diff options
| author | Abhishek Koneru <akoneru@redhat.com> | 2014-07-24 11:20:12 -0400 |
|---|---|---|
| committer | Abhishek Koneru <akoneru@redhat.com> | 2014-08-27 01:15:35 -0400 |
| commit | 6444287caa2ad171086d0ce9d93761a897247e06 (patch) | |
| tree | 86e13cafc3f7b866be86b21cf0d96e401d0b9f01 /base/common | |
| parent | 8e464b6ba5d83d7915978db5841967f20672dfd0 (diff) | |
| download | pki-6444287caa2ad171086d0ce9d93761a897247e06.tar.gz pki-6444287caa2ad171086d0ce9d93761a897247e06.tar.xz pki-6444287caa2ad171086d0ce9d93761a897247e06.zip | |
Generate asymmetric keys in the DRM.
Adds methods to key client to generate asymmetric keys using
algorithms RSA and DSA for a valid key sizes of 512, 1024, 2048,4096.
The generated keys are archived in the database.
Using the CLI, the public key(base64 encoded) can be retrieved by using
the key-show command.
The private key(base64 encoded) can be retrieved using the key-retrieve
command.
Ticket #1023
Diffstat (limited to 'base/common')
9 files changed, 442 insertions, 113 deletions
diff --git a/base/common/python/pki/key.py b/base/common/python/pki/key.py index af34a7ff4..0be438a28 100644 --- a/base/common/python/pki/key.py +++ b/base/common/python/pki/key.py @@ -105,7 +105,7 @@ class KeyInfo(object): json_attribute_names = { 'clientKeyID': 'client_key_id', 'keyURL': 'key_url', - 'ownerName': 'owner_name' + 'ownerName': 'owner_name', 'publicKey': 'public_key' } # pylint: disable-msg=C0103 @@ -117,6 +117,7 @@ class KeyInfo(object): self.status = None self.owner_name = None self.size = None + self.public_key = None @classmethod def from_json(cls, attr_list): @@ -127,6 +128,8 @@ class KeyInfo(object): setattr(key_info, KeyInfo.json_attribute_names[k], v) else: setattr(key_info, k, v) + if key_info.public_key is not None: + key_info.public_key = base64.decodestring(key_info.public_key) return key_info def get_key_id(self): @@ -339,7 +342,7 @@ class KeyRecoveryRequest(pki.ResourceMessage): class SymKeyGenerationRequest(pki.ResourceMessage): """ Class representing the data sent to the DRM when generating and archiving - a symmetric key on the DRM. + a symmetric key in the DRM. """ UNWRAP_USAGE = "unwrap" @@ -363,6 +366,36 @@ class SymKeyGenerationRequest(pki.ResourceMessage): self.add_attribute("transWrappedSessionKey", trans_wrapped_session_key) +class AsymKeyGenerationRequest(pki.ResourceMessage): + + """ + Class representing the data sent to the DRM when generating and archiving + asymmetric keys in the DRM. + """ + UNWRAP_USAGE = "unwrap" + WRAP_USAGE = "wrap" + VERIFY_USAGE = "verify" + VERIFY_RECOVER_USAGE = "verify_recover" + SIGN_USAGE = "sign" + SIGN_RECOVER_USAGE = "sign_recover" + DECRYPT_USAGE = "decrypt" + ENCRYPT_USAGE = "encrypt" + DERIVE_USAGE = "derive" + + def __init__(self, client_key_id=None, key_size=None, key_algorithm=None, + key_usages=None, trans_wrapped_session_key=None): + """ Constructor """ + pki.ResourceMessage.__init__( + self, + "com.netscape.certsrv.key.AsymKeyGenerationRequest") + key_usages = key_usages or [] + self.add_attribute("clientKeyID", client_key_id) + self.add_attribute("keySize", key_size) + self.add_attribute("keyAlgorithm", key_algorithm) + self.add_attribute("keyUsage", ','.join(key_usages)) + self.add_attribute("transWrappedSessionKey", trans_wrapped_session_key) + + class KeyClient(object): """ Class that encapsulates and mirrors the functions in the KeyResource @@ -383,6 +416,10 @@ class KeyClient(object): RC4_ALGORITHM = "RC4" AES_ALGORITHM = "AES" + # Asymmetric Key Algorithms + RSA_ALGORITHM = "RSA" + DSA_ALGORITHM = "DSA" + #default session key wrapping algorithm DES_EDE3_CBC_OID = "{1 2 840 113549 3 7}" @@ -509,12 +546,13 @@ class KeyClient(object): self.connection.post(url, None, self.headers) @pki.handle_exceptions() - def create_request(self, request): + def submit_request(self, request): """ Submit an archival, recovery or key generation request to the DRM. @param request - is either a KeyArchivalRequest, - KeyRecoverRequest or SymKeyGenerationRequest. + KeyRecoverRequest, SymKeyGenerationRequest or + AsymKeyGenerationRequest. returns a KeyRequestResponse object. """ @@ -558,7 +596,57 @@ class KeyClient(object): key_size=size, key_algorithm=algorithm, key_usages=usages) - return self.create_request(request) + return self.submit_request(request) + + @pki.handle_exceptions() + def generate_asymmetric_key(self, client_key_id, algorithm=None, + key_size=None, usages=None, + trans_wrapped_session_key=None): + """ Generate and archive asymmetric keys in the DRM. + Supports algorithms RSA and DSA. + Valid key size for RSA = 256 + (16 * n), where n: 0-496 + Valid key size for DSA = 512, 768, 1024. p,q,g params are not + supported. + + Return a KeyRequestResponse which contains a KeyRequestInfo + object that describes the URL for the request and generated keys. + + """ + if client_key_id is None: + raise TypeError("Must specify Client Key ID") + + if str(algorithm).upper() not in \ + [self.RSA_ALGORITHM, self.DSA_ALGORITHM]: + raise TypeError("Only RSA and DSA algorithms are supported.") + + # For generating keys using the RSA algorithm, the valid range of key + # sizes is: + # 256 + 16 * n, where 0 <= n <= 1008 + # When using DSA, the current supported values are 512, 768, 1024 + + if algorithm == self.RSA_ALGORITHM: + if key_size < 256: + raise ValueError("Invalid key size specified.") + if ((key_size-256) % 16) != 0: + raise ValueError("Invalid key size specified.") + if algorithm == self.DSA_ALGORITHM: + if key_size not in [512, 768, 1024]: + raise ValueError("Invalid key size specified.") + + if trans_wrapped_session_key is not None: + raise NotImplementedError( + "Returning the asymmetric keys in the same call is not yet " + "implemented.") + + request = AsymKeyGenerationRequest( + client_key_id=client_key_id, + key_size=key_size, + key_algorithm=algorithm, + key_usages=usages, + trans_wrapped_session_key=trans_wrapped_session_key + ) + + return self.submit_request(request) @pki.handle_exceptions() def archive_key(self, client_key_id, data_type, private_data, @@ -666,7 +754,7 @@ class KeyClient(object): key_algorithm=key_algorithm, key_size=key_size) - return self.create_request(request) + return self.submit_request(request) @pki.handle_exceptions() def archive_pki_options(self, client_key_id, data_type, pki_archive_options, @@ -701,7 +789,7 @@ class KeyClient(object): pki_archive_options=data, key_algorithm=key_algorithm, key_size=key_size) - return self.create_request(request) + return self.submit_request(request) @pki.handle_exceptions() def recover_key(self, key_id, request_id=None, @@ -729,7 +817,7 @@ class KeyClient(object): session_wrapped_passphrase=session_wrapped_passphrase, certificate=b64certificate, nonce_data=nonce_data) - return self.create_request(request) + return self.submit_request(request) @pki.handle_exceptions() def retrieve_key_data(self, data): @@ -770,9 +858,10 @@ class KeyClient(object): 1) trans_wrapped_session_key is not provided by caller. - In this case, the function will call CryptoProvider methods to generate and - wrap the session key. The function will return the KeyData object with - a private_data attribute which stores the unwrapped key information. + In this case, the function will call CryptoProvider methods to generate + and wrap the session key. The function will return the KeyData object + with a private_data attribute which stores the unwrapped key + information. 2) The trans_wrapped_session_key is provided by the caller. @@ -833,8 +922,8 @@ class KeyClient(object): 1) A passphrase is provided by the caller. - In this case, CryptoProvider methods will be called to create the data to - securely send the passphrase to the DRM. Basically, three pieces of + In this case, CryptoProvider methods will be called to create the data + to securely send the passphrase to the DRM. Basically, three pieces of data will be sent: - the passphrase wrapped by a 168 bit 3DES symmetric key (the session @@ -894,6 +983,7 @@ encoder.NOTYPES['KeyArchivalRequest'] = KeyArchivalRequest encoder.NOTYPES['KeyRecoveryRequest'] = KeyRecoveryRequest encoder.NOTYPES['ResourceMessage'] = pki.ResourceMessage encoder.NOTYPES['SymKeyGenerationRequest'] = SymKeyGenerationRequest +encoder.NOTYPES['AsymKeyGenerationRequest'] = AsymKeyGenerationRequest def main(): diff --git a/base/common/src/com/netscape/certsrv/base/ResourceMessage.java b/base/common/src/com/netscape/certsrv/base/ResourceMessage.java index 34d7c2b11..1214b45fb 100644 --- a/base/common/src/com/netscape/certsrv/base/ResourceMessage.java +++ b/base/common/src/com/netscape/certsrv/base/ResourceMessage.java @@ -26,6 +26,7 @@ import javax.xml.bind.annotation.XmlValue; import javax.xml.bind.annotation.adapters.XmlAdapter; import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import com.netscape.certsrv.key.AsymKeyGenerationRequest; import com.netscape.certsrv.key.KeyArchivalRequest; import com.netscape.certsrv.key.KeyRecoveryRequest; import com.netscape.certsrv.key.SymKeyGenerationRequest; @@ -33,8 +34,9 @@ import com.netscape.certsrv.key.SymKeyGenerationRequest; /** * @author Ade Lee */ -@XmlRootElement(name="ResourceMessage") -@XmlSeeAlso({KeyArchivalRequest.class, KeyRecoveryRequest.class, SymKeyGenerationRequest.class, PKIException.Data.class}) +@XmlRootElement(name = "ResourceMessage") +@XmlSeeAlso({ KeyArchivalRequest.class, KeyRecoveryRequest.class, SymKeyGenerationRequest.class, + PKIException.Data.class, AsymKeyGenerationRequest.class }) @XmlAccessorType(XmlAccessType.NONE) public class ResourceMessage { @@ -46,7 +48,7 @@ public class ResourceMessage { } public ResourceMessage(MultivaluedMap<String, String> form) { - for (Map.Entry<String, List<String>> entry: form.entrySet()) { + for (Map.Entry<String, List<String>> entry : form.entrySet()) { attributes.put(entry.getKey(), entry.getValue().get(0)); } } diff --git a/base/common/src/com/netscape/certsrv/key/AsymKeyGenerationRequest.java b/base/common/src/com/netscape/certsrv/key/AsymKeyGenerationRequest.java new file mode 100644 index 000000000..867c06acf --- /dev/null +++ b/base/common/src/com/netscape/certsrv/key/AsymKeyGenerationRequest.java @@ -0,0 +1,115 @@ +//--- BEGIN COPYRIGHT BLOCK --- +//This program is free software; you can redistribute it and/or modify +//it under the terms of the GNU General Public License as published by +//the Free Software Foundation; version 2 of the License. +// +//This program is distributed in the hope that it will be useful, +//but WITHOUT ANY WARRANTY; without even the implied warranty of +//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +//GNU General Public License for more details. +// +//You should have received a copy of the GNU General Public License along +//with this program; if not, write to the Free Software Foundation, Inc., +//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +//(C) 2014 Red Hat, Inc. +//All rights reserved. +//--- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.key; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + +import javax.ws.rs.core.MultivaluedMap; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; + +import org.apache.commons.lang.StringUtils; + +import com.netscape.certsrv.base.ResourceMessage; + +@XmlRootElement(name = "AsymKeyGenerationRequest") +@XmlAccessorType(XmlAccessType.FIELD) +public class AsymKeyGenerationRequest extends KeyGenerationRequest { + + // Asymmetric Key Usages + public static final String ENCRYPT = "encrypt"; + public static final String DECRYPT = "decrypt"; + public static final String SIGN = "sign"; + public static final String SIGN_RECOVER = "sign_recover"; + public static final String VERIFY = "verify"; + public static final String VERIFY_RECOVER = "verify_recover"; + public static final String WRAP = "wrap"; + public static final String UNWRAP = "unwrap"; + public static final String DERIVE = "derive"; + + public AsymKeyGenerationRequest() { + // required for JAXB (defaults) + setClassName(getClass().getName()); + } + + public AsymKeyGenerationRequest(MultivaluedMap<String, String> form) { + attributes.put(CLIENT_KEY_ID, form.getFirst(CLIENT_KEY_ID)); + attributes.put(KEY_SIZE, form.getFirst(KEY_SIZE)); + attributes.put(KEY_ALGORITHM, form.getFirst(KEY_ALGORITHM)); + attributes.put(KEY_USAGE, form.getFirst(KEY_USAGE)); + attributes.put(TRANS_WRAPPED_SESSION_KEY, form.getFirst(TRANS_WRAPPED_SESSION_KEY)); + + String usageString = attributes.get(KEY_USAGE); + if (!StringUtils.isBlank(usageString)) { + setUsages(new ArrayList<String>(Arrays.asList(usageString.split(",")))); + } + setClassName(getClass().getName()); + } + + public AsymKeyGenerationRequest(ResourceMessage data) { + attributes.putAll(data.getAttributes()); + setClassName(getClass().getName()); + } + + public String toString() { + try { + return ResourceMessage.marshal(this, AsymKeyGenerationRequest.class); + } catch (Exception e) { + return super.toString(); + } + } + + public static AsymKeyGenerationRequest valueOf(String string) throws Exception { + try { + return ResourceMessage.unmarshal(string, AsymKeyGenerationRequest.class); + } catch (Exception e) { + return null; + } + } + + public static List<String> getValidUsagesList() { + List<String> list = new ArrayList<String>(); + list.add(DERIVE); + list.add(SIGN); + list.add(DECRYPT); + list.add(ENCRYPT); + list.add(WRAP); + list.add(UNWRAP); + list.add(SIGN_RECOVER); + list.add(VERIFY); + list.add(VERIFY_RECOVER); + + return list; + } + + public static void main(String[] args) { + AsymKeyGenerationRequest request = new AsymKeyGenerationRequest(); + request.setKeyAlgorithm(KeyRequestResource.RSA_ALGORITHM); + request.setKeySize(1024); + request.setClientKeyId("vek12345"); + List<String> usages = new ArrayList<String>(); + usages.add(AsymKeyGenerationRequest.ENCRYPT); + usages.add(AsymKeyGenerationRequest.DECRYPT); + request.setUsages(usages); + + System.out.println(request.toString()); + } +} diff --git a/base/common/src/com/netscape/certsrv/key/KeyClient.java b/base/common/src/com/netscape/certsrv/key/KeyClient.java index 9363a6a8c..262a33d8f 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyClient.java +++ b/base/common/src/com/netscape/certsrv/key/KeyClient.java @@ -249,11 +249,11 @@ public class KeyClient extends Client { * @param data -- A KeyArchivalRequest/KeyRecoveryRequest/SymKeyGenerationRequest object * @return A KeyRequestResponse object */ - private KeyRequestResponse createRequest(ResourceMessage request) { + private KeyRequestResponse submitRequest(ResourceMessage request) { if (request == null) { throw new IllegalArgumentException("A Request object must be specified."); } - Response response = keyRequestClient.createRequest(request); + Response response = keyRequestClient.submitRequest(request); return client.getEntity(response, KeyRequestResponse.class); } @@ -296,7 +296,7 @@ public class KeyClient extends Client { data.setCertificate(b64Certificate); } - return createRequest(data); + return submitRequest(data); } /** @@ -612,7 +612,7 @@ public class KeyClient extends Client { data.setWrappedPrivateData(req1); data.setTransWrappedSessionKey(Utils.base64encode(transWrappedSessionKey)); - return createRequest(data); + return submitRequest(data); } /** @@ -653,15 +653,15 @@ public class KeyClient extends Client { String options = Utils.base64encode(pkiArchiveOptions); data.setPKIArchiveOptions(options); - return createRequest(data); + return submitRequest(data); } /** - * Generate and archive a symmetric key on the DRM. + * Generate and archive a symmetric key in the DRM. * * @param clientKeyId -- Client Key Identifier * @param keyAlgorithm -- Algorithm to be used to generate the key - * @param keySize -- Strength of the algorithm + * @param keySize -- Strength of the keys * @param usages -- Usages of the generated key. * @return a KeyRequestResponse which contains a KeyRequestInfo * object that describes the URL for the request and generated key. @@ -687,6 +687,66 @@ public class KeyClient extends Client { data.setUsages(usages); data.setTransWrappedSessionKey(transWrappedSessionKey); - return createRequest(data); + return submitRequest(data); + } + + /** + * Generate and archive an asymmetric keys in the DRM + * + * @param clientKeyId -- Client Key Identifier + * @param keyAlgorithm -- Algorithm to be used to generate the asymmetric keys + * @param keySize -- Strength of the keys + * @param usages + * @param transWrappedSessionKey + * @return + */ + public KeyRequestResponse generateAsymmetricKey(String clientKeyId, String keyAlgorithm, int keySize, + List<String> usages, byte[] transWrappedSessionKey) { + + if (clientKeyId == null) { + throw new IllegalArgumentException("Client Key Identifier must be specified."); + } + + //Validate the usages list + List<String> validUsages = AsymKeyGenerationRequest.getValidUsagesList(); + if (usages != null) { + for (String usage : usages) { + if (!validUsages.contains(usage)) { + throw new IllegalArgumentException("Invalid usage \"" + usage + "\" specified."); + } + } + } + if (!(keyAlgorithm.equals(KeyRequestResource.RSA_ALGORITHM) || keyAlgorithm + .equals(KeyRequestResource.DSA_ALGORITHM))) { + throw new IllegalArgumentException("Unsupported algorithm specified."); + } + + /* + * For RSA, JSS accepts key sizes that fall in this set of values: + * {256 + (16 * n), where 0 <= n <= 1008 + * + * For DSA, JSS accepts key sizes 512, 768, 1024 only when there are no p,q,g params specified. + */ + if (keyAlgorithm.equals(KeyRequestResource.RSA_ALGORITHM)) { + if (keySize >= 256) { + if ((keySize - 256) % 16 != 0) { + throw new IllegalArgumentException("Invalid key size specified."); + } + } else { + throw new IllegalArgumentException("Invalid key size specified."); + } + } else if (keyAlgorithm.equals(KeyRequestResource.DSA_ALGORITHM)) { + if (keySize != 512 && keySize != 768 && keySize != 1024) { + throw new IllegalArgumentException("Invalid key size specified."); + } + } + AsymKeyGenerationRequest data = new AsymKeyGenerationRequest(); + data.setClientKeyId(clientKeyId); + data.setKeyAlgorithm(keyAlgorithm); + data.setKeySize(keySize); + data.setUsages(usages); + data.setTransWrappedSessionKey(Utils.base64encode(transWrappedSessionKey)); + + return submitRequest(data); } } diff --git a/base/common/src/com/netscape/certsrv/key/KeyGenerationRequest.java b/base/common/src/com/netscape/certsrv/key/KeyGenerationRequest.java new file mode 100644 index 000000000..ed36b6d9d --- /dev/null +++ b/base/common/src/com/netscape/certsrv/key/KeyGenerationRequest.java @@ -0,0 +1,125 @@ +//--- BEGIN COPYRIGHT BLOCK --- +//This program is free software; you can redistribute it and/or modify +//it under the terms of the GNU General Public License as published by +//the Free Software Foundation; version 2 of the License. +// +//This program is distributed in the hope that it will be useful, +//but WITHOUT ANY WARRANTY; without even the implied warranty of +//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +//GNU General Public License for more details. +// +//You should have received a copy of the GNU General Public License along +//with this program; if not, write to the Free Software Foundation, Inc., +//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +//(C) 2014 Red Hat, Inc. +//All rights reserved. +//--- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.key; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + +import org.apache.commons.lang.StringUtils; + +import com.netscape.certsrv.base.ResourceMessage; + +/** + * Class to define the common attributes and methods used by + * SymKeyGenerationRequest and AsymKeyGenerationRequest + * @author akoneru + * + */ +public class KeyGenerationRequest extends ResourceMessage{ + + protected static final String CLIENT_KEY_ID = "clientKeyID"; + protected static final String KEY_SIZE = "keySize"; + protected static final String KEY_ALGORITHM = "keyAlgorithm"; + protected static final String KEY_USAGE = "keyUsage"; + protected static final String TRANS_WRAPPED_SESSION_KEY = "transWrappedSessionKey"; + + + public List<String> getUsages() { + String usageString = attributes.get(KEY_USAGE); + if (!StringUtils.isBlank(usageString)) { + return new ArrayList<String>(Arrays.asList(usageString.split(","))); + } + return new ArrayList<String>(); + } + + public void setUsages(List<String> usages) { + attributes.put(KEY_USAGE, StringUtils.join(usages, ",")); + } + + public void addUsage(String usage) { + List<String> usages = getUsages(); + for (String u : usages) { + if (u.equals(usage)) + return; + } + usages.add(usage); + setUsages(usages); + } + + /** + * @return the clientKeyId + */ + public String getClientKeyId() { + return attributes.get(CLIENT_KEY_ID); + } + + /** + * @param clientKeyId the clientKeyId to set + */ + public void setClientKeyId(String clientKeyId) { + attributes.put(CLIENT_KEY_ID, clientKeyId); + } + + /** + * @return the keySize + */ + public Integer getKeySize() { + try { + return new Integer(attributes.get(KEY_SIZE)); + } catch (NumberFormatException e) { + return null; + } + } + + /** + * @param keySize the key size to set + */ + public void setKeySize(Integer keySize) { + attributes.put(KEY_SIZE, keySize.toString()); + } + + /** + * @return the keyAlgorithm + */ + public String getKeyAlgorithm() { + return attributes.get(KEY_ALGORITHM); + } + + /** + * @param keyAlgorithm the key algorithm to set + */ + public void setKeyAlgorithm(String keyAlgorithm) { + attributes.put(KEY_ALGORITHM, keyAlgorithm); + } + + /** + * @return the transWrappedSessionKey + */ + public String getTransWrappedSessionKey() { + return attributes.get(TRANS_WRAPPED_SESSION_KEY); + } + + /** + * @param transWrappedSessionKey the wrapped seesion key to set + */ + public void setTransWrappedSessionKey(String transWrappedSessionKey) { + attributes.put(TRANS_WRAPPED_SESSION_KEY, transWrappedSessionKey); + } + +} diff --git a/base/common/src/com/netscape/certsrv/key/KeyInfo.java b/base/common/src/com/netscape/certsrv/key/KeyInfo.java index 10da545d8..71a858e6b 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyInfo.java +++ b/base/common/src/com/netscape/certsrv/key/KeyInfo.java @@ -54,6 +54,9 @@ public class KeyInfo { @XmlElement protected String ownerName; + @XmlElement + protected String publicKey; + public KeyInfo() { // required for JAXB (defaults) } @@ -125,4 +128,12 @@ public class KeyInfo { public void setOwnerName(String ownerName) { this.ownerName = ownerName; } + + public String getPublicKey() { + return publicKey; + } + + public void setPublicKey(String publicKey) { + this.publicKey = publicKey; + } } diff --git a/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java b/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java index fb82afe19..768127e42 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java +++ b/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java @@ -35,6 +35,11 @@ public interface KeyRequestResource { public static final String RC4_ALGORITHM = "RC4"; public static final String AES_ALGORITHM = "AES"; + // Asymmetric Key algorithms + public final static String RSA_ALGORITHM = "RSA"; + public final static String DSA_ALGORITHM = "DSA"; + public final static String EC_ALGORITHM = "EC"; // Not supported yet. + /** * Used to generate list of key requests based on the search parameters */ @@ -51,11 +56,11 @@ public interface KeyRequestResource { @POST @ClientResponseType(entityType=KeyRequestResponse.class) @Consumes({ MediaType.APPLICATION_FORM_URLENCODED}) - public Response createRequest(MultivaluedMap<String, String> form); + public Response submitRequest(MultivaluedMap<String, String> form); @POST @ClientResponseType(entityType=KeyRequestResponse.class) - public Response createRequest(ResourceMessage data); + public Response submitRequest(ResourceMessage data); /** * Used to retrieve key request info for a specific request diff --git a/base/common/src/com/netscape/certsrv/key/SymKeyGenerationRequest.java b/base/common/src/com/netscape/certsrv/key/SymKeyGenerationRequest.java index a2440d7cb..7f65d0e59 100644 --- a/base/common/src/com/netscape/certsrv/key/SymKeyGenerationRequest.java +++ b/base/common/src/com/netscape/certsrv/key/SymKeyGenerationRequest.java @@ -19,13 +19,7 @@ import com.netscape.certsrv.base.ResourceMessage; */ @XmlRootElement(name = "SymKeyGenerationRequest") @XmlAccessorType(XmlAccessType.FIELD) -public class SymKeyGenerationRequest extends ResourceMessage { - - private static final String CLIENT_KEY_ID = "clientKeyID"; - private static final String KEY_SIZE = "keySize"; - private static final String KEY_ALGORITHM = "keyAlgorithm"; - private static final String KEY_USAGE = "keyUsage"; - private static final String TRANS_WRAPPED_SESSION_KEY = "transWrappedSessionKey"; +public class SymKeyGenerationRequest extends KeyGenerationRequest { /* Symmetric Key usages */ public static final String UWRAP_USAGE = "unwrap"; @@ -35,28 +29,6 @@ public class SymKeyGenerationRequest extends ResourceMessage { public static final String DECRYPT_USAGE = "decrypt"; public static final String ENCRYPT_USAGE = "encrypt"; - public List<String> getUsages() { - String usageString = attributes.get(KEY_USAGE); - if (!StringUtils.isBlank(usageString)) { - return new ArrayList<String>(Arrays.asList(usageString.split(","))); - } - return new ArrayList<String>(); - } - - public void setUsages(List<String> usages) { - attributes.put(KEY_USAGE, StringUtils.join(usages, ",")); - } - - public void addUsage(String usage) { - List<String> usages = getUsages(); - for (String u : usages) { - if (u.equals(usage)) - return; - } - usages.add(usage); - setUsages(usages); - } - public SymKeyGenerationRequest() { // required for JAXB (defaults) setClassName(getClass().getName()); @@ -82,59 +54,6 @@ public class SymKeyGenerationRequest extends ResourceMessage { } /** - * @return the clientKeyId - */ - public String getClientKeyId() { - return attributes.get(CLIENT_KEY_ID); - } - - /** - * @param clientKeyId the clientKeyId to set - */ - public void setClientKeyId(String clientKeyId) { - attributes.put(CLIENT_KEY_ID, clientKeyId); - } - - /** - * @return the keySize - */ - public Integer getKeySize() { - try { - return new Integer(attributes.get(KEY_SIZE)); - } catch (NumberFormatException e) { - return null; - } - } - - /** - * @param keySize the key size to set - */ - public void setKeySize(Integer keySize) { - attributes.put(KEY_SIZE, keySize.toString()); - } - - /** - * @return the keyAlgorithm - */ - public String getKeyAlgorithm() { - return attributes.get(KEY_ALGORITHM); - } - - /** - * @param keyAlgorithm the key algorithm to set - */ - public void setKeyAlgorithm(String keyAlgorithm) { - attributes.put(KEY_ALGORITHM, keyAlgorithm); - } - - /** - * @return the transWrappedSessionKey - */ - public String getTransWrappedSessionKey() { - return attributes.get(TRANS_WRAPPED_SESSION_KEY); - } - - /** * @param transWrappedSessionKey the wrapped seesion key to set */ public void setTransWrappedSessionKey(String transWrappedSessionKey) { diff --git a/base/common/src/com/netscape/certsrv/request/IRequest.java b/base/common/src/com/netscape/certsrv/request/IRequest.java index 885cb72a6..8d4ec98fb 100644 --- a/base/common/src/com/netscape/certsrv/request/IRequest.java +++ b/base/common/src/com/netscape/certsrv/request/IRequest.java @@ -169,12 +169,14 @@ public interface IRequest extends Serializable { public static final String SECURITY_DATA_SESS_WRAPPED_DATA = "sessWrappedSecData"; public static final String SECURITY_DATA_PASS_WRAPPED_DATA = "passPhraseWrappedData"; - // symkey generation request attributes + // key generation request attributes + public static final String ASYMKEY_GENERATION_REQUEST = "asymkeyGenRequest"; public static final String SYMKEY_GENERATION_REQUEST = "symkeyGenRequest"; - public static final String SYMKEY_GEN_ALGORITHM = "symkeyGenAlgorithm"; - public static final String SYMKEY_GEN_SIZE = "symkeyGenSize"; - public static final String SYMKEY_GEN_USAGES = "symkeyGenUsages"; - public static final String SYMKEY_TRANS_WRAPPED_SESSION_KEY = "transWrappedSessionKey"; + + public static final String KEY_GEN_ALGORITHM = "keyGenAlgorithm"; + public static final String KEY_GEN_SIZE = "keyGenSize"; + public static final String KEY_GEN_USAGES = "keyGenUsages"; + public static final String KEY_GEN_TRANS_WRAPPED_SESSION_KEY = "transWrappedSessionKey"; // requestor type values. public static final String REQUESTOR_EE = "EE"; |