diff options
author | Ade Lee <alee@redhat.com> | 2014-06-11 23:50:00 +0800 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2014-06-13 03:04:06 +0800 |
commit | e399ad4a78a8a9b931c643f94190e441e767f22b (patch) | |
tree | d69d8519067b0c8f119cbad04d93869423644db4 /base/server/cms/src/com/netscape/cms/servlet/key | |
parent | 68f401a044c4d1065681a5c988513ef8f590feb8 (diff) | |
download | pki-e399ad4a78a8a9b931c643f94190e441e767f22b.tar.gz pki-e399ad4a78a8a9b931c643f94190e441e767f22b.tar.xz pki-e399ad4a78a8a9b931c643f94190e441e767f22b.zip |
Fix identities for security data storage, retrieval and generation
For the new security data storage and retrieval, and for symmetric
key generation, we need to store the identity of the agent that is
requesting and approving each operation, both in the ldap record
and in the audit logs. (Tickets 806 and 807)
This patch also adds required logic to check that the owner of the
recovery request is the same agent that retrieves the key. It also
adds missing audit log constants for symmmetric key generation so that
they will show up in the audit log.
Diffstat (limited to 'base/server/cms/src/com/netscape/cms/servlet/key')
-rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java index 22d0f48e6..3686ec776 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java +++ b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java @@ -155,7 +155,8 @@ public class KeyRequestDAO extends CMSRequestDAO { * @return info for the request submitted. * @throws EBaseException */ - public KeyRequestResponse submitRequest(KeyArchivalRequest data, UriInfo uriInfo) throws EBaseException { + public KeyRequestResponse submitRequest(KeyArchivalRequest data, UriInfo uriInfo, String owner) + throws EBaseException { String clientKeyId = data.getClientKeyId(); String wrappedSecurityData = data.getWrappedPrivateData(); String transWrappedSessionKey = data.getTransWrappedSessionKey(); @@ -192,6 +193,8 @@ public class KeyRequestDAO extends CMSRequestDAO { request.setExtData(IRequest.SECURITY_DATA_ALGORITHM, keyAlgorithm); } + request.setExtData(IRequest.ATTR_REQUEST_OWNER, owner); + queue.processRequest(request); queue.markAsServiced(request); @@ -206,7 +209,8 @@ public class KeyRequestDAO extends CMSRequestDAO { * @return info on the recovery request created * @throws EBaseException */ - public KeyRequestResponse submitRequest(KeyRecoveryRequest data, UriInfo uriInfo) throws EBaseException { + public KeyRequestResponse submitRequest(KeyRecoveryRequest data, UriInfo uriInfo, String requestor) + throws EBaseException { // set data using request.setExtData(field, data) String wrappedSessionKeyStr = data.getTransWrappedSessionKey(); @@ -246,12 +250,16 @@ public class KeyRequestDAO extends CMSRequestDAO { request.setExtData(ATTR_SERIALNO, keyId.toString()); + request.setExtData(IRequest.ATTR_REQUEST_OWNER, requestor); + request.setExtData(IRequest.ATTR_APPROVE_AGENTS, requestor); + queue.processRequest(request); return createKeyRequestResponse(request, uriInfo); } - public KeyRequestResponse submitRequest(SymKeyGenerationRequest data, UriInfo uriInfo) throws EBaseException { + public KeyRequestResponse submitRequest(SymKeyGenerationRequest data, UriInfo uriInfo, String owner) + throws EBaseException { String clientKeyId = data.getClientKeyId(); String algName = data.getKeyAlgorithm(); Integer keySize = data.getKeySize(); @@ -298,6 +306,7 @@ public class KeyRequestDAO extends CMSRequestDAO { request.setExtData(IRequest.SYMKEY_GEN_USAGES, StringUtils.join(usages, ",")); request.setExtData(IRequest.SECURITY_DATA_CLIENT_KEY_ID, clientKeyId); + request.setExtData(IRequest.ATTR_REQUEST_OWNER, owner); if (transWrappedSessionKey != null) { request.setExtData(IRequest.SYMKEY_TRANS_WRAPPED_SESSION_KEY, |