diff options
author | Ade Lee <alee@redhat.com> | 2017-05-26 13:06:18 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2017-06-07 16:00:41 -0400 |
commit | 38df4274214938ceece85627abb6d4fe77b960ff (patch) | |
tree | c3361a13185302f03ddb4162aa04f5816190c27d /base/common/src | |
parent | 9db838825b60719e6670c92957db3f33c5b12ae0 (diff) | |
download | pki-38df4274214938ceece85627abb6d4fe77b960ff.tar.gz pki-38df4274214938ceece85627abb6d4fe77b960ff.tar.xz pki-38df4274214938ceece85627abb6d4fe77b960ff.zip |
Refactor client to not use keysets
It is simpler to simply tell the client which
algorithm to use for key wrapping and encryption, rather
than use key sets. Therefore:
* KRAInfo and CAInfo are refactored to provide the
algorithms required for key wrapping and encryption.
* Client is modified to use these parameters to determine
which algorithms to use.
* We specify the OIDs that will be used in the PKIARchiveOptions
more correctly. The options are basically:
AES-128-CBC, DES3-CBC, AES KeyWrap/Pad
Change-Id: Ic3fca902bbc45f7f72bcd4676c994f8a89c3a409
Diffstat (limited to 'base/common/src')
-rw-r--r-- | base/common/src/org/dogtagpki/common/CAInfo.java | 34 | ||||
-rw-r--r-- | base/common/src/org/dogtagpki/common/KRAInfo.java | 34 |
2 files changed, 58 insertions, 10 deletions
diff --git a/base/common/src/org/dogtagpki/common/CAInfo.java b/base/common/src/org/dogtagpki/common/CAInfo.java index f21dcd0d7..0f68c7ab7 100644 --- a/base/common/src/org/dogtagpki/common/CAInfo.java +++ b/base/common/src/org/dogtagpki/common/CAInfo.java @@ -54,7 +54,8 @@ public class CAInfo extends ResourceMessage { } String archivalMechanism; - String wrappingKeySet; + String encryptAlgorithm; + String keyWrapAlgorithm; @XmlElement(name="ArchivalMechanism") public String getArchivalMechanism() { @@ -65,13 +66,20 @@ public class CAInfo extends ResourceMessage { this.archivalMechanism = archivalMechanism; } - @XmlElement(name="WrappingKeySet") - public String getWrappingKeySet() { - return wrappingKeySet; + public String getEncryptAlgorithm() { + return encryptAlgorithm; } - public void setWrappingKeySet(String wrappingKeySet) { - this.wrappingKeySet = wrappingKeySet; + public void setEncryptAlgorithm(String encryptAlgorithm) { + this.encryptAlgorithm = encryptAlgorithm; + } + + public String getKeyWrapAlgorithm() { + return keyWrapAlgorithm; + } + + public void setKeyWrapAlgorithm(String keyWrapAlgorithm) { + this.keyWrapAlgorithm = keyWrapAlgorithm; } @Override @@ -79,7 +87,8 @@ public class CAInfo extends ResourceMessage { final int prime = 31; int result = super.hashCode(); result = prime * result + ((archivalMechanism == null) ? 0 : archivalMechanism.hashCode()); - result = prime * result + ((wrappingKeySet == null) ? 0 : wrappingKeySet.hashCode()); + result = prime * result + ((encryptAlgorithm == null) ? 0 : encryptAlgorithm.hashCode()); + result = prime * result + ((keyWrapAlgorithm == null) ? 0 : keyWrapAlgorithm.hashCode()); return result; } @@ -97,10 +106,15 @@ public class CAInfo extends ResourceMessage { return false; } else if (!archivalMechanism.equals(other.archivalMechanism)) return false; - if (wrappingKeySet == null) { - if (other.wrappingKeySet != null) + if (encryptAlgorithm == null) { + if (other.encryptAlgorithm != null) + return false; + } else if (!encryptAlgorithm.equals(other.encryptAlgorithm)) + return false; + if (keyWrapAlgorithm == null) { + if (other.keyWrapAlgorithm != null) return false; - } else if (!wrappingKeySet.equals(other.wrappingKeySet)) + } else if (!keyWrapAlgorithm.equals(other.keyWrapAlgorithm)) return false; return true; } diff --git a/base/common/src/org/dogtagpki/common/KRAInfo.java b/base/common/src/org/dogtagpki/common/KRAInfo.java index e17bd642d..66fb99246 100644 --- a/base/common/src/org/dogtagpki/common/KRAInfo.java +++ b/base/common/src/org/dogtagpki/common/KRAInfo.java @@ -55,6 +55,8 @@ public class KRAInfo extends ResourceMessage { String archivalMechanism; String recoveryMechanism; + String encryptAlgorithm; + String wrapAlgorithm; @XmlElement(name="ArchivalMechanism") public String getArchivalMechanism() { @@ -74,12 +76,32 @@ public class KRAInfo extends ResourceMessage { this.recoveryMechanism = recoveryMechanism; } + @XmlElement(name="EncryptAlgorithm") + public String getEncryptAlgorithm() { + return encryptAlgorithm; + } + + public void setEncryptAlgorithm(String encryptAlgorithm) { + this.encryptAlgorithm = encryptAlgorithm; + } + + @XmlElement(name="WrapAlgorithm") + public String getWrapAlgorithm() { + return wrapAlgorithm; + } + + public void setWrapAlgorithm(String wrapAlgorithm) { + this.wrapAlgorithm = wrapAlgorithm; + } + @Override public int hashCode() { final int prime = 31; int result = super.hashCode(); result = prime * result + ((archivalMechanism == null) ? 0 : archivalMechanism.hashCode()); + result = prime * result + ((encryptAlgorithm == null) ? 0 : encryptAlgorithm.hashCode()); result = prime * result + ((recoveryMechanism == null) ? 0 : recoveryMechanism.hashCode()); + result = prime * result + ((wrapAlgorithm == null) ? 0 : wrapAlgorithm.hashCode()); return result; } @@ -97,11 +119,21 @@ public class KRAInfo extends ResourceMessage { return false; } else if (!archivalMechanism.equals(other.archivalMechanism)) return false; + if (encryptAlgorithm == null) { + if (other.encryptAlgorithm != null) + return false; + } else if (!encryptAlgorithm.equals(other.encryptAlgorithm)) + return false; if (recoveryMechanism == null) { if (other.recoveryMechanism != null) return false; } else if (!recoveryMechanism.equals(other.recoveryMechanism)) return false; + if (wrapAlgorithm == null) { + if (other.wrapAlgorithm != null) + return false; + } else if (!wrapAlgorithm.equals(other.wrapAlgorithm)) + return false; return true; } @@ -125,6 +157,8 @@ public class KRAInfo extends ResourceMessage { KRAInfo before = new KRAInfo(); before.setArchivalMechanism("encrypt"); before.setRecoveryMechanism("keywrap"); + before.setEncryptAlgorithm("AES/CBC/Pad"); + before.setWrapAlgorithm("AES KeyWrap/Padding"); String string = before.toString(); System.out.println(string); |