diff options
| author | Ade Lee <alee@redhat.com> | 2017-03-28 13:01:30 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2017-03-28 14:18:14 -0400 |
| commit | a5cbfd0fcd966604a5188352bb09042e3132eb32 (patch) | |
| tree | c8c8f4a44363860149d604a0b45d8e78da53f06b /base/kra/src/org | |
| parent | 358064eed09fd43e9fe7b08e43bd03775df880df (diff) | |
| download | pki-a5cbfd0fcd966604a5188352bb09042e3132eb32.tar.gz pki-a5cbfd0fcd966604a5188352bb09042e3132eb32.tar.xz pki-a5cbfd0fcd966604a5188352bb09042e3132eb32.zip | |
Fix retrieval for symmetric keys
Up to now, we have only ever used the same algorithm (DES3_CBC)
for key wrapping and encryption. With the change to use AES Keywrap
and AES CBC, we need to know which mechanism was used to encrypt/wrap
the secrets when returned to the client.
This means passing back more information to the client with the key
data, and also modifying the client to use this information to decode
the data correctly.
Change-Id: I7232085c1eedf38c63abad81db08acc912fa1da1
Diffstat (limited to 'base/kra/src/org')
| -rw-r--r-- | base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java b/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java index a8b895fec..e8cb6e9b7 100644 --- a/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java +++ b/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java @@ -345,17 +345,34 @@ public class KeyService extends SubsystemService implements KeyResource { keyData.setNonceData(nonceData); } - String algorithm = rec.getAlgorithm(); - Integer keySize = rec.getKeySize(); + keyData.setType((String) requestParams.get(IRequest.SECURITY_DATA_TYPE)); + + String payloadWrapped = (String) requestParams.get(IRequest.SECURITY_DATA_PL_WRAPPED); + // either wrapAlgorithm or encryptAlgorithm will be set. This will tell the + // client which mechanism was used to encrypt the secret + if (payloadWrapped.equalsIgnoreCase("true")) { + keyData.setWrapAlgorithm( + (String) requestParams.get(IRequest.SECURITY_DATA_PL_WRAPPING_NAME)); + } else { + keyData.setEncryptAlgorithmOID( + (String) requestParams.get(IRequest.SECURITY_DATA_PL_ENCRYPTION_OID)); + } + String algorithm = rec.getAlgorithm(); if (algorithm != null) { keyData.setAlgorithm(algorithm); } + Integer keySize = rec.getKeySize(); if (keySize != null) { keyData.setSize(keySize); } + byte[] pubKeyBytes = rec.getPublicKeyData(); + if (pubKeyBytes != null) { + keyData.setPublicKey(Utils.base64encode(pubKeyBytes)); + } + kra.destroyVolatileRequest(request.getRequestId()); if (!synchronous) { |