diff options
author | Ade Lee <alee@redhat.com> | 2014-02-21 21:24:39 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2014-02-26 01:18:25 -0500 |
commit | ee472461f594706b40cedb39e55f167a034c13ee (patch) | |
tree | 4b0a800571713e6f6e9ebc88d978d9bab780fb92 /base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java | |
parent | 7add259c1220ca4f6fa55ae64447812fdbf83132 (diff) | |
download | pki-ee472461f594706b40cedb39e55f167a034c13ee.tar.gz pki-ee472461f594706b40cedb39e55f167a034c13ee.tar.xz pki-ee472461f594706b40cedb39e55f167a034c13ee.zip |
Added error checking in python client calls
1) Added error checking in python client calls.
2) Allow symmetric key generation with default params. Fix bug for
when usages is not defined.
3) Fix bug when requesting key recovery - must check if key exists.
4) Extend key gen to allow for providing trans_wrapped_session_key
5) added constants to python client for key status
Diffstat (limited to 'base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java')
-rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java index 308d3daf8..d84bbd013 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java +++ b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java @@ -32,11 +32,13 @@ import org.mozilla.jss.crypto.KeyGenAlgorithm; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.dbs.EDBRecordNotFoundException; import com.netscape.certsrv.dbs.keydb.IKeyRecord; import com.netscape.certsrv.dbs.keydb.IKeyRepository; import com.netscape.certsrv.dbs.keydb.KeyId; import com.netscape.certsrv.key.KeyArchivalRequest; import com.netscape.certsrv.key.KeyData; +import com.netscape.certsrv.key.KeyNotFoundException; import com.netscape.certsrv.key.KeyRecoveryRequest; import com.netscape.certsrv.key.KeyRequestInfo; import com.netscape.certsrv.key.KeyRequestInfoCollection; @@ -142,7 +144,7 @@ public class KeyRequestDAO extends CMSRequestDAO { String keyAlgorithm = data.getKeyAlgorithm(); int keyStrength = data.getKeySize(); - boolean keyExists = doesKeyExist(clientKeyId, "active", uriInfo); + boolean keyExists = doesKeyExist(clientKeyId, "active"); if (keyExists == true) { throw new EBaseException("Can not archive already active existing key!"); @@ -184,6 +186,11 @@ public class KeyRequestDAO extends CMSRequestDAO { IRequest request = queue.newRequest(IRequest.SECURITY_DATA_RECOVERY_REQUEST); KeyId keyId = data.getKeyId(); + try { + repo.readKeyRecord(keyId.toBigInteger()); + } catch (EDBRecordNotFoundException e) { + throw new KeyNotFoundException(keyId); + } Hashtable<String, Object> requestParams; @@ -219,12 +226,13 @@ public class KeyRequestDAO extends CMSRequestDAO { String algName = data.getKeyAlgorithm(); Integer keySize = data.getKeySize(); List<String> usages = data.getUsages(); + String transWrappedSessionKey = data.getTransWrappedSessionKey(); if (StringUtils.isBlank(clientKeyId)) { throw new BadRequestException("Invalid key generation request. Missing client ID"); } - boolean keyExists = doesKeyExist(clientKeyId, "active", uriInfo); + boolean keyExists = doesKeyExist(clientKeyId, "active"); if (keyExists == true) { throw new BadRequestException("Can not archive already active existing key!"); } @@ -261,6 +269,11 @@ public class KeyRequestDAO extends CMSRequestDAO { request.setExtData(IRequest.SYMKEY_GEN_USAGES, StringUtils.join(usages, ",")); request.setExtData(IRequest.SECURITY_DATA_CLIENT_KEY_ID, clientKeyId); + if (transWrappedSessionKey != null) { + request.setExtData(IRequest.SYMKEY_TRANS_WRAPPED_SESSION_KEY, + transWrappedSessionKey); + } + queue.processRequest(request); queue.markAsServiced(request); @@ -331,10 +344,14 @@ public class KeyRequestDAO extends CMSRequestDAO { } //We only care if the key exists or not - private boolean doesKeyExist(String clientKeyId, String keyStatus, UriInfo uriInfo) { - String state = "active"; - String filter = "(&(" + IRequest.SECURITY_DATA_CLIENT_KEY_ID + "=" + clientKeyId + ")" - + "(" + IRequest.SECURITY_DATA_STATUS + "=" + state + "))"; + private boolean doesKeyExist(String clientKeyId, String keyStatus) { + String filter = null; + if (keyStatus == null) { + filter = "(" + IKeyRecord.ATTR_CLIENT_ID + "=" + clientKeyId + ")"; + } else { + filter = "(&(" + IKeyRecord.ATTR_CLIENT_ID + "=" + clientKeyId + ")" + + "(" + IKeyRecord.ATTR_STATUS + "=" + keyStatus + "))"; + } try { Enumeration<IKeyRecord> existingKeys = null; |