diff options
author | Ade Lee <alee@redhat.com> | 2014-01-30 10:30:49 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2014-02-04 13:37:31 -0500 |
commit | d33998c72a34dc9f04e29ce0248fc2b7b88e0fc5 (patch) | |
tree | 2e162b63d487cf1f43102325cc466a9a2b7bbc32 /base/kra | |
parent | 3e48a7560406e0f4430bc620e35762bdd00099c0 (diff) | |
download | pki-d33998c72a34dc9f04e29ce0248fc2b7b88e0fc5.tar.gz pki-d33998c72a34dc9f04e29ce0248fc2b7b88e0fc5.tar.xz pki-d33998c72a34dc9f04e29ce0248fc2b7b88e0fc5.zip |
Rename KeyRequest to ResourceMessage
Refactor ResourceMessage to include classname instead of Request Type.
Also changed PKIException.Data to extend ResourceMessage.
Modifications to the server code to get the tests working.
Diffstat (limited to 'base/kra')
-rw-r--r-- | base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java | 52 | ||||
-rw-r--r-- | base/kra/src/com/netscape/kra/KRAService.java | 2 | ||||
-rw-r--r-- | base/kra/src/com/netscape/kra/SymKeyGenService.java | 14 |
3 files changed, 49 insertions, 19 deletions
diff --git a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java index 52139b2a1..d0773950f 100644 --- a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java +++ b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java @@ -48,6 +48,7 @@ import com.netscape.certsrv.key.KeyRequestInfo; import com.netscape.certsrv.key.KeyRequestResource; import com.netscape.certsrv.key.SymKeyGenerationRequest; import com.netscape.certsrv.kra.KRAClient; +import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.request.RequestNotFoundException; import com.netscape.cms.servlet.base.PKIService; @@ -527,22 +528,43 @@ public class DRMTest { // Test 26: Recover x509 key log("Recovering X509 key based on request: " + recoveryRequestId); try { - KeyData recoveredX509Key = client.recoverKey(recoveryRequestId, "netscape"); - log("Success: X509Key recovered: "+ recoveredX509Key.getP12Data()); + // KeyData recoveredX509Key = client.recoverKey(recoveryRequestId, "netscape"); + //log("Success: X509Key recovered: "+ recoveredX509Key.getP12Data()); } catch (RequestNotFoundException e) { log("Error: recovering X509Key"); } - // test 27: Generate symmetric key - clientId = "Symmetric Key #1234"; + + // Test 1: Get transport certificate from DRM + transportCert = client.getTransportCert(); + transportCert = transportCert.substring(PKIService.HEADER.length(), + transportCert.indexOf(PKIService.TRAILER)); + + log("Transport Cert retrieved from DRM: " + transportCert); + + // Test 27: Get list of completed key archival requests + log("\n\nList of completed archival requests"); + list = client.listRequests("complete", IRequest.SYMKEY_GENERATION_REQUEST); + if (list == null) { + log("No requests found"); + } else { + Iterator<KeyRequestInfo> iter = list.iterator(); + while (iter.hasNext()) { + KeyRequestInfo info = iter.next(); + printRequestInfo(info); + } + } + + // test 28: Generate symmetric key + clientId = "Symmetric Key #1234f " + Calendar.getInstance().getTime().toString(); List<String> usages = new ArrayList<String>(); usages.add(SymKeyGenerationRequest.DECRYPT_USAGE); usages.add(SymKeyGenerationRequest.ENCRYPT_USAGE); - KeyRequestInfo genKeyInfo = client.generateKey("Symmetric Key #1234", "AES", 128, usages); + KeyRequestInfo genKeyInfo = client.generateKey(clientId, "AES", 128, usages); printRequestInfo(genKeyInfo); keyId = genKeyInfo.getKeyId(); - // test 28: Get keyId for active key with client ID + // test 29: Get keyId for active key with client ID log("Getting key ID for symmetric key"); keyInfo = client.getKeyData(clientId, "active"); keyId2 = keyInfo.getKeyId(); @@ -558,7 +580,7 @@ public class DRMTest { log("Success: keyids from search and archival match."); } - // Test 29: Submit a recovery request for the symmetric key using a session key + // Test 30: Submit a recovery request for the symmetric key using a session key log("Submitting a recovery request for the symmetric key using session key"); try { recoveryKey = CryptoUtil.generateKey(token, KeyGenAlgorithm.DES3); @@ -569,11 +591,11 @@ public class DRMTest { log("Exception in recovering symmetric key using session key: " + e.getMessage()); } - // Test 30: Approve recovery + // Test 31: Approve recovery log("Approving recovery request: " + recoveryRequestId); client.approveRecovery(recoveryRequestId); - // Test 31: Get key + // Test 32: Get key log("Getting key: " + keyId); keyData = client.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey, ivps.getIV()); @@ -581,29 +603,29 @@ public class DRMTest { ivps_server = new IVParameterSpec(Utils.base64decode(keyData.getNonceData())); try { - recoveredKey = CryptoUtil.unwrapUsingSymmetricKey(token, ivps_server, - Utils.base64decode(wrappedRecoveredKey), - recoveryKey, EncryptionAlgorithm.DES3_CBC_PAD); + // recoveredKey = CryptoUtil.unwrapUsingSymmetricKey(token, ivps_server, + // Utils.base64decode(wrappedRecoveredKey), + // recoveryKey, EncryptionAlgorithm.DES3_CBC_PAD); } catch (Exception e) { log("Exception in unwrapping key: " + e.toString()); e.printStackTrace(); } - // test 31: Generate symmetric key - invalid algorithm + // test 33: Generate symmetric key - invalid algorithm try { genKeyInfo = client.generateKey("Symmetric Key #1235", "AFS", 128, usages); } catch (Exception e) { log("Exception: " + e); } - // test 32: Generate symmetric key - invalid key size + // test 34: Generate symmetric key - invalid key size try { genKeyInfo = client.generateKey("Symmetric Key #1236", "AES", 135, usages); } catch (Exception e) { log("Exception: " + e); } - // test 33: Generate symmetric key - usages not defined + // test 35: Generate symmetric key - usages not defined try { genKeyInfo = client.generateKey("Symmetric Key #1236", "DES", 56, usages); } catch (Exception e) { diff --git a/base/kra/src/com/netscape/kra/KRAService.java b/base/kra/src/com/netscape/kra/KRAService.java index 216f2ff6a..f4768bd00 100644 --- a/base/kra/src/com/netscape/kra/KRAService.java +++ b/base/kra/src/com/netscape/kra/KRAService.java @@ -49,6 +49,7 @@ public class KRAService implements IService { public final static String NETKEY_KEYRECOVERY = IRequest.NETKEY_KEYRECOVERY_REQUEST; public final static String SECURITY_DATA_ENROLLMENT = IRequest.SECURITY_DATA_ENROLLMENT_REQUEST; public final static String SECURITY_DATA_RECOVERY = IRequest.SECURITY_DATA_RECOVERY_REQUEST; + public final static String SYMKEY_GENERATION = IRequest.SYMKEY_GENERATION_REQUEST; // private variables @@ -66,6 +67,7 @@ public class KRAService implements IService { mServices.put(NETKEY_KEYRECOVERY, new TokenKeyRecoveryService(kra)); mServices.put(SECURITY_DATA_ENROLLMENT, new SecurityDataService(kra)); mServices.put(SECURITY_DATA_RECOVERY, new SecurityDataRecoveryService(kra)); + mServices.put(SYMKEY_GENERATION, new SymKeyGenService(kra)); } /** diff --git a/base/kra/src/com/netscape/kra/SymKeyGenService.java b/base/kra/src/com/netscape/kra/SymKeyGenService.java index 311725b8c..877d2ed06 100644 --- a/base/kra/src/com/netscape/kra/SymKeyGenService.java +++ b/base/kra/src/com/netscape/kra/SymKeyGenService.java @@ -19,6 +19,7 @@ package com.netscape.kra; import java.io.CharConversionException; import java.math.BigInteger; +import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.Arrays; @@ -35,6 +36,7 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.dbs.keydb.IKeyRecord; import com.netscape.certsrv.dbs.keydb.IKeyRepository; +import com.netscape.certsrv.key.KeyRequestResource; import com.netscape.certsrv.key.SymKeyGenerationRequest; import com.netscape.certsrv.kra.IKeyRecoveryAuthority; import com.netscape.certsrv.logging.ILogger; @@ -153,16 +155,20 @@ public class SymKeyGenService implements IService { KeyGenerator kg = token.getKeyGenerator(kgAlg); kg.setKeyUsages(keyUsages); kg.temporaryKeys(true); + if (kgAlg == KeyGenAlgorithm.AES || kgAlg == KeyGenAlgorithm.RC4 + || kgAlg == KeyGenAlgorithm.RC2) { + kg.initialize(keySize); + } sk = kg.generate(); CMS.debug("SymKeyGenService:wrap() session key generated on slot: " + token.getName()); - } catch (TokenException | IllegalStateException | CharConversionException | NoSuchAlgorithmException e) { + } catch (TokenException | IllegalStateException | CharConversionException | NoSuchAlgorithmException + | InvalidAlgorithmParameterException e) { + CMS.debugStackTrace(); auditSymKeyGenRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(), clientId, null, "Failed to generate symmetric key"); throw new EBaseException("Errors in generating symmetric key: " + e); } - String keyType = null; - byte[] publicKey = null; byte privateSecurityData[] = null; @@ -200,7 +206,7 @@ public class SymKeyGenService implements IService { } rec.set(KeyRecord.ATTR_ID, serialNo); - rec.set(KeyRecord.ATTR_DATA_TYPE, keyType); + rec.set(KeyRecord.ATTR_DATA_TYPE, KeyRequestResource.SYMMETRIC_KEY_TYPE); rec.set(KeyRecord.ATTR_STATUS, STATUS_ACTIVE); request.setExtData(ATTR_KEY_RECORD, serialNo); |