diff options
author | Abhishek Koneru <akoneru@redhat.com> | 2014-03-27 04:14:01 -0400 |
---|---|---|
committer | Abhishek Koneru <akoneru@redhat.com> | 2014-03-31 03:01:28 -0400 |
commit | 86f4022cc0598353d16901fa2d1ef90f474baaca (patch) | |
tree | afd5728380709c6bce5c1141bcf67186bb0badde /base/kra/functional | |
parent | a75e0f80e79804e36e5d0a67039bbe89c26807e4 (diff) | |
download | pki-86f4022cc0598353d16901fa2d1ef90f474baaca.tar.gz pki-86f4022cc0598353d16901fa2d1ef90f474baaca.tar.xz pki-86f4022cc0598353d16901fa2d1ef90f474baaca.zip |
Refactoring KeyClient class and crypto classes.
Diffstat (limited to 'base/kra/functional')
-rw-r--r-- | base/kra/functional/drmtest.py | 22 | ||||
-rw-r--r-- | base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java | 87 |
2 files changed, 52 insertions, 57 deletions
diff --git a/base/kra/functional/drmtest.py b/base/kra/functional/drmtest.py index 268c50913..b6fa18dcb 100644 --- a/base/kra/functional/drmtest.py +++ b/base/kra/functional/drmtest.py @@ -54,14 +54,14 @@ def print_key_info(key_info): print "Owner Name: " + str(key_info.ownerName) print "Size: " + str(key_info.size) -def print_key_data(key_data): +def print_key_data(key): ''' Prints the relevant fields of a KeyData object ''' - print "Key Algorithm: " + str(key_data.algorithm) - print "Key Size: " + str(key_data.size) - print "Nonce Data: " + base64.encodestring(key_data.nonceData) - print "Wrapped Private Data: " + base64.encodestring(key_data.wrappedPrivateData) - if key_data.private_data is not None: - print "Private Data: " + base64.encodestring(key_data.private_data) + print "Key Algorithm: " + str(key.algorithm) + print "Key Size: " + str(key.size) + print "Nonce Data: " + base64.encodestring(key.nonce_data) + print "Wrapped Private Data: " + base64.encodestring(key.encrypted_data) + if key.data is not None: + print "Private Data: " + base64.encodestring(key.data) def main(): ''' test code execution ''' @@ -139,15 +139,15 @@ def main(): print "My key id is " + str(key_id) key_data = keyclient.retrieve_key(key_id, trans_wrapped_session_key=wrapped_session_key) print_key_data(key_data) - unwrapped_key = crypto.symmetric_unwrap(key_data.wrappedPrivateData, + unwrapped_key = crypto.symmetric_unwrap(key_data.encrypted_data, session_key, - nonce_iv=key_data.nonceData) + nonce_iv=key_data.nonce_data) key1 = base64.encodestring(unwrapped_key) # Test 7: Recover key without providing trans_wrapped_session_key key_data = keyclient.retrieve_key(key_id) print_key_data(key_data) - key2 = base64.encodestring(key_data.private_data) + key2 = base64.encodestring(key_data.data) # Test 8 - Confirm that keys returned are the same if key1 == key2: @@ -233,7 +233,7 @@ def main(): key_data = keyclient.retrieve_key(key_info.get_key_id()) print_key_data(key_data) - key2 = base64.encodestring(key_data.private_data) + key2 = base64.encodestring(key_data.data) if key1 == key2: print "Success: archived and recovered keys match" diff --git a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java index 3fc2984a9..cb80039b7 100644 --- a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java +++ b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java @@ -40,8 +40,8 @@ import com.netscape.certsrv.cert.CertData; import com.netscape.certsrv.client.ClientConfig; import com.netscape.certsrv.client.PKIClient; import com.netscape.certsrv.dbs.keydb.KeyId; +import com.netscape.certsrv.key.Key; import com.netscape.certsrv.key.KeyClient; -import com.netscape.certsrv.key.KeyData; import com.netscape.certsrv.key.KeyInfo; import com.netscape.certsrv.key.KeyRequestInfo; import com.netscape.certsrv.key.KeyRequestInfoCollection; @@ -148,13 +148,13 @@ public class DRMTest { String passphrase = null; // Session keys and passphrases for recovery - SymmetricKey recoveryKey = null; + SymmetricKey sessionKey = null; byte[] wrappedRecoveryKey = null; String recoveryPassphrase = null; byte[] wrappedRecoveryPassphrase = null; // retrieved data (should match archived data) - String wrappedRecoveredKey = null; + byte[] encryptedData = null; String recoveredKey = null; // various ids used in recovery/archival operations @@ -164,7 +164,7 @@ public class DRMTest { // Variables for data structures from calls KeyRequestResponse requestResponse = null; - KeyData keyData = null; + Key keyData = null; KeyInfo keyInfo = null; // Initialize token @@ -239,15 +239,14 @@ public class DRMTest { clientKeyId = "UUID: 123-45-6789 VEK " + Calendar.getInstance().getTime().toString(); try { vek = nssCrypto.generateSessionKey(); - byte[] encoded = CryptoUtil.createPKIArchiveOptions(nssCrypto.getManager(), nssCrypto.getToken(), - transportCert, vek, null, - KeyGenAlgorithm.DES3, 0, new IVParameterSpec(iv)); + byte[] encoded = nssCrypto.createPKIArchiveOptions(transportCert, vek, null, + KeyRequestResource.DES3_ALGORITHM, 0, iv); - KeyRequestResponse info = keyClient.archiveOptionsData(clientKeyId, KeyRequestResource.SYMMETRIC_KEY_TYPE, + KeyRequestResponse info = keyClient.archivePKIOptions(clientKeyId, KeyRequestResource.SYMMETRIC_KEY_TYPE, KeyRequestResource.DES3_ALGORITHM, 0, encoded); log("Archival Results:"); printRequestInfo(info.getRequestInfo()); - keyId = info.getRequestInfo().getKeyId(); + keyId = info.getKeyId(); } catch (Exception e) { log("Exception in archiving symmetric key:" + e.getMessage()); e.printStackTrace(); @@ -274,20 +273,20 @@ public class DRMTest { // Test 6: Submit a recovery request for the symmetric key using a session key log("Submitting a recovery request for the symmetric key using session key"); try { - recoveryKey = nssCrypto.generateSessionKey(); + sessionKey = nssCrypto.generateSessionKey(); wrappedRecoveryKey = CryptoUtil.wrapSymmetricKey(nssCrypto.getManager(), nssCrypto.getToken(), - transportCert, recoveryKey); + transportCert, sessionKey); keyData = keyClient.retrieveKey(keyId, wrappedRecoveryKey); } catch (Exception e) { log("Exception in recovering symmetric key using session key: " + e.getMessage()); } - wrappedRecoveredKey = keyData.getWrappedPrivateData(); + encryptedData = keyData.getEncryptedData(); try { - recoveredKey = new String(Utils.base64decode(nssCrypto.unwrapUsingSessionKey( - Utils.base64decode(wrappedRecoveredKey), recoveryKey, - KeyRequestResource.DES3_ALGORITHM, Utils.base64decode(keyData.getNonceData())))); + recoveredKey = Utils.base64encode(nssCrypto.unwrapWithSessionKey( + encryptedData, sessionKey, + KeyRequestResource.DES3_ALGORITHM, keyData.getNonceData())); } catch (Exception e) { log("Exception in unwrapping key: " + e.toString()); e.printStackTrace(); @@ -304,10 +303,10 @@ public class DRMTest { recoveryPassphrase = "Gimme me keys please"; try { - recoveryKey = nssCrypto.generateSessionKey(); - wrappedRecoveryPassphrase = nssCrypto.wrapUsingSessionKey(recoveryPassphrase, iv, recoveryKey, + sessionKey = nssCrypto.generateSessionKey(); + wrappedRecoveryPassphrase = nssCrypto.wrapWithSessionKey(recoveryPassphrase, iv, sessionKey, KeyRequestResource.DES3_ALGORITHM); - wrappedRecoveryKey = nssCrypto.wrapSessionKeyWithTransportCert(recoveryKey, transportCert); + wrappedRecoveryKey = nssCrypto.wrapSessionKeyWithTransportCert(sessionKey, transportCert); keyData = keyClient.retrieveKeyUsingWrappedPassphrase(keyId, wrappedRecoveryKey, wrappedRecoveryPassphrase, iv); @@ -316,10 +315,10 @@ public class DRMTest { e.printStackTrace(); } - wrappedRecoveredKey = keyData.getWrappedPrivateData(); + encryptedData = keyData.getEncryptedData(); try { - recoveredKey = CryptoUtil.unwrapUsingPassphrase(wrappedRecoveredKey, recoveryPassphrase); + recoveredKey = Utils.base64encode(nssCrypto.unwrapWithPassphrase(encryptedData, recoveryPassphrase)); } catch (Exception e) { log("Error: unable to unwrap key using passphrase"); e.printStackTrace(); @@ -335,12 +334,11 @@ public class DRMTest { // Test 8: Generate and archive a passphrase clientKeyId = "UUID: 123-45-6789 RKEK " + Calendar.getInstance().getTime().toString(); try { - requestResponse = keyClient.archiveKey(clientKeyId, KeyRequestResource.PASS_PHRASE_TYPE, passphrase, null, - 0); + requestResponse = keyClient.archivePassphrase(clientKeyId, passphrase); log("Archival Results:"); printRequestInfo(requestResponse.getRequestInfo()); - keyId = requestResponse.getRequestInfo().getKeyId(); + keyId = requestResponse.getKeyId(); } catch (Exception e) { log("Exception in archiving symmetric key:" + e.toString()); e.printStackTrace(); @@ -365,17 +363,16 @@ public class DRMTest { // Test 10: Submit a recovery request for the passphrase using a session key log("Submitting a recovery request for the passphrase using session key"); - recoveryKey = null; + sessionKey = null; wrappedRecoveryKey = null; try { keyData = keyClient.retrieveKeyByPassphrase(keyId, recoveryPassphrase); } catch (Exception e) { log("Exception in recovering passphrase using session key: " + e.getMessage()); } - wrappedRecoveredKey = keyData.getWrappedPrivateData(); + encryptedData = keyData.getEncryptedData(); try { - recoveredKey = CryptoUtil.unwrapUsingPassphrase(wrappedRecoveredKey, recoveryPassphrase); - recoveredKey = new String(Utils.base64decode(recoveredKey), "UTF-8"); + recoveredKey = new String(nssCrypto.unwrapWithPassphrase(encryptedData, recoveryPassphrase), "UTF-8"); } catch (Exception e) { log("Exception in unwrapping key: " + e.toString()); e.printStackTrace(); @@ -389,9 +386,9 @@ public class DRMTest { // Test 11: Submit a recovery request for the passphrase using a passphrase try { - recoveryKey = nssCrypto.generateSessionKey(); - wrappedRecoveryKey = nssCrypto.wrapSessionKeyWithTransportCert(recoveryKey, transportCert); - wrappedRecoveryPassphrase = nssCrypto.wrapUsingSessionKey(recoveryPassphrase, iv, recoveryKey, + sessionKey = nssCrypto.generateSessionKey(); + wrappedRecoveryKey = nssCrypto.wrapSessionKeyWithTransportCert(sessionKey, transportCert); + wrappedRecoveryPassphrase = nssCrypto.wrapWithSessionKey(recoveryPassphrase, iv, sessionKey, KeyRequestResource.DES3_ALGORITHM); keyData = keyClient.retrieveKeyUsingWrappedPassphrase(keyId, wrappedRecoveryKey, wrappedRecoveryPassphrase, iv); @@ -400,10 +397,9 @@ public class DRMTest { System.out.println("Test 17: " + e1.getMessage()); System.exit(-1); } - wrappedRecoveredKey = keyData.getWrappedPrivateData(); + encryptedData = keyData.getEncryptedData(); try { - recoveredKey = CryptoUtil.unwrapUsingPassphrase(wrappedRecoveredKey, recoveryPassphrase); - recoveredKey = new String(Utils.base64decode(recoveredKey), "UTF-8"); + recoveredKey = new String(nssCrypto.unwrapWithPassphrase(encryptedData, recoveryPassphrase), "UTF-8"); } catch (Exception e) { log("Error: cannot unwrap key using passphrase"); e.printStackTrace(); @@ -422,10 +418,9 @@ public class DRMTest { } catch (Exception e1) { e1.printStackTrace(); } - wrappedRecoveredKey = keyData.getWrappedPrivateData(); + encryptedData = keyData.getEncryptedData(); try { - recoveredKey = CryptoUtil.unwrapUsingPassphrase(wrappedRecoveredKey, recoveryPassphrase); - recoveredKey = new String(Utils.base64decode(recoveredKey), "UTF-8"); + recoveredKey = new String(nssCrypto.unwrapWithPassphrase(encryptedData, recoveryPassphrase), "UTF-8"); } catch (Exception e) { log("Error: Can't unwrap recovered key using passphrase"); e.printStackTrace(); @@ -516,7 +511,7 @@ public class DRMTest { KeyRequestResource.AES_ALGORITHM, 128, usages, null); printRequestInfo(genKeyResponse.getRequestInfo()); - keyId = genKeyResponse.getRequestInfo().getKeyId(); + keyId = genKeyResponse.getKeyId(); // test 19: Get keyId for active key with client ID log("Getting key ID for symmetric key"); @@ -538,19 +533,19 @@ public class DRMTest { // Test 20: Submit a recovery request for the symmetric key using a session key log("Submitting a recovery request for the symmetric key using session key"); try { - recoveryKey = nssCrypto.generateSessionKey(); - wrappedRecoveryKey = nssCrypto.wrapSessionKeyWithTransportCert(recoveryKey, transportCert); + sessionKey = nssCrypto.generateSessionKey(); + wrappedRecoveryKey = nssCrypto.wrapSessionKeyWithTransportCert(sessionKey, transportCert); keyData = keyClient.retrieveKey(keyId, wrappedRecoveryKey); } catch (Exception e) { log("Exception in recovering symmetric key using session key: " + e.getMessage()); } - wrappedRecoveredKey = keyData.getWrappedPrivateData(); + encryptedData = keyData.getEncryptedData(); try { - recoveredKey = new String(Utils.base64decode(nssCrypto.unwrapUsingSessionKey( - Utils.base64decode(wrappedRecoveredKey), recoveryKey, KeyRequestResource.DES3_ALGORITHM, - Utils.base64decode(keyData.getNonceData())))); + recoveredKey = new String(nssCrypto.unwrapWithSessionKey( + encryptedData, sessionKey, KeyRequestResource.DES3_ALGORITHM, + keyData.getNonceData())); } catch (Exception e) { log("Exception in unwrapping key: " + e.toString()); e.printStackTrace(); @@ -587,11 +582,11 @@ public class DRMTest { transportCert, vek, null, KeyGenAlgorithm.DES3, 0, new IVParameterSpec(iv)); - KeyRequestResponse response = keyClient.archiveOptionsData(clientKeyId, + KeyRequestResponse response = keyClient.archivePKIOptions(clientKeyId, KeyRequestResource.SYMMETRIC_KEY_TYPE, KeyRequestResource.AES_ALGORITHM, 128, encoded); log("Archival Results:"); printRequestInfo(response.getRequestInfo()); - keyId = response.getRequestInfo().getKeyId(); + keyId = response.getKeyId(); } catch (Exception e) { log("Exception in archiving symmetric key:" + e.getMessage()); e.printStackTrace(); @@ -626,7 +621,7 @@ public class DRMTest { // generates a session key, wraps it with transport cert and completes the request. // The encrypted data is then unwrapped using the temporary session key and set to // the attribute privateData. - recoveredKey = keyData.getPrivateData(); + recoveredKey = Utils.base64encode(keyData.getData()); if (!recoveredKey.equals(Utils.base64encode(vek.getEncoded()))) { log("Error: recovered and archived keys do not match!"); |