Use AES-CBC in storage unit for archival in key wrapping

When AES-KW or AES-KWP is not available, we need to be sure to use
a key wrap algorithm that is available for keywrap.  This would
be AES-CBC.  Removes some TODOs.

Refactor so that getWrappingParams is only defined on the StorageUnit,
which is where it makes sense in any case.

Part of Bugzilla BZ# 1386303

Change-Id: I28711f7fe0a00e9d12d26c6e170fb125418d6d51

2 files changed, 6 insertions, 2 deletions

diff --git a/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java b/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java
index add15cb81..e55713dd6 100644
--- a/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java
+++ b/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java
@@ -63,7 +63,5 @@ public interface IEncryptionUnit extends IToken {
             SymmetricKey.Usage usage, WrappingParams params) throws Exception;
 
 
-    public WrappingParams getWrappingParams() throws Exception;
-
     public WrappingParams getOldWrappingParams();
 }
diff --git a/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java b/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java
index cd941438a..bfc601202 100644
--- a/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java
+++ b/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java
@@ -174,4 +174,10 @@ public interface IStorageKeyUnit extends IEncryptionUnit {
     public PrivateKey unwrap(byte privateKey[], PublicKey pubKey, boolean temporary,
             WrappingParams params) throws Exception;
 
+    /**
+     * Get the wrapping parameters for this storage unit
+     *
+     */
+    public WrappingParams getWrappingParams(boolean encrypt) throws Exception;
+
 }