diff options
| author | Abhishek Koneru <akoneru@redhat.com> | 2014-07-24 11:20:12 -0400 |
|---|---|---|
| committer | Abhishek Koneru <akoneru@redhat.com> | 2014-08-27 01:15:35 -0400 |
| commit | 6444287caa2ad171086d0ce9d93761a897247e06 (patch) | |
| tree | 86e13cafc3f7b866be86b21cf0d96e401d0b9f01 /base/common/src/com/netscape | |
| parent | 8e464b6ba5d83d7915978db5841967f20672dfd0 (diff) | |
| download | pki-6444287caa2ad171086d0ce9d93761a897247e06.tar.gz pki-6444287caa2ad171086d0ce9d93761a897247e06.tar.xz pki-6444287caa2ad171086d0ce9d93761a897247e06.zip | |
Generate asymmetric keys in the DRM.
Adds methods to key client to generate asymmetric keys using
algorithms RSA and DSA for a valid key sizes of 512, 1024, 2048,4096.
The generated keys are archived in the database.
Using the CLI, the public key(base64 encoded) can be retrieved by using
the key-show command.
The private key(base64 encoded) can be retrieved using the key-retrieve
command.
Ticket #1023
Diffstat (limited to 'base/common/src/com/netscape')
8 files changed, 339 insertions, 100 deletions
diff --git a/base/common/src/com/netscape/certsrv/base/ResourceMessage.java b/base/common/src/com/netscape/certsrv/base/ResourceMessage.java index 34d7c2b11..1214b45fb 100644 --- a/base/common/src/com/netscape/certsrv/base/ResourceMessage.java +++ b/base/common/src/com/netscape/certsrv/base/ResourceMessage.java @@ -26,6 +26,7 @@ import javax.xml.bind.annotation.XmlValue; import javax.xml.bind.annotation.adapters.XmlAdapter; import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import com.netscape.certsrv.key.AsymKeyGenerationRequest; import com.netscape.certsrv.key.KeyArchivalRequest; import com.netscape.certsrv.key.KeyRecoveryRequest; import com.netscape.certsrv.key.SymKeyGenerationRequest; @@ -33,8 +34,9 @@ import com.netscape.certsrv.key.SymKeyGenerationRequest; /** * @author Ade Lee */ -@XmlRootElement(name="ResourceMessage") -@XmlSeeAlso({KeyArchivalRequest.class, KeyRecoveryRequest.class, SymKeyGenerationRequest.class, PKIException.Data.class}) +@XmlRootElement(name = "ResourceMessage") +@XmlSeeAlso({ KeyArchivalRequest.class, KeyRecoveryRequest.class, SymKeyGenerationRequest.class, + PKIException.Data.class, AsymKeyGenerationRequest.class }) @XmlAccessorType(XmlAccessType.NONE) public class ResourceMessage { @@ -46,7 +48,7 @@ public class ResourceMessage { } public ResourceMessage(MultivaluedMap<String, String> form) { - for (Map.Entry<String, List<String>> entry: form.entrySet()) { + for (Map.Entry<String, List<String>> entry : form.entrySet()) { attributes.put(entry.getKey(), entry.getValue().get(0)); } } diff --git a/base/common/src/com/netscape/certsrv/key/AsymKeyGenerationRequest.java b/base/common/src/com/netscape/certsrv/key/AsymKeyGenerationRequest.java new file mode 100644 index 000000000..867c06acf --- /dev/null +++ b/base/common/src/com/netscape/certsrv/key/AsymKeyGenerationRequest.java @@ -0,0 +1,115 @@ +//--- BEGIN COPYRIGHT BLOCK --- +//This program is free software; you can redistribute it and/or modify +//it under the terms of the GNU General Public License as published by +//the Free Software Foundation; version 2 of the License. +// +//This program is distributed in the hope that it will be useful, +//but WITHOUT ANY WARRANTY; without even the implied warranty of +//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +//GNU General Public License for more details. +// +//You should have received a copy of the GNU General Public License along +//with this program; if not, write to the Free Software Foundation, Inc., +//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +//(C) 2014 Red Hat, Inc. +//All rights reserved. +//--- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.key; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + +import javax.ws.rs.core.MultivaluedMap; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; + +import org.apache.commons.lang.StringUtils; + +import com.netscape.certsrv.base.ResourceMessage; + +@XmlRootElement(name = "AsymKeyGenerationRequest") +@XmlAccessorType(XmlAccessType.FIELD) +public class AsymKeyGenerationRequest extends KeyGenerationRequest { + + // Asymmetric Key Usages + public static final String ENCRYPT = "encrypt"; + public static final String DECRYPT = "decrypt"; + public static final String SIGN = "sign"; + public static final String SIGN_RECOVER = "sign_recover"; + public static final String VERIFY = "verify"; + public static final String VERIFY_RECOVER = "verify_recover"; + public static final String WRAP = "wrap"; + public static final String UNWRAP = "unwrap"; + public static final String DERIVE = "derive"; + + public AsymKeyGenerationRequest() { + // required for JAXB (defaults) + setClassName(getClass().getName()); + } + + public AsymKeyGenerationRequest(MultivaluedMap<String, String> form) { + attributes.put(CLIENT_KEY_ID, form.getFirst(CLIENT_KEY_ID)); + attributes.put(KEY_SIZE, form.getFirst(KEY_SIZE)); + attributes.put(KEY_ALGORITHM, form.getFirst(KEY_ALGORITHM)); + attributes.put(KEY_USAGE, form.getFirst(KEY_USAGE)); + attributes.put(TRANS_WRAPPED_SESSION_KEY, form.getFirst(TRANS_WRAPPED_SESSION_KEY)); + + String usageString = attributes.get(KEY_USAGE); + if (!StringUtils.isBlank(usageString)) { + setUsages(new ArrayList<String>(Arrays.asList(usageString.split(",")))); + } + setClassName(getClass().getName()); + } + + public AsymKeyGenerationRequest(ResourceMessage data) { + attributes.putAll(data.getAttributes()); + setClassName(getClass().getName()); + } + + public String toString() { + try { + return ResourceMessage.marshal(this, AsymKeyGenerationRequest.class); + } catch (Exception e) { + return super.toString(); + } + } + + public static AsymKeyGenerationRequest valueOf(String string) throws Exception { + try { + return ResourceMessage.unmarshal(string, AsymKeyGenerationRequest.class); + } catch (Exception e) { + return null; + } + } + + public static List<String> getValidUsagesList() { + List<String> list = new ArrayList<String>(); + list.add(DERIVE); + list.add(SIGN); + list.add(DECRYPT); + list.add(ENCRYPT); + list.add(WRAP); + list.add(UNWRAP); + list.add(SIGN_RECOVER); + list.add(VERIFY); + list.add(VERIFY_RECOVER); + + return list; + } + + public static void main(String[] args) { + AsymKeyGenerationRequest request = new AsymKeyGenerationRequest(); + request.setKeyAlgorithm(KeyRequestResource.RSA_ALGORITHM); + request.setKeySize(1024); + request.setClientKeyId("vek12345"); + List<String> usages = new ArrayList<String>(); + usages.add(AsymKeyGenerationRequest.ENCRYPT); + usages.add(AsymKeyGenerationRequest.DECRYPT); + request.setUsages(usages); + + System.out.println(request.toString()); + } +} diff --git a/base/common/src/com/netscape/certsrv/key/KeyClient.java b/base/common/src/com/netscape/certsrv/key/KeyClient.java index 9363a6a8c..262a33d8f 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyClient.java +++ b/base/common/src/com/netscape/certsrv/key/KeyClient.java @@ -249,11 +249,11 @@ public class KeyClient extends Client { * @param data -- A KeyArchivalRequest/KeyRecoveryRequest/SymKeyGenerationRequest object * @return A KeyRequestResponse object */ - private KeyRequestResponse createRequest(ResourceMessage request) { + private KeyRequestResponse submitRequest(ResourceMessage request) { if (request == null) { throw new IllegalArgumentException("A Request object must be specified."); } - Response response = keyRequestClient.createRequest(request); + Response response = keyRequestClient.submitRequest(request); return client.getEntity(response, KeyRequestResponse.class); } @@ -296,7 +296,7 @@ public class KeyClient extends Client { data.setCertificate(b64Certificate); } - return createRequest(data); + return submitRequest(data); } /** @@ -612,7 +612,7 @@ public class KeyClient extends Client { data.setWrappedPrivateData(req1); data.setTransWrappedSessionKey(Utils.base64encode(transWrappedSessionKey)); - return createRequest(data); + return submitRequest(data); } /** @@ -653,15 +653,15 @@ public class KeyClient extends Client { String options = Utils.base64encode(pkiArchiveOptions); data.setPKIArchiveOptions(options); - return createRequest(data); + return submitRequest(data); } /** - * Generate and archive a symmetric key on the DRM. + * Generate and archive a symmetric key in the DRM. * * @param clientKeyId -- Client Key Identifier * @param keyAlgorithm -- Algorithm to be used to generate the key - * @param keySize -- Strength of the algorithm + * @param keySize -- Strength of the keys * @param usages -- Usages of the generated key. * @return a KeyRequestResponse which contains a KeyRequestInfo * object that describes the URL for the request and generated key. @@ -687,6 +687,66 @@ public class KeyClient extends Client { data.setUsages(usages); data.setTransWrappedSessionKey(transWrappedSessionKey); - return createRequest(data); + return submitRequest(data); + } + + /** + * Generate and archive an asymmetric keys in the DRM + * + * @param clientKeyId -- Client Key Identifier + * @param keyAlgorithm -- Algorithm to be used to generate the asymmetric keys + * @param keySize -- Strength of the keys + * @param usages + * @param transWrappedSessionKey + * @return + */ + public KeyRequestResponse generateAsymmetricKey(String clientKeyId, String keyAlgorithm, int keySize, + List<String> usages, byte[] transWrappedSessionKey) { + + if (clientKeyId == null) { + throw new IllegalArgumentException("Client Key Identifier must be specified."); + } + + //Validate the usages list + List<String> validUsages = AsymKeyGenerationRequest.getValidUsagesList(); + if (usages != null) { + for (String usage : usages) { + if (!validUsages.contains(usage)) { + throw new IllegalArgumentException("Invalid usage \"" + usage + "\" specified."); + } + } + } + if (!(keyAlgorithm.equals(KeyRequestResource.RSA_ALGORITHM) || keyAlgorithm + .equals(KeyRequestResource.DSA_ALGORITHM))) { + throw new IllegalArgumentException("Unsupported algorithm specified."); + } + + /* + * For RSA, JSS accepts key sizes that fall in this set of values: + * {256 + (16 * n), where 0 <= n <= 1008 + * + * For DSA, JSS accepts key sizes 512, 768, 1024 only when there are no p,q,g params specified. + */ + if (keyAlgorithm.equals(KeyRequestResource.RSA_ALGORITHM)) { + if (keySize >= 256) { + if ((keySize - 256) % 16 != 0) { + throw new IllegalArgumentException("Invalid key size specified."); + } + } else { + throw new IllegalArgumentException("Invalid key size specified."); + } + } else if (keyAlgorithm.equals(KeyRequestResource.DSA_ALGORITHM)) { + if (keySize != 512 && keySize != 768 && keySize != 1024) { + throw new IllegalArgumentException("Invalid key size specified."); + } + } + AsymKeyGenerationRequest data = new AsymKeyGenerationRequest(); + data.setClientKeyId(clientKeyId); + data.setKeyAlgorithm(keyAlgorithm); + data.setKeySize(keySize); + data.setUsages(usages); + data.setTransWrappedSessionKey(Utils.base64encode(transWrappedSessionKey)); + + return submitRequest(data); } } diff --git a/base/common/src/com/netscape/certsrv/key/KeyGenerationRequest.java b/base/common/src/com/netscape/certsrv/key/KeyGenerationRequest.java new file mode 100644 index 000000000..ed36b6d9d --- /dev/null +++ b/base/common/src/com/netscape/certsrv/key/KeyGenerationRequest.java @@ -0,0 +1,125 @@ +//--- BEGIN COPYRIGHT BLOCK --- +//This program is free software; you can redistribute it and/or modify +//it under the terms of the GNU General Public License as published by +//the Free Software Foundation; version 2 of the License. +// +//This program is distributed in the hope that it will be useful, +//but WITHOUT ANY WARRANTY; without even the implied warranty of +//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +//GNU General Public License for more details. +// +//You should have received a copy of the GNU General Public License along +//with this program; if not, write to the Free Software Foundation, Inc., +//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +//(C) 2014 Red Hat, Inc. +//All rights reserved. +//--- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.key; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + +import org.apache.commons.lang.StringUtils; + +import com.netscape.certsrv.base.ResourceMessage; + +/** + * Class to define the common attributes and methods used by + * SymKeyGenerationRequest and AsymKeyGenerationRequest + * @author akoneru + * + */ +public class KeyGenerationRequest extends ResourceMessage{ + + protected static final String CLIENT_KEY_ID = "clientKeyID"; + protected static final String KEY_SIZE = "keySize"; + protected static final String KEY_ALGORITHM = "keyAlgorithm"; + protected static final String KEY_USAGE = "keyUsage"; + protected static final String TRANS_WRAPPED_SESSION_KEY = "transWrappedSessionKey"; + + + public List<String> getUsages() { + String usageString = attributes.get(KEY_USAGE); + if (!StringUtils.isBlank(usageString)) { + return new ArrayList<String>(Arrays.asList(usageString.split(","))); + } + return new ArrayList<String>(); + } + + public void setUsages(List<String> usages) { + attributes.put(KEY_USAGE, StringUtils.join(usages, ",")); + } + + public void addUsage(String usage) { + List<String> usages = getUsages(); + for (String u : usages) { + if (u.equals(usage)) + return; + } + usages.add(usage); + setUsages(usages); + } + + /** + * @return the clientKeyId + */ + public String getClientKeyId() { + return attributes.get(CLIENT_KEY_ID); + } + + /** + * @param clientKeyId the clientKeyId to set + */ + public void setClientKeyId(String clientKeyId) { + attributes.put(CLIENT_KEY_ID, clientKeyId); + } + + /** + * @return the keySize + */ + public Integer getKeySize() { + try { + return new Integer(attributes.get(KEY_SIZE)); + } catch (NumberFormatException e) { + return null; + } + } + + /** + * @param keySize the key size to set + */ + public void setKeySize(Integer keySize) { + attributes.put(KEY_SIZE, keySize.toString()); + } + + /** + * @return the keyAlgorithm + */ + public String getKeyAlgorithm() { + return attributes.get(KEY_ALGORITHM); + } + + /** + * @param keyAlgorithm the key algorithm to set + */ + public void setKeyAlgorithm(String keyAlgorithm) { + attributes.put(KEY_ALGORITHM, keyAlgorithm); + } + + /** + * @return the transWrappedSessionKey + */ + public String getTransWrappedSessionKey() { + return attributes.get(TRANS_WRAPPED_SESSION_KEY); + } + + /** + * @param transWrappedSessionKey the wrapped seesion key to set + */ + public void setTransWrappedSessionKey(String transWrappedSessionKey) { + attributes.put(TRANS_WRAPPED_SESSION_KEY, transWrappedSessionKey); + } + +} diff --git a/base/common/src/com/netscape/certsrv/key/KeyInfo.java b/base/common/src/com/netscape/certsrv/key/KeyInfo.java index 10da545d8..71a858e6b 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyInfo.java +++ b/base/common/src/com/netscape/certsrv/key/KeyInfo.java @@ -54,6 +54,9 @@ public class KeyInfo { @XmlElement protected String ownerName; + @XmlElement + protected String publicKey; + public KeyInfo() { // required for JAXB (defaults) } @@ -125,4 +128,12 @@ public class KeyInfo { public void setOwnerName(String ownerName) { this.ownerName = ownerName; } + + public String getPublicKey() { + return publicKey; + } + + public void setPublicKey(String publicKey) { + this.publicKey = publicKey; + } } diff --git a/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java b/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java index fb82afe19..768127e42 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java +++ b/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java @@ -35,6 +35,11 @@ public interface KeyRequestResource { public static final String RC4_ALGORITHM = "RC4"; public static final String AES_ALGORITHM = "AES"; + // Asymmetric Key algorithms + public final static String RSA_ALGORITHM = "RSA"; + public final static String DSA_ALGORITHM = "DSA"; + public final static String EC_ALGORITHM = "EC"; // Not supported yet. + /** * Used to generate list of key requests based on the search parameters */ @@ -51,11 +56,11 @@ public interface KeyRequestResource { @POST @ClientResponseType(entityType=KeyRequestResponse.class) @Consumes({ MediaType.APPLICATION_FORM_URLENCODED}) - public Response createRequest(MultivaluedMap<String, String> form); + public Response submitRequest(MultivaluedMap<String, String> form); @POST @ClientResponseType(entityType=KeyRequestResponse.class) - public Response createRequest(ResourceMessage data); + public Response submitRequest(ResourceMessage data); /** * Used to retrieve key request info for a specific request diff --git a/base/common/src/com/netscape/certsrv/key/SymKeyGenerationRequest.java b/base/common/src/com/netscape/certsrv/key/SymKeyGenerationRequest.java index a2440d7cb..7f65d0e59 100644 --- a/base/common/src/com/netscape/certsrv/key/SymKeyGenerationRequest.java +++ b/base/common/src/com/netscape/certsrv/key/SymKeyGenerationRequest.java @@ -19,13 +19,7 @@ import com.netscape.certsrv.base.ResourceMessage; */ @XmlRootElement(name = "SymKeyGenerationRequest") @XmlAccessorType(XmlAccessType.FIELD) -public class SymKeyGenerationRequest extends ResourceMessage { - - private static final String CLIENT_KEY_ID = "clientKeyID"; - private static final String KEY_SIZE = "keySize"; - private static final String KEY_ALGORITHM = "keyAlgorithm"; - private static final String KEY_USAGE = "keyUsage"; - private static final String TRANS_WRAPPED_SESSION_KEY = "transWrappedSessionKey"; +public class SymKeyGenerationRequest extends KeyGenerationRequest { /* Symmetric Key usages */ public static final String UWRAP_USAGE = "unwrap"; @@ -35,28 +29,6 @@ public class SymKeyGenerationRequest extends ResourceMessage { public static final String DECRYPT_USAGE = "decrypt"; public static final String ENCRYPT_USAGE = "encrypt"; - public List<String> getUsages() { - String usageString = attributes.get(KEY_USAGE); - if (!StringUtils.isBlank(usageString)) { - return new ArrayList<String>(Arrays.asList(usageString.split(","))); - } - return new ArrayList<String>(); - } - - public void setUsages(List<String> usages) { - attributes.put(KEY_USAGE, StringUtils.join(usages, ",")); - } - - public void addUsage(String usage) { - List<String> usages = getUsages(); - for (String u : usages) { - if (u.equals(usage)) - return; - } - usages.add(usage); - setUsages(usages); - } - public SymKeyGenerationRequest() { // required for JAXB (defaults) setClassName(getClass().getName()); @@ -82,59 +54,6 @@ public class SymKeyGenerationRequest extends ResourceMessage { } /** - * @return the clientKeyId - */ - public String getClientKeyId() { - return attributes.get(CLIENT_KEY_ID); - } - - /** - * @param clientKeyId the clientKeyId to set - */ - public void setClientKeyId(String clientKeyId) { - attributes.put(CLIENT_KEY_ID, clientKeyId); - } - - /** - * @return the keySize - */ - public Integer getKeySize() { - try { - return new Integer(attributes.get(KEY_SIZE)); - } catch (NumberFormatException e) { - return null; - } - } - - /** - * @param keySize the key size to set - */ - public void setKeySize(Integer keySize) { - attributes.put(KEY_SIZE, keySize.toString()); - } - - /** - * @return the keyAlgorithm - */ - public String getKeyAlgorithm() { - return attributes.get(KEY_ALGORITHM); - } - - /** - * @param keyAlgorithm the key algorithm to set - */ - public void setKeyAlgorithm(String keyAlgorithm) { - attributes.put(KEY_ALGORITHM, keyAlgorithm); - } - - /** - * @return the transWrappedSessionKey - */ - public String getTransWrappedSessionKey() { - return attributes.get(TRANS_WRAPPED_SESSION_KEY); - } - - /** * @param transWrappedSessionKey the wrapped seesion key to set */ public void setTransWrappedSessionKey(String transWrappedSessionKey) { diff --git a/base/common/src/com/netscape/certsrv/request/IRequest.java b/base/common/src/com/netscape/certsrv/request/IRequest.java index 885cb72a6..8d4ec98fb 100644 --- a/base/common/src/com/netscape/certsrv/request/IRequest.java +++ b/base/common/src/com/netscape/certsrv/request/IRequest.java @@ -169,12 +169,14 @@ public interface IRequest extends Serializable { public static final String SECURITY_DATA_SESS_WRAPPED_DATA = "sessWrappedSecData"; public static final String SECURITY_DATA_PASS_WRAPPED_DATA = "passPhraseWrappedData"; - // symkey generation request attributes + // key generation request attributes + public static final String ASYMKEY_GENERATION_REQUEST = "asymkeyGenRequest"; public static final String SYMKEY_GENERATION_REQUEST = "symkeyGenRequest"; - public static final String SYMKEY_GEN_ALGORITHM = "symkeyGenAlgorithm"; - public static final String SYMKEY_GEN_SIZE = "symkeyGenSize"; - public static final String SYMKEY_GEN_USAGES = "symkeyGenUsages"; - public static final String SYMKEY_TRANS_WRAPPED_SESSION_KEY = "transWrappedSessionKey"; + + public static final String KEY_GEN_ALGORITHM = "keyGenAlgorithm"; + public static final String KEY_GEN_SIZE = "keyGenSize"; + public static final String KEY_GEN_USAGES = "keyGenUsages"; + public static final String KEY_GEN_TRANS_WRAPPED_SESSION_KEY = "transWrappedSessionKey"; // requestor type values. public static final String REQUESTOR_EE = "EE"; |