summaryrefslogtreecommitdiffstats
path: root/base/server/cms/src
diff options
context:
space:
mode:
authorChristina Fu <cfu@redhat.com>2014-04-04 16:25:37 -0700
committerChristina Fu <cfu@redhat.com>2014-04-09 16:47:46 -0700
commita6e67c277f8e7e75bc59659536abfe7797b8f8dc (patch)
tree2b7c05cda10d90bd11baeb4ecbfaddf7df84ad52 /base/server/cms/src
parent9738598e37effc5f68e8f2d211a6273b8846a6fc (diff)
trac ticket #888 part2 CA/KRA functions - TPS rewrite: provide remote authority functions
Diffstat (limited to 'base/server/cms/src')
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java25
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java15
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java30
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java24
-rw-r--r--base/server/cms/src/org/dogtagpki/server/connector/IRemoteRequest.java52
5 files changed, 100 insertions, 46 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java b/base/server/cms/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
index 63806e659..39eb976a1 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
@@ -63,6 +63,8 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
+import org.dogtagpki.server.connector.IRemoteRequest;
+
/**
* Revoke a Certificate
*
@@ -184,24 +186,24 @@ public class DoRevokeTPS extends CMSServlet {
CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
try {
- if (req.getParameter("revocationReason") != null) {
+ if (req.getParameter(IRemoteRequest.CA_REVOCATION_REASON) != null) {
reason = Integer.parseInt(req.getParameter(
- "revocationReason"));
+ IRemoteRequest.CA_REVOCATION_REASON));
}
- if (req.getParameter("totalRecordCount") != null) {
+ if (req.getParameter(IRemoteRequest.CA_REVOKE_COUNT) != null) {
totalRecordCount = Integer.parseInt(req.getParameter(
- "totalRecordCount"));
+ IRemoteRequest.CA_REVOKE_COUNT));
}
- if (req.getParameter("invalidityDate") != null) {
+ if (req.getParameter(IRemoteRequest.CA_REVOKE_INVALID_DATE) != null) {
long l = Long.parseLong(req.getParameter(
- "invalidityDate"));
+ IRemoteRequest.CA_REVOKE_INVALID_DATE));
if (l > 0) {
invalidityDate = new Date(l);
}
}
- revokeAll = req.getParameter("revokeAll");
- String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS);
+ revokeAll = req.getParameter(IRemoteRequest.CA_REVOKE_ALL);
+ String comments = req.getParameter(IRemoteRequest.CA_REVOKE_REQUESTER_COMMENTS);
//for audit log.
String initiative = null;
@@ -261,9 +263,9 @@ public class DoRevokeTPS extends CMSServlet {
errorString = "error=" + error.toString();
}
- String pp = o_status + "\n" + errorString;
+ String pp = o_status + "&" + errorString;
byte[] b = pp.getBytes();
- resp.setContentType("text/html");
+ resp.setContentType("application/x-www-form-urlencoded");
resp.setContentLength(b.length);
OutputStream os = resp.getOutputStream();
os.write(b);
@@ -858,7 +860,8 @@ public class DoRevokeTPS extends CMSServlet {
String requesterID = null;
// Obtain the requesterID
- requesterID = req.getParameter("requestId");
+ //TODO: should use tps subsystem user id
+ requesterID = req.getParameter(IRemoteRequest.CA_REVOKE_REQUESTER_ID);
if (requesterID != null) {
requesterID = requesterID.trim();
diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java b/base/server/cms/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java
index 0437a2e0e..39ccb4932 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java
@@ -53,6 +53,8 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
+import org.dogtagpki.server.connector.IRemoteRequest;
+
/**
* 'Unrevoke' a certificate. (For certificates that are on-hold only,
* take them off-hold)
@@ -169,9 +171,9 @@ public class DoUnrevokeTPS extends CMSServlet {
cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
o_status = "status=3";
errorString = "error=unauthorized";
- String pp = o_status + "\n" + errorString;
+ String pp = o_status + "&" + errorString;
byte[] b = pp.getBytes();
- resp.setContentType("text/html");
+ resp.setContentType("application/x-www-form-urlencoded");
resp.setContentLength(b.length);
OutputStream os = resp.getOutputStream();
os.write(b);
@@ -197,9 +199,9 @@ public class DoUnrevokeTPS extends CMSServlet {
errorString = "error=" + error.toString();
}
- String pp = o_status + "\n" + errorString;
+ String pp = o_status + "&" + errorString;
byte[] b = pp.getBytes();
- resp.setContentType("text/html");
+ resp.setContentType("application/x-www-form-urlencoded");
resp.setContentLength(b.length);
OutputStream os = resp.getOutputStream();
os.write(b);
@@ -516,7 +518,7 @@ public class DoUnrevokeTPS extends CMSServlet {
private BigInteger[] getSerialNumbers(HttpServletRequest req)
throws NumberFormatException {
- String serialNumString = req.getParameter("serialNumber");
+ String serialNumString = req.getParameter(IRemoteRequest.CA_UNREVOKE_SERIAL);
StringTokenizer snList = new StringTokenizer(serialNumString, " ");
Vector<BigInteger> biList = new Vector<BigInteger>();
@@ -569,7 +571,8 @@ public class DoUnrevokeTPS extends CMSServlet {
String requesterID = null;
// Obtain the requesterID
- requesterID = req.getParameter("requestId");
+ // TODO: should use tps subsystem user id
+ requesterID = req.getParameter(IRemoteRequest.CA_REVOKE_REQUESTER_ID);
if (requesterID != null) {
requesterID = requesterID.trim();
diff --git a/base/server/cms/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java b/base/server/cms/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
index 3d0ad4c62..83f159a83 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
@@ -41,6 +41,8 @@ import com.netscape.certsrv.request.IRequestQueue;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
+import org.dogtagpki.server.connector.IRemoteRequest;
+
/**
* GenerateKeyPairServlet
* handles "server-side key pair generation" requests from the
@@ -134,13 +136,13 @@ public class GenerateKeyPairServlet extends CMSServlet {
CMS.debug("processServerSideKeyGen begins:");
- String rCUID = req.getParameter("CUID");
- String rUserid = req.getParameter("userid");
- String rdesKeyString = req.getParameter("drm_trans_desKey");
- String rArchive = req.getParameter("archive");
- String rKeysize = req.getParameter("keysize");
- String rKeytype = req.getParameter("keytype");
- String rKeycurve = req.getParameter("eckeycurve");
+ String rCUID = req.getParameter(IRemoteRequest.TOKEN_CUID);
+ String rUserid = req.getParameter(IRemoteRequest.KRA_UserId);
+ String rdesKeyString = req.getParameter(IRemoteRequest.KRA_Trans_DesKey);
+ String rArchive = req.getParameter(IRemoteRequest.KRA_KEYGEN_Archive);
+ String rKeysize = req.getParameter(IRemoteRequest.KRA_KEYGEN_KeySize);
+ String rKeytype = req.getParameter(IRemoteRequest.KRA_KEYGEN_KeyType);
+ String rKeycurve = req.getParameter(IRemoteRequest.KRA_KEYGEN_EC_KeyCurve);
if ((rCUID == null) || (rCUID.equals(""))) {
CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: CUID");
@@ -215,7 +217,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
String value = "";
- resp.setContentType("text/html");
+ resp.setContentType("application/x-www-form-urlencoded");
String wrappedPrivKeyString = "";
String publicKeyString = "";
@@ -236,15 +238,15 @@ public class GenerateKeyPairServlet extends CMSServlet {
status = "4";
*/
if (!status.equals("0"))
- value = "status=" + status;
+ value = IRemoteRequest.RESPONSE_STATUS +"=" + status;
else {
StringBuffer sb = new StringBuffer();
- sb.append("status=0&");
- sb.append("wrapped_priv_key=");
+ sb.append(IRemoteRequest.RESPONSE_STATUS +"=0&");
+ sb.append(IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey+ "=");
sb.append(wrappedPrivKeyString);
- sb.append("&iv_param=");
+ sb.append("&"+ IRemoteRequest.KRA_RESPONSE_IV_Param+ "=");
sb.append(ivString);
- sb.append("&public_key=");
+ sb.append("&"+ IRemoteRequest.KRA_RESPONSE_PublicKey+ "=");
sb.append(publicKeyString);
value = sb.toString();
@@ -294,7 +296,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
if (authzToken == null) {
try {
- resp.setContentType("text/html");
+ resp.setContentType("application/x-www-form-urlencoded");
String value = "unauthorized=";
CMS.debug("GenerateKeyPairServlet: Unauthorized");
diff --git a/base/server/cms/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java b/base/server/cms/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java
index cd3c22adf..d38bf969d 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java
@@ -39,6 +39,8 @@ import com.netscape.certsrv.request.IRequestQueue;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
+import org.dogtagpki.server.connector.IRemoteRequest;
+
/**
* TokenKeyRecoveryServlet
* handles "key recovery service" requests from the
@@ -154,11 +156,11 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
CMS.debug("processTokenKeyRecovery begins:");
- String rCUID = req.getParameter("CUID");
- String rUserid = req.getParameter("userid");
- String rKeyid = req.getParameter("keyid");
- String rdesKeyString = req.getParameter("drm_trans_desKey");
- String rCert = req.getParameter("cert");
+ String rCUID = req.getParameter(IRemoteRequest.TOKEN_CUID);
+ String rUserid = req.getParameter(IRemoteRequest.KRA_UserId);
+ String rKeyid = req.getParameter(IRemoteRequest.KRA_RECOVERY_KEYID);
+ String rdesKeyString = req.getParameter(IRemoteRequest.KRA_Trans_DesKey);
+ String rCert = req.getParameter(IRemoteRequest.KRA_RECOVERY_CERT);
if ((rCUID == null) || (rCUID.equals(""))) {
CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: CUID");
@@ -218,7 +220,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
String value = "";
- resp.setContentType("text/html");
+ resp.setContentType("application/x-www-form-urlencoded");
String wrappedPrivKeyString = "";
String publicKeyString = "";
@@ -256,12 +258,12 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
value = "status=" + status;
else {
StringBuffer sb = new StringBuffer();
- sb.append("status=0&");
- sb.append("wrapped_priv_key=");
+ sb.append(IRemoteRequest.RESPONSE_STATUS +"=0&");
+ sb.append(IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey +"=");
sb.append(wrappedPrivKeyString);
- sb.append("&public_key=");
+ sb.append("&"+ IRemoteRequest.KRA_RESPONSE_PublicKey +"=");
sb.append(publicKeyString);
- sb.append("&iv_param=");
+ sb.append("&"+ IRemoteRequest.KRA_RESPONSE_IV_Param +"=");
sb.append(ivString);
value = sb.toString();
@@ -310,7 +312,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
if (authzToken == null) {
try {
- resp.setContentType("text/html");
+ resp.setContentType("application/x-www-form-urlencoded");
String value = "unauthorized=";
CMS.debug("TokenKeyRecoveryServlet: Unauthorized");
diff --git a/base/server/cms/src/org/dogtagpki/server/connector/IRemoteRequest.java b/base/server/cms/src/org/dogtagpki/server/connector/IRemoteRequest.java
index 7697b5627..d6978e0cf 100644
--- a/base/server/cms/src/org/dogtagpki/server/connector/IRemoteRequest.java
+++ b/base/server/cms/src/org/dogtagpki/server/connector/IRemoteRequest.java
@@ -25,9 +25,16 @@ package org.dogtagpki.server.connector;
* @author cfu
*/
public interface IRemoteRequest {
+// public static final String TOKEN_CUID = "CUID";
+ public static final String TOKEN_CUID = "tokencuid";
+ public static final String GET_XML = "xml";
+ public static final int RESPONSE_STATUS_NOT_FOUND = -1;
+ public static final String RESPONSE_STATUS = "status";
+ public static final String RESPONSE_ERROR_STRING = "error";
+ public static final String RESPONSE_STATUS_XML = "Status";
+ // TKS request params
public static final String SERVER_SIDE_KEYGEN = "serversideKeygen";
- public static final String TOKEN_CUID = "CUID";
public static final String TOKEN_CARD_CHALLENGE = "card_challenge";
public static final String TOKEN_HOST_CHALLENGE = "host_challenge";
public static final String TOKEN_KEYINFO = "KeyInfo";
@@ -37,9 +44,7 @@ public interface IRemoteRequest {
public static final String TOKEN_NEW_KEYINFO = "newKeyInfo";
public static final String TOKEN_DATA = "data";
- public static final int RESPONSE_STATUS_NOT_FOUND = -1;
- public static final String RESPONSE_STATUS = "status";
-
+ // TKS response params
/* computeSessionKey responses */
public static final String TKS_RESPONSE_SessionKey = "sessionKey";
public static final String TKS_RESPONSE_EncSessionKey = "encSessionKey";
@@ -57,4 +62,43 @@ public interface IRemoteRequest {
/* computeRandomData response */
public static final String TKS_RESPONSE_RandomData = "randomData";
+ // CA request params
+ public static final String CA_ProfileId = "profileId";
+ public static final String CA_ENROLL_screenname = "screenname";
+ public static final String CA_ENROLL_publickey = "publickey";
+ public static final String CA_RenewedCertificate = "renewedCertificate";
+ public static final String CA_RENEWAL_SerialNum = "serial_num";
+ public static final String CA_RENEWAL= "renewal";
+
+ public static final String CA_REVOKE = "revoke";
+ public static final String CA_REVOCATION_REASON = "revocationReason";
+ public static final String CA_REVOKE_ALL = "revokeAll";
+ public static final String CA_REVOKE_SERIAL = "certRecordId";
+ public static final String CA_REVOKE_COUNT = "totalRecordCount";
+ public static final String CA_REVOKE_INVALID_DATE = "invalidityDate";
+ public static final String CA_REVOKE_REQUESTER_COMMENTS = "revRequesterComments";
+ public static final String CA_REVOKE_REQUESTER_ID = "revRequesterID";
+ public static final String CA_UNREVOKE_SERIAL = "serialNumber";
+
+ // CA response params
+ public static final String CA_OP = "op";
+ public static final String CA_RESPONSE_RenewedCertificate_x509 = "X509Certificate";
+ public static final String CA_RESPONSE_RenewedCertificate_b64 = "b64";
+ public static final String CA_RESPONSE_RenewedCertificate_SubjectDN = "SubjectDN";
+ public static final String CA_RESPONSE_RenewedCertificate_serial = "serialno";
+
+ // KRA request params
+ public static final String KRA_UserId = "userid";
+ public static final String KRA_Trans_DesKey = "drm_trans_desKey";
+ public static final String KRA_KEYGEN_Archive = "archive";
+ public static final String KRA_KEYGEN_KeyType = "keytype";
+ public static final String KRA_KEYGEN_EC_KeyCurve = "eckeycurve";
+ public static final String KRA_KEYGEN_KeySize = "keysize";
+ public static final String KRA_RECOVERY_CERT = "cert";
+ public static final String KRA_RECOVERY_KEYID = "keyid";
+
+ // KRA response params
+ public static final String KRA_RESPONSE_PublicKey = "public_key";
+ public static final String KRA_RESPONSE_Wrapped_PrivKey = "wrapped_priv_key";
+ public static final String KRA_RESPONSE_IV_Param = "iv_param";
}
generated by cgit (git 2.34.1) at 2026-03-16 16:41:25 +0000