diff options
| author | Ade Lee <alee@redhat.com> | 2014-02-05 10:26:10 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2014-02-10 11:23:08 -0500 |
| commit | b5cfe1746ca36861a0bf8039681f27275b9b9e59 (patch) | |
| tree | d3b0459d11d7cb6484210ea73ed61444be6acc2b /base/server/cms/src/com/netscape/cms | |
| parent | 384766e25d952ba358d03ec22953a9481bb58d4b (diff) | |
| download | pki-b5cfe1746ca36861a0bf8039681f27275b9b9e59.tar.gz pki-b5cfe1746ca36861a0bf8039681f27275b9b9e59.tar.xz pki-b5cfe1746ca36861a0bf8039681f27275b9b9e59.zip | |
Add strength and algorithm to KeyData and KeyInfo classes
Make sure these are updated so that clients can get this information
when accessing a symmetric key. Also allow a default for generation
requests (but not for archival requests).
Diffstat (limited to 'base/server/cms/src/com/netscape/cms')
| -rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java | 25 | ||||
| -rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/key/KeyService.java | 13 |
2 files changed, 29 insertions, 9 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java index 7d45420a4..ac728d593 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java +++ b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java @@ -218,8 +218,8 @@ public class KeyRequestDAO extends CMSRequestDAO { int size = data.getKeySize(); List<String> usages = data.getUsages(); - if (StringUtils.isBlank(clientId) || StringUtils.isBlank(algName) || (size<=0)) { - throw new BadRequestException("Invalid key generation request. Missing parameters"); + if (StringUtils.isBlank(clientId)) { + throw new BadRequestException("Invalid key generation request. Missing clientId"); } boolean keyExists = doesKeyExist(clientId, "active", uriInfo); @@ -227,13 +227,22 @@ public class KeyRequestDAO extends CMSRequestDAO { throw new BadRequestException("Can not archive already active existing key!"); } - KeyGenAlgorithm alg = KeyRequestService.KEYGEN_ALGORITHMS.get(algName); - if (alg == null) { - throw new BadRequestException("Invalid Algorithm"); - } + if (StringUtils.isBlank(algName)) { + if (size != 0) { + throw new BadRequestException( + "Invalid request. Must specify key algorithm if size is specified"); + } + algName = KeyRequestResource.AES_ALGORITHM; + size = 128; + } else { + KeyGenAlgorithm alg = KeyRequestService.KEYGEN_ALGORITHMS.get(algName); + if (alg == null) { + throw new BadRequestException("Invalid Algorithm"); + } - if (!alg.isValidStrength(size)) { - throw new BadRequestException("Invalid key size for this algorithm"); + if (!alg.isValidStrength(size)) { + throw new BadRequestException("Invalid key size for this algorithm"); + } } IRequest request = queue.newRequest(IRequest.SYMKEY_GENERATION_REQUEST); diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/KeyService.java b/base/server/cms/src/com/netscape/cms/servlet/key/KeyService.java index 56e4f3c4d..c91c3157a 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/key/KeyService.java +++ b/base/server/cms/src/com/netscape/cms/servlet/key/KeyService.java @@ -245,6 +245,17 @@ public class KeyService extends PKIService implements KeyResource { keyData.setNonceData(nonceData); } + String algorithm = rec.getAlgorithm(); + Integer keySize = rec.getKeySize(); + + if (algorithm != null) { + keyData.setAlgorithm(algorithm); + } + + if (keySize != null) { + keyData.setStrength(keySize); + } + kra.destroyVolatileRequest(request.getRequestId()); queue.markAsServiced(request); @@ -372,7 +383,7 @@ public class KeyService extends PKIService implements KeyResource { ret.setClientID(rec.getClientId()); ret.setStatus(rec.getKeyStatus()); ret.setAlgorithm(rec.getAlgorithm()); - ret.setSize(rec.getKeySize()); + ret.setStrength(rec.getKeySize()); ret.setOwnerName(rec.getOwnerName()); Path keyPath = KeyResource.class.getAnnotation(Path.class); |