Added SymKeyGen service

author: Ade Lee <alee@redhat.com> 2014-01-25 23:07:49 -0500
committer: Ade Lee <alee@redhat.com> 2014-02-04 13:36:31 -0500
commit: 1b59b9cb9a9c3cae2eb904305fa6f3899d3dc820 (patch)
tree: ccaab681c52a8c99fd2a627f25b8196299c9e81a /base/server/cms/src/com
parent: 34ecb259d65a979670366a0bf969b21e9ff616b2 (diff)
2 files changed, 81 insertions, 2 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
index 49cd4515d..a67bff754 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
@@ -26,7 +26,11 @@ import javax.ws.rs.Path;
 import javax.ws.rs.core.UriBuilder;
 import javax.ws.rs.core.UriInfo;
 
+import org.apache.commons.lang.StringUtils;
+import org.mozilla.jss.crypto.KeyGenAlgorithm;
+
 import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.BadRequestException;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.keydb.IKeyRecord;
 import com.netscape.certsrv.dbs.keydb.IKeyRepository;
@@ -37,6 +41,7 @@ import com.netscape.certsrv.key.KeyRequestInfo;
 import com.netscape.certsrv.key.KeyRequestInfos;
 import com.netscape.certsrv.key.KeyRequestResource;
 import com.netscape.certsrv.key.KeyResource;
+import com.netscape.certsrv.key.SymKeyGenerationRequest;
 import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
 import com.netscape.certsrv.profile.IEnrollProfile;
 import com.netscape.certsrv.request.CMSRequestInfo;
@@ -198,6 +203,62 @@ public class KeyRequestDAO extends CMSRequestDAO {
         return createKeyRequestInfo(request, uriInfo);
     }
 
+    public KeyRequestInfo submitRequest(SymKeyGenerationRequest data, UriInfo uriInfo) throws EBaseException {
+        String clientId = data.getClientId();
+        String algName = data.getKeyAlgorithm();
+        int size = data.getKeySize();
+        List<String> usages = data.getUsages();
+
+        if (StringUtils.isBlank(clientId) || StringUtils.isBlank(algName) || (size<=0)) {
+            throw new BadRequestException("Invalid key generation request. Missing parameters");
+        }
+
+        boolean keyExists = doesKeyExist(clientId, "active", uriInfo);
+        if (keyExists == true) {
+            throw new BadRequestException("Can not archive already active existing key!");
+        }
+
+        boolean isValid = true;
+        switch(algName) {
+        case "DES":
+            if (! KeyGenAlgorithm.DES.isValidStrength(size)) isValid = false;
+            break;
+        case "DESede":
+            if (! KeyGenAlgorithm.DESede.isValidStrength(size)) isValid = false;
+            break;
+        case "DES3":
+            if (! KeyGenAlgorithm.DES3.isValidStrength(size)) isValid = false;
+            break;
+        case "RC4":
+            if (! KeyGenAlgorithm.RC4.isValidStrength(size)) isValid = false;
+            break;
+        case "AES":
+            if (! KeyGenAlgorithm.AES.isValidStrength(size)) isValid = false;
+            break;
+        case "RC2":
+            if (! KeyGenAlgorithm.RC2.isValidStrength(size)) isValid = false;
+            break;
+        default:
+            throw new BadRequestException("Invalid algorithm");
+        }
+
+        if (!isValid) {
+            throw new BadRequestException("Invalid key size for this algorithm");
+        }
+
+        IRequest request = queue.newRequest(IRequest.SYMKEY_GENERATION_REQUEST);
+
+        request.setExtData(IRequest.SYMKEY_GEN_ALGORITHM, algName);
+        request.setExtData(IRequest.SYMKEY_GEN_SIZE, size);
+        request.setExtData(IRequest.SYMKEY_GEN_USAGES, StringUtils.join(usages, ","));
+        request.setExtData(IRequest.SECURITY_DATA_CLIENT_ID, clientId);
+
+        queue.processRequest(request);
+        queue.markAsServiced(request);
+
+        return createKeyRequestInfo(request, uriInfo);
+    }
+
     public void approveRequest(RequestId id) throws EBaseException {
         IRequest request = queue.findRequest(id);
         request.setRequestStatus(RequestStatus.APPROVED);
diff --git a/base/server/cms/src/com/netscape/cms/servlet/request/KeyRequestService.java b/base/server/cms/src/com/netscape/cms/servlet/request/KeyRequestService.java
index c89265783..a0731d5dc 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/request/KeyRequestService.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/request/KeyRequestService.java
@@ -386,7 +386,25 @@ public class KeyRequestService extends PKIService implements KeyRequestResource
     }
 
     public Response generateSymKey(SymKeyGenerationRequest data) {
-        // TODO Auto-generated method stub
-        return null;
+        if (data == null) {
+            throw new BadRequestException("Invalid key generation request.");
+        }
+
+        KeyRequestDAO dao = new KeyRequestDAO();
+        KeyRequestInfo info;
+        try {
+            info = dao.submitRequest(data, uriInfo);
+            auditArchivalRequestMade(info.getRequestId(), ILogger.SUCCESS, data.getClientId());
+
+            return Response
+                    .created(new URI(info.getRequestURL()))
+                    .entity(info)
+                    .type(MediaType.APPLICATION_XML)
+                    .build();
+        } catch (EBaseException | URISyntaxException e) {
+            e.printStackTrace();
+            auditArchivalRequestMade(null, ILogger.FAILURE, data.getClientId());
+            throw new PKIException(e.toString());
+        }
     }
 }
author	Ade Lee <alee@redhat.com>	2014-01-25 23:07:49 -0500
committer	Ade Lee <alee@redhat.com>	2014-02-04 13:36:31 -0500
commit	1b59b9cb9a9c3cae2eb904305fa6f3899d3dc820 (patch)
tree	ccaab681c52a8c99fd2a627f25b8196299c9e81a /base/server/cms/src/com
parent	34ecb259d65a979670366a0bf969b21e9ff616b2 (diff)