Added error checking in python client calls

1) Added error checking in python client calls. 2) Allow symmetric key generation with default params. Fix bug for when usages is not defined. 3) Fix bug when requesting key recovery - must check if key exists. 4) Extend key gen to allow for providing trans_wrapped_session_key 5) added constants to python client for key status
author: Ade Lee <alee@redhat.com> 2014-02-21 21:24:39 -0500
committer: Ade Lee <alee@redhat.com> 2014-02-26 01:18:25 -0500
commit: ee472461f594706b40cedb39e55f167a034c13ee (patch)
tree: 4b0a800571713e6f6e9ebc88d978d9bab780fb92 /base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
parent: 7add259c1220ca4f6fa55ae64447812fdbf83132 (diff)
download: pki-ee472461f594706b40cedb39e55f167a034c13ee.tar.gz
pki-ee472461f594706b40cedb39e55f167a034c13ee.tar.xz
pki-ee472461f594706b40cedb39e55f167a034c13ee.zip
1 files changed, 23 insertions, 6 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
index 308d3daf8..d84bbd013 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
@@ -32,11 +32,13 @@ import org.mozilla.jss.crypto.KeyGenAlgorithm;
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.BadRequestException;
 import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.dbs.EDBRecordNotFoundException;
 import com.netscape.certsrv.dbs.keydb.IKeyRecord;
 import com.netscape.certsrv.dbs.keydb.IKeyRepository;
 import com.netscape.certsrv.dbs.keydb.KeyId;
 import com.netscape.certsrv.key.KeyArchivalRequest;
 import com.netscape.certsrv.key.KeyData;
+import com.netscape.certsrv.key.KeyNotFoundException;
 import com.netscape.certsrv.key.KeyRecoveryRequest;
 import com.netscape.certsrv.key.KeyRequestInfo;
 import com.netscape.certsrv.key.KeyRequestInfoCollection;
@@ -142,7 +144,7 @@ public class KeyRequestDAO extends CMSRequestDAO {
         String keyAlgorithm = data.getKeyAlgorithm();
         int keyStrength = data.getKeySize();
 
-        boolean keyExists = doesKeyExist(clientKeyId, "active", uriInfo);
+        boolean keyExists = doesKeyExist(clientKeyId, "active");
 
         if (keyExists == true) {
             throw new EBaseException("Can not archive already active existing key!");
@@ -184,6 +186,11 @@ public class KeyRequestDAO extends CMSRequestDAO {
         IRequest request = queue.newRequest(IRequest.SECURITY_DATA_RECOVERY_REQUEST);
 
         KeyId keyId = data.getKeyId();
+        try {
+            repo.readKeyRecord(keyId.toBigInteger());
+        } catch (EDBRecordNotFoundException e) {
+            throw new KeyNotFoundException(keyId);
+        }
 
         Hashtable<String, Object> requestParams;
 
@@ -219,12 +226,13 @@ public class KeyRequestDAO extends CMSRequestDAO {
         String algName = data.getKeyAlgorithm();
         Integer keySize = data.getKeySize();
         List<String> usages = data.getUsages();
+        String transWrappedSessionKey = data.getTransWrappedSessionKey();
 
         if (StringUtils.isBlank(clientKeyId)) {
             throw new BadRequestException("Invalid key generation request. Missing client ID");
         }
 
-        boolean keyExists = doesKeyExist(clientKeyId, "active", uriInfo);
+        boolean keyExists = doesKeyExist(clientKeyId, "active");
         if (keyExists == true) {
             throw new BadRequestException("Can not archive already active existing key!");
         }
@@ -261,6 +269,11 @@ public class KeyRequestDAO extends CMSRequestDAO {
         request.setExtData(IRequest.SYMKEY_GEN_USAGES, StringUtils.join(usages, ","));
         request.setExtData(IRequest.SECURITY_DATA_CLIENT_KEY_ID, clientKeyId);
 
+        if (transWrappedSessionKey != null) {
+            request.setExtData(IRequest.SYMKEY_TRANS_WRAPPED_SESSION_KEY,
+                    transWrappedSessionKey);
+        }
+
         queue.processRequest(request);
         queue.markAsServiced(request);
 
@@ -331,10 +344,14 @@ public class KeyRequestDAO extends CMSRequestDAO {
     }
 
     //We only care if the key exists or not
-    private boolean doesKeyExist(String clientKeyId, String keyStatus, UriInfo uriInfo) {
-        String state = "active";
-        String filter = "(&(" + IRequest.SECURITY_DATA_CLIENT_KEY_ID + "=" + clientKeyId + ")"
-                + "(" + IRequest.SECURITY_DATA_STATUS + "=" + state + "))";
+    private boolean doesKeyExist(String clientKeyId, String keyStatus) {
+        String filter = null;
+        if (keyStatus == null) {
+            filter = "(" + IKeyRecord.ATTR_CLIENT_ID + "=" + clientKeyId + ")";
+        } else {
+            filter = "(&(" + IKeyRecord.ATTR_CLIENT_ID + "=" + clientKeyId + ")"
+                     + "(" + IKeyRecord.ATTR_STATUS + "=" + keyStatus + "))";
+        }
         try {
             Enumeration<IKeyRecord> existingKeys = null;
author	Ade Lee <alee@redhat.com>	2014-02-21 21:24:39 -0500
committer	Ade Lee <alee@redhat.com>	2014-02-26 01:18:25 -0500
commit	ee472461f594706b40cedb39e55f167a034c13ee (patch)
tree	4b0a800571713e6f6e9ebc88d978d9bab780fb92 /base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
parent	7add259c1220ca4f6fa55ae64447812fdbf83132 (diff)
download	pki-ee472461f594706b40cedb39e55f167a034c13ee.tar.gz pki-ee472461f594706b40cedb39e55f167a034c13ee.tar.xz pki-ee472461f594706b40cedb39e55f167a034c13ee.zip