Make sure generated asym keys are extractable

In HSMs, we were not able to retrieve asym keys that were generated from the AsymKeyGenService, because the right flags were not set (ie. set like in the server side keygen case). To do this, I extracted the key generation function from NetKeygenService to KeyRecoveryAuthority, so that it could be used by both services. Bugzilla BZ# 1386303 Change-Id: I13b5f4b602217a685acada94091e91df75e25eff
author: Ade Lee <alee@redhat.com> 2017-05-01 15:56:58 -0400
committer: Ade Lee <alee@redhat.com> 2017-05-06 10:06:27 -0400
commit: f84bfab30647ae1492fcdca0a026bfa4d91350c9 (patch)
tree: faeed0006dcc71a9d068241b1b2f56e0b83d45be /base/common/src
parent: f26b3aaee1cf36941f387b464b937ffee1403048 (diff)
download: pki-f84bfab30647ae1492fcdca0a026bfa4d91350c9.tar.gz
pki-f84bfab30647ae1492fcdca0a026bfa4d91350c9.tar.xz
pki-f84bfab30647ae1492fcdca0a026bfa4d91350c9.zip
1 files changed, 17 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java b/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java
index a12d7738d..4f709e9af 100644
--- a/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java
+++ b/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java
@@ -17,12 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.kra;
 
+import java.security.KeyPair;
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
 
 import org.dogtagpki.legacy.policy.IPolicyProcessor;
 import org.mozilla.jss.crypto.CryptoToken;
+import org.mozilla.jss.crypto.KeyPairGeneratorSpi;
+import org.mozilla.jss.crypto.PQGParams;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.ISubsystem;
@@ -337,4 +340,18 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
      * @return
      */
     public boolean isRetrievalSynchronous(String realm);
+
+    /**
+     * Generate an asymmetric key pair.
+     *
+     * @param alg
+     * @param keySize
+     * @param keyCurve
+     * @param pqg
+     * @param usageList - RSA only for now
+     * @return key pair
+     * @throws EBaseException
+     */
+    public KeyPair generateKeyPair(String alg, int keySize, String keyCurve,
+            PQGParams pqg, KeyPairGeneratorSpi.Usage[] usageList) throws EBaseException;
 }
author	Ade Lee <alee@redhat.com>	2017-05-01 15:56:58 -0400
committer	Ade Lee <alee@redhat.com>	2017-05-06 10:06:27 -0400
commit	f84bfab30647ae1492fcdca0a026bfa4d91350c9 (patch)
tree	faeed0006dcc71a9d068241b1b2f56e0b83d45be /base/common/src
parent	f26b3aaee1cf36941f387b464b937ffee1403048 (diff)
download	pki-f84bfab30647ae1492fcdca0a026bfa4d91350c9.tar.gz pki-f84bfab30647ae1492fcdca0a026bfa4d91350c9.tar.xz pki-f84bfab30647ae1492fcdca0a026bfa4d91350c9.zip