Generate asymmetric keys in the DRM.

Adds methods to key client to generate asymmetric keys using algorithms RSA and DSA for a valid key sizes of 512, 1024, 2048,4096. The generated keys are archived in the database. Using the CLI, the public key(base64 encoded) can be retrieved by using the key-show command. The private key(base64 encoded) can be retrieved using the key-retrieve command. Ticket #1023
author: Abhishek Koneru <akoneru@redhat.com> 2014-07-24 11:20:12 -0400
committer: Abhishek Koneru <akoneru@redhat.com> 2014-08-27 01:15:35 -0400
commit: 6444287caa2ad171086d0ce9d93761a897247e06 (patch)
tree: 86e13cafc3f7b866be86b21cf0d96e401d0b9f01 /base/kra/src/org/dogtagpki/server/kra
parent: 8e464b6ba5d83d7915978db5841967f20672dfd0 (diff)
download: pki-6444287caa2ad171086d0ce9d93761a897247e06.tar.gz
pki-6444287caa2ad171086d0ce9d93761a897247e06.tar.xz
pki-6444287caa2ad171086d0ce9d93761a897247e06.zip
2 files changed, 53 insertions, 6 deletions
diff --git a/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java b/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java
index c538e016b..04dd3253f 100644
--- a/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java
+++ b/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java
@@ -45,6 +45,7 @@ import com.netscape.certsrv.base.PKIException;
 import com.netscape.certsrv.base.ResourceMessage;
 import com.netscape.certsrv.base.UnauthorizedException;
 import com.netscape.certsrv.dbs.keydb.KeyId;
+import com.netscape.certsrv.key.AsymKeyGenerationRequest;
 import com.netscape.certsrv.key.KeyArchivalRequest;
 import com.netscape.certsrv.key.KeyRecoveryRequest;
 import com.netscape.certsrv.key.KeyRequestInfo;
@@ -88,6 +89,9 @@ public class KeyRequestService extends PKIService implements KeyRequestResource
     private static final String LOGGING_SIGNED_AUDIT_SYMKEY_GENERATION_REQUEST =
             "LOGGING_SIGNED_AUDIT_SYMKEY_GENERATION_REQUEST_4";
 
+    private static final String LOGGING_SIGNED_AUDIT_ASYMKEY_GENERATION_REQUEST =
+            "LOGGING_SIGNED_AUDIT_ASYMKEY_GENERATION_REQUEST_4";
+
     private static final String LOGGING_SIGNED_AUDIT_SECURITY_DATA_RECOVERY_REQUEST =
             "LOGGING_SIGNED_AUDIT_SECURITY_DATA_RECOVERY_REQUEST_4";
 
@@ -412,14 +416,24 @@ public class KeyRequestService extends PKIService implements KeyRequestResource
         auditor.log(msg);
     }
 
+    public void auditAsymKeyGenRequestMade(RequestId requestId, String status, String clientKeyID) {
+        String msg = CMS.getLogMessage(
+                LOGGING_SIGNED_AUDIT_ASYMKEY_GENERATION_REQUEST,
+                servletRequest.getUserPrincipal().getName(),
+                status,
+                requestId != null ? requestId.toString() : "null",
+                clientKeyID);
+        auditor.log(msg);
+    }
+
     @Override
-    public Response createRequest(MultivaluedMap<String, String> form) {
+    public Response submitRequest(MultivaluedMap<String, String> form) {
         ResourceMessage data = new ResourceMessage(form);
-        return createRequest(data);
+        return submitRequest(data);
     }
 
     @Override
-    public Response createRequest(ResourceMessage data) {
+    public Response submitRequest(ResourceMessage data) {
         Object request = null;
         try {
             Class<?> requestClazz = Class.forName(data.getClassName());
@@ -435,6 +449,8 @@ public class KeyRequestService extends PKIService implements KeyRequestResource
             return recoverKey(new KeyRecoveryRequest(data));
         } else if (request instanceof SymKeyGenerationRequest) {
             return generateSymKey(new SymKeyGenerationRequest(data));
+        } else if (request instanceof AsymKeyGenerationRequest) {
+            return generateAsymKey(new AsymKeyGenerationRequest(data));
         } else {
             throw new BadRequestException("Invalid request class.");
         }
@@ -464,4 +480,26 @@ public class KeyRequestService extends PKIService implements KeyRequestResource
             throw new PKIException(e.toString());
         }
     }
+
+    public Response generateAsymKey(AsymKeyGenerationRequest data) {
+        if (data == null) {
+            throw new BadRequestException("Invalid key generation request.");
+        }
+
+        KeyRequestDAO dao = new KeyRequestDAO();
+        KeyRequestResponse response;
+        try {
+            String owner = servletRequest.getUserPrincipal().getName();
+            response = dao.submitRequest(data, uriInfo, owner);
+            auditAsymKeyGenRequestMade(response.getRequestInfo().getRequestId(), ILogger.SUCCESS,
+                    data.getClientKeyId());
+
+            return createCreatedResponse(response, new URI(response.getRequestInfo().getRequestURL()));
+
+        } catch (EBaseException | URISyntaxException e) {
+            e.printStackTrace();
+            auditArchivalRequestMade(null, ILogger.FAILURE, data.getClientKeyId());
+            throw new PKIException(e.toString());
+        }
+    }
 }
diff --git a/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java b/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java
index 9f33b1ba7..ecf3b0398 100644
--- a/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java
+++ b/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java
@@ -19,6 +19,7 @@
 package org.dogtagpki.server.kra.rest;
 
 
+import java.io.IOException;
 import java.math.BigInteger;
 import java.net.URI;
 import java.util.ArrayList;
@@ -69,6 +70,7 @@ import com.netscape.certsrv.request.RequestId;
 import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cms.servlet.base.PKIService;
 import com.netscape.cms.servlet.key.KeyRequestDAO;
+import com.netscape.cmsutil.crypto.CryptoUtil;
 import com.netscape.cmsutil.ldap.LDAPUtil;
 import com.netscape.cmsutil.util.Utils;
 
@@ -376,7 +378,7 @@ public class KeyService extends PKIService implements KeyResource {
             while (e.hasMoreElements()) {
                 IKeyRecord rec = e.nextElement();
                 if (rec == null) continue;
-                results.add(createKeyDataInfo(rec));
+                results.add(createKeyDataInfo(rec, false));
             }
 
             int total = results.size();
@@ -431,13 +433,20 @@ public class KeyService extends PKIService implements KeyResource {
         throw new ResourceNotFoundException("Key not found.");
     }
 
-    public KeyInfo createKeyDataInfo(IKeyRecord rec) throws EBaseException {
+    public KeyInfo createKeyDataInfo(IKeyRecord rec, boolean getPublicKey) throws EBaseException {
         KeyInfo ret = new KeyInfo();
         ret.setClientKeyID(rec.getClientId());
         ret.setStatus(rec.getKeyStatus());
         ret.setAlgorithm(rec.getAlgorithm());
         ret.setSize(rec.getKeySize());
         ret.setOwnerName(rec.getOwnerName());
+        if(rec.getPublicKeyData() != null && getPublicKey){
+            try {
+                ret.setPublicKey(CryptoUtil.base64Encode(rec.getPublicKeyData()));
+            } catch (IOException e) {
+                throw new EBaseException(e.getMessage());
+            }
+        }
 
         Path keyPath = KeyResource.class.getAnnotation(Path.class);
         BigInteger serial = rec.getSerialNumber();
@@ -539,7 +548,7 @@ public class KeyService extends PKIService implements KeyResource {
         IKeyRecord rec = null;
         try {
             rec = repo.readKeyRecord(keyId.toBigInteger());
-            KeyInfo info = createKeyDataInfo(rec);
+            KeyInfo info = createKeyDataInfo(rec, true);
 
             return createOKResponse(info);
         } catch (EDBRecordNotFoundException e) {
author	Abhishek Koneru <akoneru@redhat.com>	2014-07-24 11:20:12 -0400
committer	Abhishek Koneru <akoneru@redhat.com>	2014-08-27 01:15:35 -0400
commit	6444287caa2ad171086d0ce9d93761a897247e06 (patch)
tree	86e13cafc3f7b866be86b21cf0d96e401d0b9f01 /base/kra/src/org/dogtagpki/server/kra
parent	8e464b6ba5d83d7915978db5841967f20672dfd0 (diff)
download	pki-6444287caa2ad171086d0ce9d93761a897247e06.tar.gz pki-6444287caa2ad171086d0ce9d93761a897247e06.tar.xz pki-6444287caa2ad171086d0ce9d93761a897247e06.zip