diff options
author | Christina Fu <cfu@redhat.com> | 2014-01-23 15:26:13 -0800 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2014-01-23 15:26:13 -0800 |
commit | 352040246bbd96bc59a2e2b9156c65837a6c02b7 (patch) | |
tree | cb9a267bbcbe20209da619c87420f14aa5b7864d /base/kra | |
parent | b3d5206cd5c06f3c32994698c37b5f52a23f3aa7 (diff) | |
download | pki-352040246bbd96bc59a2e2b9156c65837a6c02b7.tar.gz pki-352040246bbd96bc59a2e2b9156c65837a6c02b7.tar.xz pki-352040246bbd96bc59a2e2b9156c65837a6c02b7.zip |
External Registration feature merge (excluding TPS portion due to current TPS-rewrite effort):
http://pki.fedoraproject.org/wiki/TPS_-_New_Recovery_Option:_External_Registration_DS
Diffstat (limited to 'base/kra')
-rw-r--r-- | base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java b/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java index 51059c220..b59a8b942 100644 --- a/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java +++ b/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java @@ -38,6 +38,7 @@ import org.mozilla.jss.crypto.IVParameterSpec; import org.mozilla.jss.crypto.KeyWrapAlgorithm; import org.mozilla.jss.crypto.KeyWrapper; import org.mozilla.jss.crypto.PrivateKey; +import org.mozilla.jss.crypto.PrivateKey.Type; import org.mozilla.jss.crypto.SymmetricKey; import org.mozilla.jss.pkcs11.PK11SymKey; import org.mozilla.jss.util.Base64OutputStream; @@ -421,6 +422,7 @@ public class TokenKeyRecoveryService implements IService { } } + Type keyType = PrivateKey.RSA; byte wrapped[]; if (allowEncDecrypt_recovery == true) { // Unwrap the archived private key @@ -478,6 +480,20 @@ public class TokenKeyRecoveryService implements IService { wrapped = cipher.doFinal(privateKeyData); } else { //allowEncDecrypt_recovery == false PrivateKey privKey = recoverKey(params, keyRecord, allowEncDecrypt_recovery); + if (privKey == null) { + request.setExtData(IRequest.RESULT, Integer.valueOf(4)); + CMS.debug("TokenKeyRecoveryService: failed getting private key"); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRecoveryID, + agentId); + + audit(auditMessage); + return false; + } + KeyWrapper wrapper = token.getKeyWrapper( KeyWrapAlgorithm.DES3_CBC_PAD); @@ -511,7 +527,15 @@ public class TokenKeyRecoveryService implements IService { } //convert and put in the public key - String PubKey = com.netscape.cmsutil.util.Utils.SpecialEncode(pubData); + String PubKey = ""; + if (keyType == PrivateKey.EC) { + /* url encode */ + PubKey = com.netscape.cmsutil.util.Utils.SpecialEncode(pubData); + CMS.debug("TokenKeyRecoveryService: EC PubKey special encoded"); + } else { + PubKey = base64Encode(pubData); + CMS.debug("TokenKeyRecoveryService: RSA PubKey base64 encoded"); + } auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST, |