diff options
author | Abhishek Koneru <akoneru@redhat.com> | 2014-07-24 11:20:12 -0400 |
---|---|---|
committer | Abhishek Koneru <akoneru@redhat.com> | 2014-08-27 01:15:35 -0400 |
commit | 6444287caa2ad171086d0ce9d93761a897247e06 (patch) | |
tree | 86e13cafc3f7b866be86b21cf0d96e401d0b9f01 /base/kra/src/org/dogtagpki/server/kra | |
parent | 8e464b6ba5d83d7915978db5841967f20672dfd0 (diff) | |
download | pki-6444287caa2ad171086d0ce9d93761a897247e06.tar.gz pki-6444287caa2ad171086d0ce9d93761a897247e06.tar.xz pki-6444287caa2ad171086d0ce9d93761a897247e06.zip |
Generate asymmetric keys in the DRM.
Adds methods to key client to generate asymmetric keys using
algorithms RSA and DSA for a valid key sizes of 512, 1024, 2048,4096.
The generated keys are archived in the database.
Using the CLI, the public key(base64 encoded) can be retrieved by using
the key-show command.
The private key(base64 encoded) can be retrieved using the key-retrieve
command.
Ticket #1023
Diffstat (limited to 'base/kra/src/org/dogtagpki/server/kra')
-rw-r--r-- | base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java | 44 | ||||
-rw-r--r-- | base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java | 15 |
2 files changed, 53 insertions, 6 deletions
diff --git a/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java b/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java index c538e016b..04dd3253f 100644 --- a/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java +++ b/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java @@ -45,6 +45,7 @@ import com.netscape.certsrv.base.PKIException; import com.netscape.certsrv.base.ResourceMessage; import com.netscape.certsrv.base.UnauthorizedException; import com.netscape.certsrv.dbs.keydb.KeyId; +import com.netscape.certsrv.key.AsymKeyGenerationRequest; import com.netscape.certsrv.key.KeyArchivalRequest; import com.netscape.certsrv.key.KeyRecoveryRequest; import com.netscape.certsrv.key.KeyRequestInfo; @@ -88,6 +89,9 @@ public class KeyRequestService extends PKIService implements KeyRequestResource private static final String LOGGING_SIGNED_AUDIT_SYMKEY_GENERATION_REQUEST = "LOGGING_SIGNED_AUDIT_SYMKEY_GENERATION_REQUEST_4"; + private static final String LOGGING_SIGNED_AUDIT_ASYMKEY_GENERATION_REQUEST = + "LOGGING_SIGNED_AUDIT_ASYMKEY_GENERATION_REQUEST_4"; + private static final String LOGGING_SIGNED_AUDIT_SECURITY_DATA_RECOVERY_REQUEST = "LOGGING_SIGNED_AUDIT_SECURITY_DATA_RECOVERY_REQUEST_4"; @@ -412,14 +416,24 @@ public class KeyRequestService extends PKIService implements KeyRequestResource auditor.log(msg); } + public void auditAsymKeyGenRequestMade(RequestId requestId, String status, String clientKeyID) { + String msg = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ASYMKEY_GENERATION_REQUEST, + servletRequest.getUserPrincipal().getName(), + status, + requestId != null ? requestId.toString() : "null", + clientKeyID); + auditor.log(msg); + } + @Override - public Response createRequest(MultivaluedMap<String, String> form) { + public Response submitRequest(MultivaluedMap<String, String> form) { ResourceMessage data = new ResourceMessage(form); - return createRequest(data); + return submitRequest(data); } @Override - public Response createRequest(ResourceMessage data) { + public Response submitRequest(ResourceMessage data) { Object request = null; try { Class<?> requestClazz = Class.forName(data.getClassName()); @@ -435,6 +449,8 @@ public class KeyRequestService extends PKIService implements KeyRequestResource return recoverKey(new KeyRecoveryRequest(data)); } else if (request instanceof SymKeyGenerationRequest) { return generateSymKey(new SymKeyGenerationRequest(data)); + } else if (request instanceof AsymKeyGenerationRequest) { + return generateAsymKey(new AsymKeyGenerationRequest(data)); } else { throw new BadRequestException("Invalid request class."); } @@ -464,4 +480,26 @@ public class KeyRequestService extends PKIService implements KeyRequestResource throw new PKIException(e.toString()); } } + + public Response generateAsymKey(AsymKeyGenerationRequest data) { + if (data == null) { + throw new BadRequestException("Invalid key generation request."); + } + + KeyRequestDAO dao = new KeyRequestDAO(); + KeyRequestResponse response; + try { + String owner = servletRequest.getUserPrincipal().getName(); + response = dao.submitRequest(data, uriInfo, owner); + auditAsymKeyGenRequestMade(response.getRequestInfo().getRequestId(), ILogger.SUCCESS, + data.getClientKeyId()); + + return createCreatedResponse(response, new URI(response.getRequestInfo().getRequestURL())); + + } catch (EBaseException | URISyntaxException e) { + e.printStackTrace(); + auditArchivalRequestMade(null, ILogger.FAILURE, data.getClientKeyId()); + throw new PKIException(e.toString()); + } + } } diff --git a/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java b/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java index 9f33b1ba7..ecf3b0398 100644 --- a/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java +++ b/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java @@ -19,6 +19,7 @@ package org.dogtagpki.server.kra.rest; +import java.io.IOException; import java.math.BigInteger; import java.net.URI; import java.util.ArrayList; @@ -69,6 +70,7 @@ import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.base.PKIService; import com.netscape.cms.servlet.key.KeyRequestDAO; +import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.ldap.LDAPUtil; import com.netscape.cmsutil.util.Utils; @@ -376,7 +378,7 @@ public class KeyService extends PKIService implements KeyResource { while (e.hasMoreElements()) { IKeyRecord rec = e.nextElement(); if (rec == null) continue; - results.add(createKeyDataInfo(rec)); + results.add(createKeyDataInfo(rec, false)); } int total = results.size(); @@ -431,13 +433,20 @@ public class KeyService extends PKIService implements KeyResource { throw new ResourceNotFoundException("Key not found."); } - public KeyInfo createKeyDataInfo(IKeyRecord rec) throws EBaseException { + public KeyInfo createKeyDataInfo(IKeyRecord rec, boolean getPublicKey) throws EBaseException { KeyInfo ret = new KeyInfo(); ret.setClientKeyID(rec.getClientId()); ret.setStatus(rec.getKeyStatus()); ret.setAlgorithm(rec.getAlgorithm()); ret.setSize(rec.getKeySize()); ret.setOwnerName(rec.getOwnerName()); + if(rec.getPublicKeyData() != null && getPublicKey){ + try { + ret.setPublicKey(CryptoUtil.base64Encode(rec.getPublicKeyData())); + } catch (IOException e) { + throw new EBaseException(e.getMessage()); + } + } Path keyPath = KeyResource.class.getAnnotation(Path.class); BigInteger serial = rec.getSerialNumber(); @@ -539,7 +548,7 @@ public class KeyService extends PKIService implements KeyResource { IKeyRecord rec = null; try { rec = repo.readKeyRecord(keyId.toBigInteger()); - KeyInfo info = createKeyDataInfo(rec); + KeyInfo info = createKeyDataInfo(rec, true); return createOKResponse(info); } catch (EDBRecordNotFoundException e) { |