Refactor client to not use keysets

It is simpler to simply tell the client which algorithm to use for key wrapping and encryption, rather than use key sets. Therefore: * KRAInfo and CAInfo are refactored to provide the algorithms required for key wrapping and encryption. * Client is modified to use these parameters to determine which algorithms to use. * We specify the OIDs that will be used in the PKIARchiveOptions more correctly. The options are basically: AES-128-CBC, DES3-CBC, AES KeyWrap/Pad Change-Id: Ic3fca902bbc45f7f72bcd4676c994f8a89c3a409
author: Ade Lee <alee@redhat.com> 2017-05-26 13:06:18 -0400
committer: Ade Lee <alee@redhat.com> 2017-06-07 16:00:41 -0400
commit: 38df4274214938ceece85627abb6d4fe77b960ff (patch)
tree: c3361a13185302f03ddb4162aa04f5816190c27d /base/common/src
parent: 9db838825b60719e6670c92957db3f33c5b12ae0 (diff)
download: pki-38df4274214938ceece85627abb6d4fe77b960ff.tar.gz
pki-38df4274214938ceece85627abb6d4fe77b960ff.tar.xz
pki-38df4274214938ceece85627abb6d4fe77b960ff.zip
2 files changed, 58 insertions, 10 deletions
diff --git a/base/common/src/org/dogtagpki/common/CAInfo.java b/base/common/src/org/dogtagpki/common/CAInfo.java
index f21dcd0d7..0f68c7ab7 100644
--- a/base/common/src/org/dogtagpki/common/CAInfo.java
+++ b/base/common/src/org/dogtagpki/common/CAInfo.java
@@ -54,7 +54,8 @@ public class CAInfo extends ResourceMessage {
     }
 
     String archivalMechanism;
-    String wrappingKeySet;
+    String encryptAlgorithm;
+    String keyWrapAlgorithm;
 
     @XmlElement(name="ArchivalMechanism")
     public String getArchivalMechanism() {
@@ -65,13 +66,20 @@ public class CAInfo extends ResourceMessage {
         this.archivalMechanism = archivalMechanism;
     }
 
-    @XmlElement(name="WrappingKeySet")
-    public String getWrappingKeySet() {
-        return wrappingKeySet;
+    public String getEncryptAlgorithm() {
+        return encryptAlgorithm;
     }
 
-    public void setWrappingKeySet(String wrappingKeySet) {
-        this.wrappingKeySet = wrappingKeySet;
+    public void setEncryptAlgorithm(String encryptAlgorithm) {
+        this.encryptAlgorithm = encryptAlgorithm;
+    }
+
+    public String getKeyWrapAlgorithm() {
+        return keyWrapAlgorithm;
+    }
+
+    public void setKeyWrapAlgorithm(String keyWrapAlgorithm) {
+        this.keyWrapAlgorithm = keyWrapAlgorithm;
     }
 
     @Override
@@ -79,7 +87,8 @@ public class CAInfo extends ResourceMessage {
         final int prime = 31;
         int result = super.hashCode();
         result = prime * result + ((archivalMechanism == null) ? 0 : archivalMechanism.hashCode());
-        result = prime * result + ((wrappingKeySet == null) ? 0 : wrappingKeySet.hashCode());
+        result = prime * result + ((encryptAlgorithm == null) ? 0 : encryptAlgorithm.hashCode());
+        result = prime * result + ((keyWrapAlgorithm == null) ? 0 : keyWrapAlgorithm.hashCode());
         return result;
     }
 
@@ -97,10 +106,15 @@ public class CAInfo extends ResourceMessage {
                 return false;
         } else if (!archivalMechanism.equals(other.archivalMechanism))
             return false;
-        if (wrappingKeySet == null) {
-            if (other.wrappingKeySet != null)
+        if (encryptAlgorithm == null) {
+            if (other.encryptAlgorithm != null)
+                return false;
+        } else if (!encryptAlgorithm.equals(other.encryptAlgorithm))
+            return false;
+        if (keyWrapAlgorithm == null) {
+            if (other.keyWrapAlgorithm != null)
                 return false;
-        } else if (!wrappingKeySet.equals(other.wrappingKeySet))
+        } else if (!keyWrapAlgorithm.equals(other.keyWrapAlgorithm))
             return false;
         return true;
     }
diff --git a/base/common/src/org/dogtagpki/common/KRAInfo.java b/base/common/src/org/dogtagpki/common/KRAInfo.java
index e17bd642d..66fb99246 100644
--- a/base/common/src/org/dogtagpki/common/KRAInfo.java
+++ b/base/common/src/org/dogtagpki/common/KRAInfo.java
@@ -55,6 +55,8 @@ public class KRAInfo extends ResourceMessage {
 
     String archivalMechanism;
     String recoveryMechanism;
+    String encryptAlgorithm;
+    String wrapAlgorithm;
 
     @XmlElement(name="ArchivalMechanism")
     public String getArchivalMechanism() {
@@ -74,12 +76,32 @@ public class KRAInfo extends ResourceMessage {
         this.recoveryMechanism = recoveryMechanism;
     }
 
+    @XmlElement(name="EncryptAlgorithm")
+    public String getEncryptAlgorithm() {
+        return encryptAlgorithm;
+    }
+
+    public void setEncryptAlgorithm(String encryptAlgorithm) {
+        this.encryptAlgorithm = encryptAlgorithm;
+    }
+
+    @XmlElement(name="WrapAlgorithm")
+    public String getWrapAlgorithm() {
+        return wrapAlgorithm;
+    }
+
+    public void setWrapAlgorithm(String wrapAlgorithm) {
+        this.wrapAlgorithm = wrapAlgorithm;
+    }
+
     @Override
     public int hashCode() {
         final int prime = 31;
         int result = super.hashCode();
         result = prime * result + ((archivalMechanism == null) ? 0 : archivalMechanism.hashCode());
+        result = prime * result + ((encryptAlgorithm == null) ? 0 : encryptAlgorithm.hashCode());
         result = prime * result + ((recoveryMechanism == null) ? 0 : recoveryMechanism.hashCode());
+        result = prime * result + ((wrapAlgorithm == null) ? 0 : wrapAlgorithm.hashCode());
         return result;
     }
 
@@ -97,11 +119,21 @@ public class KRAInfo extends ResourceMessage {
                 return false;
         } else if (!archivalMechanism.equals(other.archivalMechanism))
             return false;
+        if (encryptAlgorithm == null) {
+            if (other.encryptAlgorithm != null)
+                return false;
+        } else if (!encryptAlgorithm.equals(other.encryptAlgorithm))
+            return false;
         if (recoveryMechanism == null) {
             if (other.recoveryMechanism != null)
                 return false;
         } else if (!recoveryMechanism.equals(other.recoveryMechanism))
             return false;
+        if (wrapAlgorithm == null) {
+            if (other.wrapAlgorithm != null)
+                return false;
+        } else if (!wrapAlgorithm.equals(other.wrapAlgorithm))
+            return false;
         return true;
     }
 
@@ -125,6 +157,8 @@ public class KRAInfo extends ResourceMessage {
         KRAInfo before = new KRAInfo();
         before.setArchivalMechanism("encrypt");
         before.setRecoveryMechanism("keywrap");
+        before.setEncryptAlgorithm("AES/CBC/Pad");
+        before.setWrapAlgorithm("AES KeyWrap/Padding");
 
         String string = before.toString();
         System.out.println(string);
author	Ade Lee <alee@redhat.com>	2017-05-26 13:06:18 -0400
committer	Ade Lee <alee@redhat.com>	2017-06-07 16:00:41 -0400
commit	38df4274214938ceece85627abb6d4fe77b960ff (patch)
tree	c3361a13185302f03ddb4162aa04f5816190c27d /base/common/src
parent	9db838825b60719e6670c92957db3f33c5b12ae0 (diff)
download	pki-38df4274214938ceece85627abb6d4fe77b960ff.tar.gz pki-38df4274214938ceece85627abb6d4fe77b960ff.tar.xz pki-38df4274214938ceece85627abb6d4fe77b960ff.zip