Refactor code that creates PKIArchiveOptions objects

* Refactor code in CryptoUtil to parametrize the algorithms used.
* Moved WrappingParams to utils jar to allow correct compilation.
* Removed code that created a PKIArchiveOptions structure from
  CRMFPopClient and replaced with calls to CryptoUtil methods.
  Note that the algorithms have been left as DES3.  They will be
  changed to AES in the next patch.
* Converted code in AuthorityKeyExportCLI to use the new methods
  in CryptoUtil.
* Removed DRMTest  this code is no longer maintained or used.

Change-Id: I8f625f0310877dca68f6a01285b6ff4e27e7f34a

7 files changed, 8 insertions, 205 deletions

diff --git a/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java b/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java
index 163d4dd5d..aa4eb30f4 100644
--- a/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java
+++ b/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java
@@ -22,7 +22,8 @@ import java.util.Date;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.MetaInfo;
-import com.netscape.certsrv.security.WrappingParams;
+
+import netscape.security.util.WrappingParams;
 
 /**
  * An interface contains constants for key record.
diff --git a/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java b/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java
index 004fd8aa0..add15cb81 100644
--- a/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java
+++ b/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java
@@ -25,6 +25,8 @@ import org.mozilla.jss.crypto.SymmetricKey;
 
 import com.netscape.certsrv.base.EBaseException;
 
+import netscape.security.util.WrappingParams;
+
 /**
  * An interface represents a encryption unit.
  *
diff --git a/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java b/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java
index 6f6e31201..321c7297f 100644
--- a/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java
+++ b/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java
@@ -26,6 +26,8 @@ import org.mozilla.jss.crypto.SymmetricKey;
 
 import com.netscape.certsrv.base.EBaseException;
 
+import netscape.security.util.WrappingParams;
+
 /**
  * An interface represents a storage key unit. This storage
  * unit contains a storage key pair that is used for
diff --git a/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java b/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java
index c90a12ba1..a951f1850 100644
--- a/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java
+++ b/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java
@@ -26,6 +26,8 @@ import org.mozilla.jss.crypto.SymmetricKey.Type;
 
 import com.netscape.certsrv.base.EBaseException;
 
+import netscape.security.util.WrappingParams;
+
 /**
  * An interface represents the transport key pair.
  * This key pair is used to protected EE's private
diff --git a/base/common/src/com/netscape/certsrv/security/WrappingParams.java b/base/common/src/com/netscape/certsrv/security/WrappingParams.java
deleted file mode 100644
index e1bc83500..000000000
--- a/base/common/src/com/netscape/certsrv/security/WrappingParams.java
+++ /dev/null
@@ -1,193 +0,0 @@
-package com.netscape.certsrv.security;
-
-import java.security.NoSuchAlgorithmException;
-
-import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
-import org.mozilla.jss.crypto.EncryptionAlgorithm;
-import org.mozilla.jss.crypto.IVParameterSpec;
-import org.mozilla.jss.crypto.KeyGenAlgorithm;
-import org.mozilla.jss.crypto.KeyWrapAlgorithm;
-import org.mozilla.jss.crypto.SymmetricKey;
-import org.mozilla.jss.crypto.SymmetricKey.Type;
-
-public class WrappingParams {
-    // session key attributes
-    SymmetricKey.Type skType;
-    KeyGenAlgorithm skKeyGenAlgorithm;
-    int skLength;
-
-    // wrapping algorithm for session key
-    KeyWrapAlgorithm skWrapAlgorithm;
-
-    // Encryption algorithm for payload
-    EncryptionAlgorithm payloadEncryptionAlgorithm;
-
-    //wrapping algorithm for payload
-    KeyWrapAlgorithm payloadWrapAlgorithm;
-
-    // payload encryption IV
-    IVParameterSpec payloadEncryptionIV;
-
-    // payload wrapping IV
-    IVParameterSpec payloadWrappingIV;
-
-    public WrappingParams(Type skType, KeyGenAlgorithm skKeyGenAlgorithm, int skLength,
-            KeyWrapAlgorithm skWrapAlgorithm, EncryptionAlgorithm payloadEncryptionAlgorithm,
-            KeyWrapAlgorithm payloadWrapAlgorithm, IVParameterSpec payloadEncryptIV, IVParameterSpec payloadWrapIV) {
-        super();
-        this.skType = skType;
-        this.skKeyGenAlgorithm = skKeyGenAlgorithm;
-        this.skLength = skLength;
-        this.skWrapAlgorithm = skWrapAlgorithm;
-        this.payloadEncryptionAlgorithm = payloadEncryptionAlgorithm;
-        this.payloadWrapAlgorithm = payloadWrapAlgorithm;
-        this.payloadEncryptionIV = payloadEncryptIV;
-        this.payloadWrappingIV = payloadWrapIV;
-    }
-
-    public WrappingParams() {}
-
-    public WrappingParams(String encryptOID, String wrapName, String priKeyAlgo, IVParameterSpec encryptIV, IVParameterSpec wrapIV)
-            throws NumberFormatException, NoSuchAlgorithmException {
-        EncryptionAlgorithm encrypt = EncryptionAlgorithm.fromOID(new OBJECT_IDENTIFIER(encryptOID));
-
-        KeyWrapAlgorithm wrap = null;
-        if (wrapName != null) {
-            wrap = KeyWrapAlgorithm.fromString(wrapName);
-            this.payloadWrapAlgorithm = wrap;
-        }
-
-        switch (encrypt.getAlg().toString()) {
-        case "AES":
-            // TODO(alee) - Terrible hack till we figure out why GCM is not working
-            // or a way to detect the padding.
-            // We are going to assume AES-128-PAD
-            encrypt = EncryptionAlgorithm.AES_128_CBC_PAD;
-
-            this.skType = SymmetricKey.AES;
-            this.skKeyGenAlgorithm = KeyGenAlgorithm.AES;
-            if (wrap == null) this.payloadWrapAlgorithm = KeyWrapAlgorithm.AES_KEY_WRAP_PAD;
-            break;
-        case "DESede":
-            this.skType = SymmetricKey.DES3;
-            this.skKeyGenAlgorithm = KeyGenAlgorithm.DES3;
-            this.skWrapAlgorithm = KeyWrapAlgorithm.DES3_CBC_PAD;
-            if (wrap == null) this.payloadWrapAlgorithm = KeyWrapAlgorithm.DES3_CBC_PAD;
-            break;
-        case "DES":
-            this.skType = SymmetricKey.DES;
-            this.skKeyGenAlgorithm = KeyGenAlgorithm.DES;
-            this.skWrapAlgorithm = KeyWrapAlgorithm.DES3_CBC_PAD;
-            if (wrap == null) this.payloadWrapAlgorithm = KeyWrapAlgorithm.DES_CBC_PAD;
-            break;
-        default:
-            throw new NoSuchAlgorithmException("Invalid algorithm");
-        }
-
-        this.skLength = encrypt.getKeyStrength();
-        if (priKeyAlgo.equals("EC")) {
-            this.skWrapAlgorithm = KeyWrapAlgorithm.AES_ECB;
-        } else {
-            this.skWrapAlgorithm = KeyWrapAlgorithm.RSA;
-        }
-
-        this.payloadEncryptionAlgorithm = encrypt;
-        this.payloadEncryptionIV = encryptIV;
-        this.payloadWrappingIV = wrapIV;
-    }
-
-    public SymmetricKey.Type getSkType() {
-        return skType;
-    }
-
-    public void setSkType(SymmetricKey.Type skType) {
-        this.skType = skType;
-    }
-
-    public void setSkType(String skTypeName) throws NoSuchAlgorithmException {
-        this.skType = SymmetricKey.Type.fromName(skTypeName);
-    }
-
-    public KeyGenAlgorithm getSkKeyGenAlgorithm() {
-        return skKeyGenAlgorithm;
-    }
-
-    public void setSkKeyGenAlgorithm(KeyGenAlgorithm skKeyGenAlgorithm) {
-        this.skKeyGenAlgorithm = skKeyGenAlgorithm;
-    }
-
-    public void setSkKeyGenAlgorithm(String algName) throws NoSuchAlgorithmException {
-        // JSS mapping is not working.  Lets just do something brain-dead to
-        // handle the cases we expect.
-        if (algName.equalsIgnoreCase("AES")) {
-            this.skKeyGenAlgorithm = KeyGenAlgorithm.AES;
-        } else if (algName.equalsIgnoreCase("DES")) {
-            this.skKeyGenAlgorithm = KeyGenAlgorithm.DES;
-        } else if (algName.equalsIgnoreCase("DESede")) {
-            this.skKeyGenAlgorithm = KeyGenAlgorithm.DES3;
-        } else if (algName.equalsIgnoreCase("DES3")) {
-            this.skKeyGenAlgorithm = KeyGenAlgorithm.DES3;
-        }
-    }
-
-    public int getSkLength() {
-        return skLength;
-    }
-
-    public void setSkLength(int skLength) {
-        this.skLength = skLength;
-    }
-
-    public KeyWrapAlgorithm getSkWrapAlgorithm() {
-        return skWrapAlgorithm;
-    }
-
-    public void setSkWrapAlgorithm(KeyWrapAlgorithm skWrapAlgorithm) {
-        this.skWrapAlgorithm = skWrapAlgorithm;
-    }
-
-    public void setSkWrapAlgorithm(String name) throws NoSuchAlgorithmException {
-        this.skWrapAlgorithm = KeyWrapAlgorithm.fromString(name);
-    }
-
-    public EncryptionAlgorithm getPayloadEncryptionAlgorithm() {
-        return payloadEncryptionAlgorithm;
-    }
-
-    public void setPayloadEncryptionAlgorithm(EncryptionAlgorithm payloadEncryptionAlgorithm) {
-        this.payloadEncryptionAlgorithm = payloadEncryptionAlgorithm;
-    }
-
-    public void setPayloadEncryptionAlgorithm(String algName, String modeName, String paddingName, int keyStrength)
-            throws NoSuchAlgorithmException {
-        this.payloadEncryptionAlgorithm = EncryptionAlgorithm.lookup(algName, modeName, paddingName, keyStrength);
-    }
-
-    public KeyWrapAlgorithm getPayloadWrapAlgorithm() {
-        return payloadWrapAlgorithm;
-    }
-
-    public void setPayloadWrapAlgorithm(KeyWrapAlgorithm payloadWrapAlgorithm) {
-        this.payloadWrapAlgorithm = payloadWrapAlgorithm;
-    }
-
-    public void setPayloadWrapAlgorithm(String name) throws NoSuchAlgorithmException {
-        this.payloadWrapAlgorithm = KeyWrapAlgorithm.fromString(name);
-    }
-
-    public IVParameterSpec getPayloadEncryptionIV() {
-        return payloadEncryptionIV;
-    }
-
-    public void setPayloadEncryptionIV(IVParameterSpec payloadEncryptionIV) {
-        this.payloadEncryptionIV = payloadEncryptionIV;
-    }
-
-    public IVParameterSpec getPayloadWrappingIV() {
-        return payloadWrappingIV;
-    }
-
-    public void setPayloadWrappingIV(IVParameterSpec payloadWrappingIV) {
-        this.payloadWrappingIV = payloadWrappingIV;
-    }
-}
diff --git a/base/common/src/com/netscape/certsrv/util/CryptoProvider.java b/base/common/src/com/netscape/certsrv/util/CryptoProvider.java
index 0ec520580..6746db960 100644
--- a/base/common/src/com/netscape/certsrv/util/CryptoProvider.java
+++ b/base/common/src/com/netscape/certsrv/util/CryptoProvider.java
@@ -44,7 +44,4 @@ public abstract class CryptoProvider {
     public abstract byte[] unwrapWithPassphrase(byte[] wrappedRecoveredKey, String recoveryPassphrase)
             throws Exception;
 
-    public abstract byte[] createPKIArchiveOptions(String transportCert, SymmetricKey secret, String passphrase,
-            String keyAlgorithm, int symKeySize, byte[] nonceData) throws Exception;
-
 }
diff --git a/base/common/src/com/netscape/certsrv/util/NSSCryptoProvider.java b/base/common/src/com/netscape/certsrv/util/NSSCryptoProvider.java
index 423ad68e6..ec9a13407 100644
--- a/base/common/src/com/netscape/certsrv/util/NSSCryptoProvider.java
+++ b/base/common/src/com/netscape/certsrv/util/NSSCryptoProvider.java
@@ -225,14 +225,6 @@ public class NSSCryptoProvider extends CryptoProvider {
     }
 
     @Override
-    public byte[] createPKIArchiveOptions(String transportCert, SymmetricKey secret, String passphrase,
-            String keyAlgorithm, int symKeySize, byte[] nonceData) throws Exception {
-
-        return CryptoUtil.createPKIArchiveOptions(manager, token, transportCert, secret, passphrase,
-                getKeyGenAlgorithm(keyAlgorithm), symKeySize, new IVParameterSpec(nonceData));
-    }
-
-    @Override
     public byte[] wrapWithSessionKey(SymmetricKey secret, SymmetricKey sessionKey, byte[] iv)
             throws Exception {
         return CryptoUtil.wrapUsingSymmetricKey(