"); - data.setPKIArchiveOptions("Base 64 encoded PKIArchiveOptions object"); - return data; - } - - public KeyRecoveryRequest getSampleRecoveryRequest() { - KeyRecoveryRequest data = new KeyRecoveryRequest(); - data.setKeyId(new KeyId("1")); - data.setRequestId(new RequestId("1")); - data.setNonceData("Base64 encoded NonceData"); - data.setPassphrase("Passphrase to encrypt the secret with/Passphrase for the PKCS12 file returned"); - data.setSessionWrappedPassphrase("Base64 encoded session key wrapped passphrase"); - data.setTransWrappedSessionKey("Base64 encoded transport key wrapped session key"); - data.setCertificate("Base64 certificate used for recoring the key."); - - return data; - } - - public SymKeyGenerationRequest getSampleGenerationRequest() { - SymKeyGenerationRequest data = new SymKeyGenerationRequest(); - data.setClientKeyId(""); - data.setKeyAlgorithm("[AES/DES/DES3/DESede/RC2/RC4]"); - data.setKeySize(128); - data.setUsages(Arrays.asList(new String[] { "wrap", "unwrap", "sign", "verify", "encrypt", "decrypt" })); - - return data; - } -} diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyRetrieveCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyRetrieveCLI.java index 5b5ddc6a7..9a8a75a5e 100644 --- a/base/java-tools/src/com/netscape/cmstools/key/KeyRetrieveCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/key/KeyRetrieveCLI.java @@ -1,10 +1,12 @@ package com.netscape.cmstools.key; +import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBException; +import javax.xml.bind.Marshaller; import javax.xml.bind.Unmarshaller; import org.apache.commons.cli.CommandLine; @@ -20,6 +22,7 @@ import com.netscape.cmsutil.util.Utils; public class KeyRetrieveCLI extends CLI { public KeyCLI keyCLI; + private boolean clientEncryption = true; public KeyRetrieveCLI(KeyCLI keyCLI) { super("retrieve", "Retrieve key", keyCLI); @@ -27,12 +30,12 @@ public class KeyRetrieveCLI extends CLI { } public void printHelp() { - formatter.printHelp(getFullName() + " <Request ID> [OPTIONS]", options); + formatter.printHelp(getFullName() + " [OPTIONS]", options); } public void execute(String[] args) { - Option option = new Option(null, "keyId", true, "Key Identifier for the secret to be recovered."); + Option option = new Option(null, "keyID", true, "Key Identifier for the secret to be recovered."); option.setArgName("Key Identifier"); options.addOption(option); @@ -44,6 +47,10 @@ public class KeyRetrieveCLI extends CLI { option.setArgName("Input file path"); options.addOption(option); + option = new Option(null, "output", true, "Location to store the retrieved key information"); + option.setArgName("File path to store key information"); + options.addOption(option); + CommandLine cmd = null; try { cmd = parser.parse(options, args); @@ -54,11 +61,16 @@ public class KeyRetrieveCLI extends CLI { System.exit(1); } + if(cmd.getOptions().length==0){ + System.err.println("Error: Insufficient parameters provided."); + printHelp(); + System.exit(-1); + } String requestFile = cmd.getOptionValue("input"); Key keyData = null; - if ((requestFile != null) && (requestFile.trim().length() != 0)) { + if (requestFile != null) { try { JAXBContext context = JAXBContext.newInstance(KeyRecoveryRequest.class); Unmarshaller unmarshaller = context.createUnmarshaller(); @@ -103,9 +115,14 @@ public class KeyRetrieveCLI extends CLI { } } else { - String keyId = cmd.getOptionValue("keyId"); + String keyId = cmd.getOptionValue("keyID"); + clientEncryption = false; try { keyData = keyCLI.keyClient.retrieveKey(new KeyId(keyId)); + + // No need to return the encrypted data since encryption + //is done locally. + keyData.setEncryptedData(null); } catch (Exception e) { System.err.println(e.getMessage()); if (verbose) @@ -113,18 +130,34 @@ public class KeyRetrieveCLI extends CLI { System.exit(-1); } } - MainCLI.printMessage("Retrieve Key Information"); - printKeyData(keyData); + + String outputFilePath = cmd.getOptionValue("output"); + if (outputFilePath != null) { + try { + JAXBContext context = JAXBContext.newInstance(Key.class); + Marshaller marshaller = context.createMarshaller(); + marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); + marshaller.marshal(keyData, new File(outputFilePath)); + } catch (JAXBException e) { + System.err.println(e.getMessage()); + if (verbose) + e.printStackTrace(); + System.exit(-1); + } + } else { + MainCLI.printMessage("Retrieve Key Information"); + printKeyData(keyData); + } } public void printKeyData(Key key) { System.out.println(" Key Algorithm: " + key.getAlgorithm()); System.out.println(" Key Size: " + key.getSize()); System.out.println(" Nonce data: " + Utils.base64encode(key.getNonceData())); - System.out.println(" Encrypted Data:" + Utils.base64encode(key.getEncryptedData())); - if (key.getData() != null) { + if(clientEncryption) + System.out.println(" Encrypted Data:" + Utils.base64encode(key.getEncryptedData())); + if (!clientEncryption) System.out.println(" Actual archived data: " + Utils.base64encode(key.getData())); - } if (key.getP12Data() != null) { System.out.println(" Key data in PKCS12 format: " + key.getP12Data()); } diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyShowCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyShowCLI.java index cc76f4c4b..cef3864d0 100644 --- a/base/java-tools/src/com/netscape/cmstools/key/KeyShowCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/key/KeyShowCLI.java @@ -32,7 +32,7 @@ public class KeyShowCLI extends CLI { } public void printHelp() { - formatter.printHelp(getFullName() + " <Key Id>", options); + formatter.printHelp(getFullName() + " <Key ID>", options); } public void execute(String[] args) { diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyTemplateFindCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyTemplateFindCLI.java new file mode 100644 index 000000000..2d66943b6 --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/key/KeyTemplateFindCLI.java @@ -0,0 +1,66 @@ +package com.netscape.cmstools.key; + +import java.io.File; +import java.io.FileNotFoundException; +import java.util.ArrayList; + +import javax.xml.bind.JAXBException; + +import com.netscape.certsrv.base.ResourceMessage; +import com.netscape.certsrv.key.KeyTemplate; +import com.netscape.certsrv.key.SymKeyGenerationRequest; +import com.netscape.cmstools.cli.CLI; +import com.netscape.cmstools.cli.MainCLI; + +public class KeyTemplateFindCLI extends CLI { + public KeyCLI keyCLI; + + public ArrayList<KeyTemplate> templates = new ArrayList<KeyTemplate>(); + + public KeyTemplateFindCLI(KeyCLI keyCLI) { + super("template-find", "List request template IDs", keyCLI); + this.keyCLI = keyCLI; + } + + public void printHelp() { + formatter.printHelp(getFullName() + " [OPTIONS]", options); + } + + public void execute(String[] args) { + + try { + createTemplateList(); + } catch (FileNotFoundException | JAXBException e) { + System.err.println("Error: " + e.getMessage()); + if (verbose) + e.printStackTrace(); + System.exit(-1); + } + MainCLI.printMessage("List of templates"); + for (KeyTemplate template : templates) { + template.printTemplateInfo(); + } + System.out.println(); + } + + public void createTemplateList() throws FileNotFoundException, JAXBException { + String templateDir = "/usr/share/pki/key/templates/"; + File file = new File(templateDir); + if (!file.exists()) { + System.err.println("Error: Missing template files."); + System.exit(-1); + } + KeyTemplate template = null; + ResourceMessage data = null; + String[] templateFiles = file.list(); + for (String templateName : templateFiles) { + if (templateName.indexOf(".xml") == -1) { + continue; + } + String id = templateName.substring(0, templateName.indexOf(".xml")); + data = ResourceMessage.unmarshall(SymKeyGenerationRequest.class, templateDir + templateName); + template = new KeyTemplate(id, data.getAttribute("description")); + templates.add(template); + } + } +} diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyTemplateShowCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyTemplateShowCLI.java new file mode 100644 index 000000000..872053afe --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/key/KeyTemplateShowCLI.java @@ -0,0 +1,93 @@ +package com.netscape.cmstools.key; + +import java.io.FileNotFoundException; +import java.io.FileOutputStream; +import java.io.IOException; + +import javax.xml.bind.JAXBException; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.Option; +import org.apache.commons.cli.ParseException; + +import com.netscape.certsrv.base.ResourceMessage; +import com.netscape.certsrv.key.KeyArchivalRequest; +import com.netscape.cmstools.cli.CLI; +import com.netscape.cmstools.cli.MainCLI; + +public class KeyTemplateShowCLI extends CLI { + public KeyCLI keyCLI; + + public KeyTemplateShowCLI(KeyCLI keyCLI) { + super("template-show", "Get request template", keyCLI); + this.keyCLI = keyCLI; + } + + public void printHelp() { + formatter.printHelp(getFullName() + + " <Template ID> [OPTIONS]", options); + } + + public void execute(String[] args) { + + Option option = new Option(null, "output-file", true, "Location where the template has to be stored."); + option.setArgName("File to write the template to."); + options.addOption(option); + + CommandLine cmd = null; + try { + cmd = parser.parse(options, args); + } catch (ParseException e) { + System.err.println("Error: " + e.getMessage()); + printHelp(); + System.exit(-1); + } + + String[] cmdArgs = cmd.getArgs(); + if (cmdArgs.length < 1) { + printHelp(); + System.exit(-1); + } + + String templateId = cmdArgs[0]; + String writeToFile = cmd.getOptionValue("output-file"); + String templateDir = "/usr/share/pki/key/templates/"; + String templatePath = templateDir + templateId + ".xml"; + ResourceMessage data = null; + try { + data = ResourceMessage.unmarshall(KeyArchivalRequest.class, templatePath); + } catch (FileNotFoundException | JAXBException e2) { + System.err.println("Error: " + e2.getMessage()); + if(verbose) + e2.printStackTrace(); + System.exit(-1); + }; + + if (writeToFile != null) { + try (FileOutputStream fOS = new FileOutputStream(writeToFile)) { + data.marshall(fOS); + } catch (JAXBException e) { + System.err.println("Error: Cannot write the file"); + if (verbose) + e.printStackTrace(); + } catch (FileNotFoundException e) { + System.err.println("Error: Cannot write the file"); + if (verbose) + e.printStackTrace(); + } catch (IOException e1) { + System.err.println("Error: " + e1.getMessage()); + if (verbose) + e1.printStackTrace(); + } + } else { + MainCLI.printMessage(data.getAttribute("description")); + try { + data.marshall(System.out); + } catch (JAXBException e) { + System.err.println(e.getMessage()); + if (verbose) + e.printStackTrace(); + } + } + } +} diff --git a/specs/pki-core.spec b/specs/pki-core.spec index 6e10ac0e3..65a154253 100644 --- a/specs/pki-core.spec +++ b/specs/pki-core.spec @@ -839,6 +839,7 @@ fi %{_datadir}/pki/VERSION %{_datadir}/pki/etc/ %{_datadir}/pki/upgrade/ +%{_datadir}/pki/key/templates %dir %{_sysconfdir}/pki %config(noreplace) %{_sysconfdir}/pki/pki.conf %dir %{_javadir}/pki @@ -1017,6 +1018,8 @@ fi - Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python - TRAC Ticket #840 - pkispawn requires policycoreutils-python - Updated requirements for resteasy +- Added template files for archive, retrieve and generate key + requests to the client package. * Fri Nov 15 2013 Ade Lee <alee@redhat.com> 10.1.0-1 - Trac Ticket 788 - Clean up spec files |