summaryrefslogtreecommitdiffstats
path: root/base/kra/functional
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2014-02-17 16:07:52 -0500
committerEndi S. Dewata <edewata@redhat.com>2014-02-19 11:10:13 -0500
commitabda3f089591fb9db31f6ddeb174e86c6bc0fbee (patch)
treec87095613684e80e4320426cc7bc529d01d5efbf /base/kra/functional
parentf28f20174d269dc0ef8ed67fb927e7d4efad7ed2 (diff)
downloadpki-abda3f089591fb9db31f6ddeb174e86c6bc0fbee.tar.gz
pki-abda3f089591fb9db31f6ddeb174e86c6bc0fbee.tar.xz
pki-abda3f089591fb9db31f6ddeb174e86c6bc0fbee.zip
Updated REST interface for keys.
The REST interface for keys has been modified to return Response objects to allow better handling of server responses. Key-related methods in KRAClient have been moved into KeyClient. The DRMTest has been updated accordingly. Ticket #554
Diffstat (limited to 'base/kra/functional')
-rw-r--r--base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java93
1 files changed, 48 insertions, 45 deletions
diff --git a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java
index 5e7dd855f..5b2d39af3 100644
--- a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java
+++ b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java
@@ -19,7 +19,6 @@ package com.netscape.cms.servlet.test;
import java.util.ArrayList;
import java.util.Calendar;
-import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Random;
@@ -43,9 +42,11 @@ import org.mozilla.jss.util.Password;
import com.netscape.certsrv.client.ClientConfig;
import com.netscape.certsrv.client.PKIClient;
import com.netscape.certsrv.dbs.keydb.KeyId;
+import com.netscape.certsrv.key.KeyClient;
import com.netscape.certsrv.key.KeyData;
import com.netscape.certsrv.key.KeyInfo;
import com.netscape.certsrv.key.KeyRequestInfo;
+import com.netscape.certsrv.key.KeyRequestInfoCollection;
import com.netscape.certsrv.key.KeyRequestResource;
import com.netscape.certsrv.key.KeyRequestResponse;
import com.netscape.certsrv.key.SymKeyGenerationRequest;
@@ -205,6 +206,7 @@ public class DRMTest {
KRAClient client;
SystemCertClient systemCertClient;
+ KeyClient keyClient;
try {
ClientConfig config = new ClientConfig();
config.setServerURI(protocol + "://" + host + ":" + port + "/kra");
@@ -212,6 +214,7 @@ public class DRMTest {
client = new KRAClient(new PKIClient(config));
systemCertClient = (SystemCertClient)client.getClient("systemcert");
+ keyClient = (KeyClient)client.getClient("key");
} catch (Exception e) {
e.printStackTrace();
@@ -227,11 +230,11 @@ public class DRMTest {
// Test 2: Get list of completed key archival requests
log("\n\nList of completed archival requests");
- Collection<KeyRequestInfo> list = client.listRequests("complete", "securityDataEnrollment");
- if (list == null) {
+ KeyRequestInfoCollection list = keyClient.findRequests("complete", "securityDataEnrollment");
+ if (list.getTotal() == 0) {
log("No requests found");
} else {
- Iterator<KeyRequestInfo> iter = list.iterator();
+ Iterator<KeyRequestInfo> iter = list.getEntries().iterator();
while (iter.hasNext()) {
KeyRequestInfo info = iter.next();
printRequestInfo(info);
@@ -240,11 +243,11 @@ public class DRMTest {
// Test 3: Get list of key recovery requests
log("\n\nList of completed recovery requests");
- Collection<KeyRequestInfo> list2 = client.listRequests("complete", "securityDataRecovery");
- if (list2 == null) {
+ KeyRequestInfoCollection list2 = keyClient.findRequests("complete", "securityDataRecovery");
+ if (list2.getTotal() == 0) {
log("No requests found");
} else {
- Iterator<KeyRequestInfo> iter2 = list2.iterator();
+ Iterator<KeyRequestInfo> iter2 = list2.getEntries().iterator();
while (iter2.hasNext()) {
KeyRequestInfo info = iter2.next();
printRequestInfo(info);
@@ -259,7 +262,7 @@ public class DRMTest {
byte[] encoded = CryptoUtil.createPKIArchiveOptions(manager, token, transportCert, vek, null,
KeyGenAlgorithm.DES3, ivps);
- KeyRequestResponse info = client.archiveSecurityData(encoded, clientId,
+ KeyRequestResponse info = keyClient.archiveSecurityData(encoded, clientId,
KeyRequestResource.SYMMETRIC_KEY_TYPE, KeyRequestResource.DES3_ALGORITHM, 0);
log("Archival Results:");
printRequestInfo(info.getRequestInfo());
@@ -272,7 +275,7 @@ public class DRMTest {
//Test 5: Get keyId for active key with client ID
log("Getting key ID for symmetric key");
- keyInfo = client.getKeyData(clientId, "active");
+ keyInfo = keyClient.getActiveKeyInfo(clientId);
printKeyInfo(keyInfo);
KeyId keyId2 = keyInfo.getKeyId();
if (keyId2 == null) {
@@ -292,7 +295,7 @@ public class DRMTest {
try {
recoveryKey = CryptoUtil.generateKey(token, KeyGenAlgorithm.DES3);
wrappedRecoveryKey = CryptoUtil.wrapSymmetricKey(manager, token, transportCert, recoveryKey);
- KeyRequestResponse info = client.requestRecovery(keyId, null, wrappedRecoveryKey,
+ KeyRequestResponse info = keyClient.requestRecovery(keyId, null, wrappedRecoveryKey,
ivps.getIV());
recoveryRequestId = info.getRequestInfo().getRequestId();
} catch (Exception e) {
@@ -301,12 +304,12 @@ public class DRMTest {
// Test 7: Approve recovery
log("Approving recovery request: " + recoveryRequestId);
- client.approveRecovery(recoveryRequestId);
+ keyClient.approveRequest(recoveryRequestId);
// Test 8: Get key
log("Getting key: " + keyId);
- keyData = client.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey, ivps.getIV());
+ keyData = keyClient.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey, ivps.getIV());
wrappedRecoveredKey = keyData.getWrappedPrivateData();
ivps_server = new IVParameterSpec(Utils.base64decode(keyData.getNonceData()));
@@ -335,7 +338,7 @@ public class DRMTest {
EncryptionAlgorithm.DES3_CBC_PAD);
wrappedRecoveryKey = CryptoUtil.wrapSymmetricKey(manager, token, transportCert, recoveryKey);
- requestResponse = client.requestRecovery(keyId, wrappedRecoveryPassphrase, wrappedRecoveryKey, ivps.getIV());
+ requestResponse = keyClient.requestRecovery(keyId, wrappedRecoveryPassphrase, wrappedRecoveryKey, ivps.getIV());
recoveryRequestId = requestResponse.getRequestInfo().getRequestId();
} catch (Exception e) {
log("Exception in recovering symmetric key using passphrase" + e.toString());
@@ -344,11 +347,11 @@ public class DRMTest {
//Test 10: Approve recovery
log("Approving recovery request: " + recoveryRequestId);
- client.approveRecovery(recoveryRequestId);
+ keyClient.approveRequest(recoveryRequestId);
// Test 11: Get key
log("Getting key: " + keyId);
- keyData = client.retrieveKey(keyId, recoveryRequestId, wrappedRecoveryPassphrase, wrappedRecoveryKey, ivps.getIV());
+ keyData = keyClient.retrieveKey(keyId, recoveryRequestId, wrappedRecoveryPassphrase, wrappedRecoveryKey, ivps.getIV());
wrappedRecoveredKey = keyData.getWrappedPrivateData();
try {
@@ -371,7 +374,7 @@ public class DRMTest {
try {
byte[] encoded = CryptoUtil.createPKIArchiveOptions(manager, token, transportCert, null, passphrase,
KeyGenAlgorithm.DES3, ivps);
- requestResponse = client.archiveSecurityData(encoded, clientId,
+ requestResponse = keyClient.archiveSecurityData(encoded, clientId,
KeyRequestResource.PASS_PHRASE_TYPE, null, 0);
log("Archival Results:");
printRequestInfo(requestResponse.getRequestInfo());
@@ -383,7 +386,7 @@ public class DRMTest {
//Test 13: Get keyId for active passphrase with client ID
log("Getting key ID for passphrase");
- keyInfo = client.getKeyData(clientId, "active");
+ keyInfo = keyClient.getActiveKeyInfo(clientId);
printKeyInfo(keyInfo);
keyId2 = keyInfo.getKeyId();
if (keyId2 == null) {
@@ -408,7 +411,7 @@ public class DRMTest {
wrappedRecoveryKey = CryptoUtil.wrapSymmetricKey(manager, token, transportCert, recoveryKey);
wrappedRecoveryPassphrase = CryptoUtil.wrapPassphrase(token, recoveryPassphrase, ivps, recoveryKey,
EncryptionAlgorithm.DES3_CBC_PAD);
- requestResponse = client.requestRecovery(keyId, null, wrappedRecoveryKey, ivps.getIV());
+ requestResponse = keyClient.requestRecovery(keyId, null, wrappedRecoveryKey, ivps.getIV());
recoveryRequestId = requestResponse.getRequestInfo().getRequestId();
} catch (Exception e) {
log("Exception in recovering passphrase using session key: " + e.getMessage());
@@ -416,12 +419,12 @@ public class DRMTest {
// Test 15: Approve recovery
log("Approving recovery request: " + recoveryRequestId);
- client.approveRecovery(recoveryRequestId);
+ keyClient.approveRequest(recoveryRequestId);
// Test 16: Get key
log("Getting passphrase: " + keyId);
- keyData = client.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey, ivps.getIV());
+ keyData = keyClient.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey, ivps.getIV());
wrappedRecoveredKey = keyData.getWrappedPrivateData();
ivps_server = new IVParameterSpec( Utils.base64decode(keyData.getNonceData()));
try {
@@ -442,16 +445,16 @@ public class DRMTest {
// Test 17: Submit a recovery request for the passphrase using a passphrase
log("Submitting a recovery request for the passphrase using a passphrase");
- requestResponse = client.requestRecovery(keyId, wrappedRecoveryPassphrase, wrappedRecoveryKey, ivps.getIV());
+ requestResponse = keyClient.requestRecovery(keyId, wrappedRecoveryPassphrase, wrappedRecoveryKey, ivps.getIV());
recoveryRequestId = requestResponse.getRequestInfo().getRequestId();
//Test 18: Approve recovery
log("Approving recovery request: " + recoveryRequestId);
- client.approveRecovery(recoveryRequestId);
+ keyClient.approveRequest(recoveryRequestId);
// Test 19: Get key
log("Getting passphrase: " + keyId);
- keyData = client.retrieveKey(keyId, recoveryRequestId, wrappedRecoveryPassphrase, wrappedRecoveryKey, ivps.getIV());
+ keyData = keyClient.retrieveKey(keyId, recoveryRequestId, wrappedRecoveryPassphrase, wrappedRecoveryKey, ivps.getIV());
wrappedRecoveredKey = keyData.getWrappedPrivateData();
try {
recoveredKey = CryptoUtil.unwrapUsingPassphrase(wrappedRecoveredKey, recoveryPassphrase);
@@ -471,16 +474,16 @@ public class DRMTest {
//Wait until retrieving key before sending input data.
log("Submitting a recovery request for the passphrase using a passphrase, wait till end to provide recovery data.");
- requestResponse = client.requestRecovery(keyId, null, null, null);
+ requestResponse = keyClient.requestRecovery(keyId, null, null, null);
recoveryRequestId = requestResponse.getRequestInfo().getRequestId();
//Test 21: Approve recovery
log("Approving recovery request: " + recoveryRequestId);
- client.approveRecovery(recoveryRequestId);
+ keyClient.approveRequest(recoveryRequestId);
// Test 22: Get key
log("Getting passphrase: " + keyId);
- keyData = client.retrieveKey(keyId, recoveryRequestId, wrappedRecoveryPassphrase, wrappedRecoveryKey, ivps.getIV());
+ keyData = keyClient.retrieveKey(keyId, recoveryRequestId, wrappedRecoveryPassphrase, wrappedRecoveryKey, ivps.getIV());
wrappedRecoveredKey = keyData.getWrappedPrivateData();
try {
recoveredKey = CryptoUtil.unwrapUsingPassphrase(wrappedRecoveredKey, recoveryPassphrase);
@@ -500,7 +503,7 @@ public class DRMTest {
RequestId requestId = new RequestId("0xabcdef");
log("Getting non-existent request: " + requestId.toHexString());
try {
- client.getRequest(requestId);
+ keyClient.getRequestInfo(requestId);
log("Error: getting non-existent request does not throw an exception");
} catch (RequestNotFoundException e) {
log("Success: getting non-existent request throws an exception: "+e.getMessage()+" ("+e.getRequestId().toHexString()+")");
@@ -528,13 +531,13 @@ public class DRMTest {
"greWr3xTsy6gF2yphUEkGHh4v22XvK+FLx9Jb6zloMWA2GG9gpUpvMnl1fH4";
log("Requesting X509 key recovery.");
- recoveryRequestId = client.requestKeyRecovery(keyID,
+ recoveryRequestId = keyClient.requestKeyRecovery(keyID,
b64Certificate).getRequestInfo().getRequestId();
log("Requesting X509 key recovery request: " + recoveryRequestId);
// Test 25: Approve x509 key recovery
log("Approving X509 key recovery request: " + recoveryRequestId);
- client.approveRecovery(recoveryRequestId);
+ keyClient.approveRequest(recoveryRequestId);
// Test 26: Recover x509 key
log("Recovering X509 key based on request: " + recoveryRequestId);
@@ -555,11 +558,11 @@ public class DRMTest {
// Test 27: Get list of completed key archival requests
log("\n\nList of completed archival requests");
- list = client.listRequests("complete", IRequest.SYMKEY_GENERATION_REQUEST);
- if (list == null) {
+ list = keyClient.findRequests("complete", IRequest.SYMKEY_GENERATION_REQUEST);
+ if (list.getTotal() == 0) {
log("No requests found");
} else {
- Iterator<KeyRequestInfo> iter = list.iterator();
+ Iterator<KeyRequestInfo> iter = list.getEntries().iterator();
while (iter.hasNext()) {
KeyRequestInfo info = iter.next();
printRequestInfo(info);
@@ -571,7 +574,7 @@ public class DRMTest {
List<String> usages = new ArrayList<String>();
usages.add(SymKeyGenerationRequest.DECRYPT_USAGE);
usages.add(SymKeyGenerationRequest.ENCRYPT_USAGE);
- KeyRequestResponse genKeyResponse = client.generateKey(clientId,
+ KeyRequestResponse genKeyResponse = keyClient.generateKey(clientId,
KeyRequestResource.AES_ALGORITHM,
128, usages);
printRequestInfo(genKeyResponse.getRequestInfo());
@@ -579,7 +582,7 @@ public class DRMTest {
// test 29: Get keyId for active key with client ID
log("Getting key ID for symmetric key");
- keyInfo = client.getKeyData(clientId, "active");
+ keyInfo = keyClient.getActiveKeyInfo(clientId);
printKeyInfo(keyInfo);
keyId2 = keyInfo.getKeyId();
if (keyId2 == null) {
@@ -599,7 +602,7 @@ public class DRMTest {
try {
recoveryKey = CryptoUtil.generateKey(token, KeyGenAlgorithm.DES3);
wrappedRecoveryKey = CryptoUtil.wrapSymmetricKey(manager, token, transportCert, recoveryKey);
- KeyRequestResponse response = client.requestRecovery(keyId, null, wrappedRecoveryKey, ivps.getIV());
+ KeyRequestResponse response = keyClient.requestRecovery(keyId, null, wrappedRecoveryKey, ivps.getIV());
recoveryRequestId = response.getRequestInfo().getRequestId();
} catch (Exception e) {
log("Exception in recovering symmetric key using session key: " + e.getMessage());
@@ -607,12 +610,12 @@ public class DRMTest {
// Test 31: Approve recovery
log("Approving recovery request: " + recoveryRequestId);
- client.approveRecovery(recoveryRequestId);
+ keyClient.approveRequest(recoveryRequestId);
// Test 32: Get key
log("Getting key: " + keyId);
- keyData = client.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey, ivps.getIV());
+ keyData = keyClient.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey, ivps.getIV());
wrappedRecoveredKey = keyData.getWrappedPrivateData();
ivps_server = new IVParameterSpec(Utils.base64decode(keyData.getNonceData()));
@@ -627,21 +630,21 @@ public class DRMTest {
// test 33: Generate symmetric key - invalid algorithm
try {
- genKeyResponse = client.generateKey("Symmetric Key #1235", "AFS", 128, usages);
+ genKeyResponse = keyClient.generateKey("Symmetric Key #1235", "AFS", 128, usages);
} catch (Exception e) {
log("Exception: " + e);
}
// test 34: Generate symmetric key - invalid key size
try {
- genKeyResponse = client.generateKey("Symmetric Key #1236", "AES", 135, usages);
+ genKeyResponse = keyClient.generateKey("Symmetric Key #1236", "AES", 135, usages);
} catch (Exception e) {
log("Exception: " + e);
}
// test 35: Generate symmetric key - usages not defined
try {
- genKeyResponse = client.generateKey("Symmetric Key #1236", "DES", 56, usages);
+ genKeyResponse = keyClient.generateKey("Symmetric Key #1236", "DES", 56, usages);
} catch (Exception e) {
log("Exception: " + e);
}
@@ -657,7 +660,7 @@ public class DRMTest {
byte[] encoded = CryptoUtil.createPKIArchiveOptions(manager, token, transportCert, vek, null,
KeyGenAlgorithm.DES3, ivps);
- KeyRequestResponse response = client.archiveSecurityData(encoded, clientId,
+ KeyRequestResponse response = keyClient.archiveSecurityData(encoded, clientId,
KeyRequestResource.SYMMETRIC_KEY_TYPE, KeyRequestResource.AES_ALGORITHM, 128);
log("Archival Results:");
printRequestInfo(response.getRequestInfo());
@@ -669,7 +672,7 @@ public class DRMTest {
//Test 37: Get keyId for active key with client ID
log("Getting key ID for symmetric key");
- keyInfo = client.getKeyData(clientId, "active");
+ keyInfo = keyClient.getActiveKeyInfo(clientId);
printKeyInfo(keyInfo);
keyId2 = keyInfo.getKeyId();
if (keyId2 == null) {
@@ -689,7 +692,7 @@ public class DRMTest {
try {
recoveryKey = CryptoUtil.generateKey(token, KeyGenAlgorithm.DES3);
wrappedRecoveryKey = CryptoUtil.wrapSymmetricKey(manager, token, transportCert, recoveryKey);
- KeyRequestResponse response = client.requestRecovery(keyId, null, wrappedRecoveryKey, ivps.getIV());
+ KeyRequestResponse response = keyClient.requestRecovery(keyId, null, wrappedRecoveryKey, ivps.getIV());
recoveryRequestId = response.getRequestInfo().getRequestId();
} catch (Exception e) {
log("Exception in recovering symmetric key using session key: " + e.getMessage());
@@ -697,12 +700,12 @@ public class DRMTest {
// Test 39: Approve recovery
log("Approving recovery request: " + recoveryRequestId);
- client.approveRecovery(recoveryRequestId);
+ keyClient.approveRequest(recoveryRequestId);
// Test 40: Get key
log("Getting key: " + keyId);
- keyData = client.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey, ivps.getIV());
+ keyData = keyClient.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey, ivps.getIV());
wrappedRecoveredKey = keyData.getWrappedPrivateData();
ivps_server = new IVParameterSpec(Utils.base64decode(keyData.getNonceData()));
generated by cgit (git 2.34.1) at 2024-06-23 10:46:28 +0000