diff options
| author | Ade Lee <alee@redhat.com> | 2014-02-21 00:54:26 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2014-02-26 01:17:44 -0500 |
| commit | e68dd1da3715d0b9d39bc6393a84732f15b7b7cd (patch) | |
| tree | 8f9b4cef87563b717b87b640fedc8991cef62c8d /base/kra | |
| parent | 0900a0a7e12064171d60345f448b983e91b56239 (diff) | |
| download | pki-e68dd1da3715d0b9d39bc6393a84732f15b7b7cd.tar.gz pki-e68dd1da3715d0b9d39bc6393a84732f15b7b7cd.tar.xz pki-e68dd1da3715d0b9d39bc6393a84732f15b7b7cd.zip | |
reame client_id to client_key_id
Diffstat (limited to 'base/kra')
| -rw-r--r-- | base/kra/functional/drmtest.py | 19 | ||||
| -rw-r--r-- | base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java | 32 | ||||
| -rw-r--r-- | base/kra/src/com/netscape/kra/SecurityDataService.java | 22 | ||||
| -rw-r--r-- | base/kra/src/com/netscape/kra/SymKeyGenService.java | 22 |
4 files changed, 48 insertions, 47 deletions
diff --git a/base/kra/functional/drmtest.py b/base/kra/functional/drmtest.py index f658d06b8..90cc8b2c8 100644 --- a/base/kra/functional/drmtest.py +++ b/base/kra/functional/drmtest.py @@ -48,7 +48,7 @@ def print_key_request(request): def print_key_info(key_info): ''' Prints the relevant fields of a KeyInfo object ''' print "Key URL: " + str(key_info.keyURL) - print "Client ID: " + str(key_info.clientID) + print "Client ID: " + str(key_info.clientKeyID) print "Algorithm: " + str(key_info.algorithm) print "Status: " + str(key_info.status) print "Owner Name: " + str(key_info.ownerName) @@ -94,18 +94,19 @@ def main(): # Test 4: generate symkey -- same as barbican_encode() print "Now generating symkey on KRA" - client_id = "Vek #1" + time.strftime('%X %x %Z') + #client_key_id = "Vek #1" + time.strftime('%X %x %Z') + client_key_id = "abcxyz" algorithm = "AES" key_size = 128 usages = [key.SymKeyGenerationRequest.DECRYPT_USAGE, key.SymKeyGenerationRequest.ENCRYPT_USAGE] - response = kraclient.generate_sym_key(client_id, algorithm, key_size, usages) + response = kraclient.generate_symmetric_key(client_key_id, algorithm, key_size, usages) print_key_request(response.requestInfo) print "Request ID is " + response.requestInfo.get_request_id() key_id = response.get_key_id() # Test 5: Confirm the key_id matches - print "Now getting key ID for clientID=\"" + client_id + "\"" - key_infos = kraclient.keys.list_keys(client_id=client_id, status="active") + print "Now getting key ID for clientKeyID=\"" + client_key_id + "\"" + key_infos = kraclient.keys.list_keys(client_key_id=client_key_id, status="active") for key_info in key_infos.key_infos: print_key_info(key_info) key_id2 = key_info.get_key_id() @@ -140,7 +141,7 @@ def main(): # Test 10 = test BadRequestException on create() print "Trying to generate a new symkey with the same client ID" try: - response = kraclient.generate_sym_key(client_id, algorithm, key_size, usages) + response = kraclient.generate_symmetric_key(client_key_id, algorithm, key_size, usages) except pki.BadRequestException as exc: print "BadRequestException thrown - Code:" + exc.code + " Message: " + exc.message @@ -168,8 +169,8 @@ def main(): print_key_info(key_info) # Test 14: get the active key - print "Get the active key for client id: " + client_id - key_info = kraclient.keys.get_active_key_info(client_id) + print "Get the active key for client id: " + client_key_id + key_info = kraclient.keys.get_active_key_info(client_key_id) print_key_info(key_info) #Test 15: change the key status @@ -187,7 +188,7 @@ def main(): # Test 17: Get key info for non-existent active key print "Get non-existent active key" try: - key_info = kraclient.keys.get_active_key_info(client_id) + key_info = kraclient.keys.get_active_key_info(client_key_id) except pki.ResourceNotFoundException as exc: print "ResourceNotFoundException thrown - Code: " + exc.code + "Message: " + exc.message diff --git a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java index 52190091e..5681c1114 100644 --- a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java +++ b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java @@ -167,7 +167,7 @@ public class DRMTest { // various ids used in recovery/archival operations KeyId keyId = null; - String clientId = null; + String clientKeyId = null; RequestId recoveryRequestId = null; // Variables for data structures from calls @@ -257,13 +257,13 @@ public class DRMTest { // Test 4: Generate and archive a symmetric key log("Archiving symmetric key"); - clientId = "UUID: 123-45-6789 VEK " + Calendar.getInstance().getTime().toString(); + clientKeyId = "UUID: 123-45-6789 VEK " + Calendar.getInstance().getTime().toString(); try { vek = CryptoUtil.generateKey(token, KeyGenAlgorithm.DES3); byte[] encoded = CryptoUtil.createPKIArchiveOptions(manager, token, transportCert, vek, null, KeyGenAlgorithm.DES3, ivps); - KeyRequestResponse info = keyClient.archiveSecurityData(encoded, clientId, + KeyRequestResponse info = keyClient.archiveSecurityData(encoded, clientKeyId, KeyRequestResource.SYMMETRIC_KEY_TYPE, KeyRequestResource.DES3_ALGORITHM, 0); log("Archival Results:"); printRequestInfo(info.getRequestInfo()); @@ -276,7 +276,7 @@ public class DRMTest { //Test 5: Get keyId for active key with client ID log("Getting key ID for symmetric key"); - keyInfo = keyClient.getActiveKeyInfo(clientId); + keyInfo = keyClient.getActiveKeyInfo(clientKeyId); printKeyInfo(keyInfo); KeyId keyId2 = keyInfo.getKeyId(); if (keyId2 == null) { @@ -371,11 +371,11 @@ public class DRMTest { passphrase = "secret12345"; // Test 12: Generate and archive a passphrase - clientId = "UUID: 123-45-6789 RKEK " + Calendar.getInstance().getTime().toString(); + clientKeyId = "UUID: 123-45-6789 RKEK " + Calendar.getInstance().getTime().toString(); try { byte[] encoded = CryptoUtil.createPKIArchiveOptions(manager, token, transportCert, null, passphrase, KeyGenAlgorithm.DES3, ivps); - requestResponse = keyClient.archiveSecurityData(encoded, clientId, + requestResponse = keyClient.archiveSecurityData(encoded, clientKeyId, KeyRequestResource.PASS_PHRASE_TYPE, null, 0); log("Archival Results:"); printRequestInfo(requestResponse.getRequestInfo()); @@ -387,7 +387,7 @@ public class DRMTest { //Test 13: Get keyId for active passphrase with client ID log("Getting key ID for passphrase"); - keyInfo = keyClient.getActiveKeyInfo(clientId); + keyInfo = keyClient.getActiveKeyInfo(clientKeyId); printKeyInfo(keyInfo); keyId2 = keyInfo.getKeyId(); if (keyId2 == null) { @@ -571,11 +571,11 @@ public class DRMTest { } // test 28: Generate symmetric key - clientId = "Symmetric Key #1234f " + Calendar.getInstance().getTime().toString(); + clientKeyId = "Symmetric Key #1234f " + Calendar.getInstance().getTime().toString(); List<String> usages = new ArrayList<String>(); usages.add(SymKeyGenerationRequest.DECRYPT_USAGE); usages.add(SymKeyGenerationRequest.ENCRYPT_USAGE); - KeyRequestResponse genKeyResponse = keyClient.generateKey(clientId, + KeyRequestResponse genKeyResponse = keyClient.generateKey(clientKeyId, KeyRequestResource.AES_ALGORITHM, 128, usages); printRequestInfo(genKeyResponse.getRequestInfo()); @@ -583,7 +583,7 @@ public class DRMTest { // test 29: Get keyId for active key with client ID log("Getting key ID for symmetric key"); - keyInfo = keyClient.getActiveKeyInfo(clientId); + keyInfo = keyClient.getActiveKeyInfo(clientKeyId); printKeyInfo(keyInfo); keyId2 = keyInfo.getKeyId(); if (keyId2 == null) { @@ -652,7 +652,7 @@ public class DRMTest { // Test 36: Generate and archive a symmetric key of type AES log("Archiving symmetric key"); - clientId = "UUID: 123-45-6789 VEK " + Calendar.getInstance().getTime().toString(); + clientKeyId = "UUID: 123-45-6789 VEK " + Calendar.getInstance().getTime().toString(); try { KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.AES); kg.initialize(128); @@ -661,7 +661,7 @@ public class DRMTest { byte[] encoded = CryptoUtil.createPKIArchiveOptions(manager, token, transportCert, vek, null, KeyGenAlgorithm.DES3, ivps); - KeyRequestResponse response = keyClient.archiveSecurityData(encoded, clientId, + KeyRequestResponse response = keyClient.archiveSecurityData(encoded, clientKeyId, KeyRequestResource.SYMMETRIC_KEY_TYPE, KeyRequestResource.AES_ALGORITHM, 128); log("Archival Results:"); printRequestInfo(response.getRequestInfo()); @@ -673,7 +673,7 @@ public class DRMTest { //Test 37: Get keyId for active key with client ID log("Getting key ID for symmetric key"); - keyInfo = keyClient.getActiveKeyInfo(clientId); + keyInfo = keyClient.getActiveKeyInfo(clientKeyId); printKeyInfo(keyInfo); keyId2 = keyInfo.getKeyId(); if (keyId2 == null) { @@ -737,9 +737,9 @@ public class DRMTest { //Test 43: Confirm no more active keys with this ID log("look for active keys with this id"); - clientId = keyInfo.getClientID(); + clientKeyId = keyInfo.getClientKeyID(); try { - keyInfo = keyClient.getActiveKeyInfo(clientId); + keyInfo = keyClient.getActiveKeyInfo(clientKeyId); printKeyInfo(keyInfo); } catch (ResourceNotFoundException e) { log("Success: ResourceNotFound exception thrown: " + e); @@ -748,7 +748,7 @@ public class DRMTest { private static void printKeyInfo(KeyInfo keyInfo) { log("Printing keyInfo:"); - log("ClientID: " + keyInfo.getClientID()); + log("Client Key ID: " + keyInfo.getClientKeyID()); log("Key URL: " + keyInfo.getKeyURL()); log("Algorithm: " + keyInfo.getAlgorithm()); log("Strength: " + keyInfo.getSize()); diff --git a/base/kra/src/com/netscape/kra/SecurityDataService.java b/base/kra/src/com/netscape/kra/SecurityDataService.java index bbea11c32..388079f32 100644 --- a/base/kra/src/com/netscape/kra/SecurityDataService.java +++ b/base/kra/src/com/netscape/kra/SecurityDataService.java @@ -83,7 +83,7 @@ public class SecurityDataService implements IService { public boolean serviceRequest(IRequest request) throws EBaseException { String id = request.getRequestId().toString(); - String clientId = request.getExtDataInString(IRequest.SECURITY_DATA_CLIENT_ID); + String clientKeyId = request.getExtDataInString(IRequest.SECURITY_DATA_CLIENT_KEY_ID); String wrappedSecurityData = request.getExtDataInString(IEnrollProfile.REQUEST_ARCHIVE_OPTIONS); String dataType = request.getExtDataInString(IRequest.SECURITY_DATA_TYPE); String algorithm = request.getExtDataInString(IRequest.SECURITY_DATA_ALGORITHM); @@ -96,9 +96,9 @@ public class SecurityDataService implements IService { String subjectID = auditSubjectID(); //Check here even though restful layer checks for this. - if(wrappedSecurityData == null || clientId == null || dataType == null) { + if(wrappedSecurityData == null || clientKeyId == null || dataType == null) { auditArchivalRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(), - clientId, null, "Bad data in request"); + clientKeyId, null, "Bad data in request"); throw new EBaseException("Bad data in SecurityDataService.serviceRequest"); } //We need some info from the PKIArchiveOptions wrapped security data @@ -110,7 +110,7 @@ public class SecurityDataService implements IService { //Check here just in case a null ArchiveOptions makes it this far if(options == null) { auditArchivalRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(), - clientId, null, "Problem decoding PKIArchiveOptions"); + clientKeyId, null, "Problem decoding PKIArchiveOptions"); throw new EBaseException("Problem decoding PKIArchiveOptions."); } @@ -148,7 +148,7 @@ public class SecurityDataService implements IService { privateSecurityData = mStorageUnit.encryptInternalPrivate(securityData); } else { // We have no data. auditArchivalRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(), - clientId, null, "Failed to create security data to archive"); + clientKeyId, null, "Failed to create security data to archive"); throw new EBaseException("Failed to create security data to archive!"); } // create key record @@ -156,13 +156,13 @@ public class SecurityDataService implements IService { privateSecurityData, owner, algStr, owner); - rec.set(IKeyRecord.ATTR_CLIENT_ID, clientId); + rec.set(IKeyRecord.ATTR_CLIENT_ID, clientKeyId); //Now we need a serial number for our new key. if (rec.getSerialNumber() != null) { auditArchivalRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(), - clientId, null, CMS.getUserMessage("CMS_KRA_INVALID_STATE")); + clientKeyId, null, CMS.getUserMessage("CMS_KRA_INVALID_STATE")); throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_STATE")); } @@ -173,7 +173,7 @@ public class SecurityDataService implements IService { mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_GET_NEXT_SERIAL")); auditArchivalRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(), - clientId, null, "Failed to get next Key ID"); + clientKeyId, null, "Failed to get next Key ID"); throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_STATE")); } @@ -193,7 +193,7 @@ public class SecurityDataService implements IService { storage.addKeyRecord(rec); auditArchivalRequestProcessed(subjectID, ILogger.SUCCESS, request.getRequestId(), - clientId, serialNo.toString(), "None"); + clientKeyId, serialNo.toString(), "None"); request.setExtData(IRequest.RESULT, IRequest.RES_SUCCESS); mKRA.getRequestQueue().updateRequest(request); @@ -236,14 +236,14 @@ public class SecurityDataService implements IService { return subjectID; } - private void auditArchivalRequestProcessed(String subjectID, String status, RequestId requestID, String clientID, + private void auditArchivalRequestProcessed(String subjectID, String status, RequestId requestID, String clientKeyID, String keyID, String reason) { String auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED, subjectID, status, requestID.toString(), - clientID, + clientKeyID, keyID != null ? keyID : "None", reason); audit(auditMessage); diff --git a/base/kra/src/com/netscape/kra/SymKeyGenService.java b/base/kra/src/com/netscape/kra/SymKeyGenService.java index 32dc1ceb9..99c57b8d9 100644 --- a/base/kra/src/com/netscape/kra/SymKeyGenService.java +++ b/base/kra/src/com/netscape/kra/SymKeyGenService.java @@ -88,7 +88,7 @@ public class SymKeyGenService implements IService { public boolean serviceRequest(IRequest request) throws EBaseException { String id = request.getRequestId().toString(); - String clientId = request.getExtDataInString(IRequest.SECURITY_DATA_CLIENT_ID); + String clientKeyId = request.getExtDataInString(IRequest.SECURITY_DATA_CLIENT_KEY_ID); String algorithm = request.getExtDataInString(IRequest.SYMKEY_GEN_ALGORITHM); String usageStr = request.getExtDataInString(IRequest.SYMKEY_GEN_USAGES); @@ -104,9 +104,9 @@ public class SymKeyGenService implements IService { String subjectID = auditSubjectID(); //Check here even though restful layer checks for this. - if (algorithm == null || clientId == null || keySize <= 0) { + if (algorithm == null || clientKeyId == null || keySize <= 0) { auditSymKeyGenRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(), - clientId, null, "Bad data in request"); + clientKeyId, null, "Bad data in request"); throw new EBaseException("Bad data in SymKeyGenService.serviceRequest"); } @@ -166,7 +166,7 @@ public class SymKeyGenService implements IService { | InvalidAlgorithmParameterException e) { CMS.debugStackTrace(); auditSymKeyGenRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(), - clientId, null, "Failed to generate symmetric key"); + clientKeyId, null, "Failed to generate symmetric key"); throw new EBaseException("Errors in generating symmetric key: " + e); } @@ -177,7 +177,7 @@ public class SymKeyGenService implements IService { privateSecurityData = mStorageUnit.wrap(sk); } else { // We have no data. auditSymKeyGenRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(), - clientId, null, "Failed to create security data to archive"); + clientKeyId, null, "Failed to create security data to archive"); throw new EBaseException("Failed to create security data to archive!"); } @@ -186,12 +186,12 @@ public class SymKeyGenService implements IService { privateSecurityData, owner, algorithm, owner); - rec.set(IKeyRecord.ATTR_CLIENT_ID, clientId); + rec.set(IKeyRecord.ATTR_CLIENT_ID, clientKeyId); //Now we need a serial number for our new key. if (rec.getSerialNumber() != null) { auditSymKeyGenRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(), - clientId, null, CMS.getUserMessage("CMS_KRA_INVALID_STATE")); + clientKeyId, null, CMS.getUserMessage("CMS_KRA_INVALID_STATE")); throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_STATE")); } @@ -202,7 +202,7 @@ public class SymKeyGenService implements IService { mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_GET_NEXT_SERIAL")); auditSymKeyGenRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(), - clientId, null, "Failed to get next Key ID"); + clientKeyId, null, "Failed to get next Key ID"); throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_STATE")); } @@ -217,7 +217,7 @@ public class SymKeyGenService implements IService { storage.addKeyRecord(rec); auditSymKeyGenRequestProcessed(subjectID, ILogger.SUCCESS, request.getRequestId(), - clientId, serialNo.toString(), "None"); + clientKeyId, serialNo.toString(), "None"); request.setExtData(IRequest.RESULT, IRequest.RES_SUCCESS); mKRA.getRequestQueue().updateRequest(request); @@ -261,14 +261,14 @@ public class SymKeyGenService implements IService { return subjectID; } - private void auditSymKeyGenRequestProcessed(String subjectID, String status, RequestId requestID, String clientID, + private void auditSymKeyGenRequestProcessed(String subjectID, String status, RequestId requestID, String clientKeyID, String keyID, String reason) { String auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_SYMKEY_GEN_REQUEST_PROCESSED, subjectID, status, requestID.toString(), - clientID, + clientKeyID, keyID != null ? keyID : "None", reason); audit(auditMessage); |