diff options
author | Christina Fu <cfu@redhat.com> | 2015-04-10 11:26:25 -0700 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2015-04-14 16:45:17 -0700 |
commit | 711d3ca66b6702a33839c3a436550464fa49d0d8 (patch) | |
tree | b9c037d045147eead5077e758608b66b84663fd3 /base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java | |
parent | bdd5cc759f5d1642986330a4c29ccfa131ab034f (diff) | |
download | pki-711d3ca66b6702a33839c3a436550464fa49d0d8.tar.gz pki-711d3ca66b6702a33839c3a436550464fa49d0d8.tar.xz pki-711d3ca66b6702a33839c3a436550464fa49d0d8.zip |
Ticket#1028 phase2: TPS rewrite: provide externalReg functionality
This patch is the 2nd phase of the externalReg feature, it makes the
following improvements:
* added feature: recovery by keyid (v.s. by cert)
* fixed some auditing message errors
* added some missing ldapStringAttributes needed for delegation to work
properly
* added missing externalReg required config parameters
* made corrections to some externalReg related parameters to allow
delegation to work properly
* added handle of some error cases
* made sure externalReg enrollment does not go half-way (once fails,
bails out)
tested:
* enrollment of the three default TPS profiles (tokenTypes)
* format of the tokens enrolled with the three default tps profiles
* delegation enrollments
* cuid match check
next phase:
* cert/key retention (allow preserving existing certs/keys on the token)
note:
* some of the activity log and cert status related issues that are not
specifically relating to externalReg will be addressed in other more
relevant tickets.
Diffstat (limited to 'base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java')
-rw-r--r-- | base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java | 60 |
1 files changed, 49 insertions, 11 deletions
diff --git a/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java b/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java index aea41a29c..89304cbc9 100644 --- a/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java +++ b/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java @@ -18,6 +18,7 @@ package org.dogtagpki.server.tps.cms; +import java.math.BigInteger; import java.util.Hashtable; import org.dogtagpki.server.connector.IRemoteRequest; @@ -75,7 +76,7 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler (TPSSubsystem) CMS.getSubsystem(TPSSubsystem.ID); HttpConnector conn = (HttpConnector) subsystem.getConnectionManager().getConnector(connid); - CMS.debug("KRARemoteRequestHandler: serverSideKeyGen(): sending request to CA"); + CMS.debug("KRARemoteRequestHandler: serverSideKeyGen(): sending request to KRA"); HttpResponse resp; String request; if (isECC) { @@ -231,28 +232,65 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler String sDesKey, String b64cert) throws EBaseException { + return recoverKey(cuid, userid, sDesKey, b64cert, BigInteger.valueOf(0)); + } + + public KRARecoverKeyResponse recoverKey( + String cuid, + String userid, + String sDesKey, + String b64cert, + BigInteger keyid) + throws EBaseException { CMS.debug("KRARemoteRequestHandler: recoverKey(): begins."); - if (cuid == null || userid == null || sDesKey == null || b64cert == null) { + if (b64cert == null && keyid == BigInteger.valueOf(0)) { + throw new EBaseException("KRARemoteRequestHandler: recoverKey(): one of b64cert or kid has to be a valid value"); + } + if (cuid == null || userid == null || sDesKey == null) { throw new EBaseException("KRARemoteRequestHandler: recoverKey(): input parameter null."); } TPSSubsystem subsystem = (TPSSubsystem) CMS.getSubsystem(TPSSubsystem.ID); + CMS.debug("KRARemoteRequestHandler: getting conn id: " + connid); HttpConnector conn = (HttpConnector) subsystem.getConnectionManager().getConnector(connid); - CMS.debug("KRARemoteRequestHandler: recoverKey(): sending request to CA"); + if (conn == null) { + CMS.debug("KRARemoteRequestHandler: recoverKey(): conn null"); + throw new EBaseException("KRARemoteRequestHandler: recoverKey(): conn null"); + } + CMS.debug("KRARemoteRequestHandler: recoverKey(): sending request to KRA"); + String sendMsg = null; + if (b64cert != null) { // recover by cert + sendMsg = IRemoteRequest.TOKEN_CUID + "=" + + cuid + + "&" + IRemoteRequest.KRA_UserId + "=" + + userid + + "&" + IRemoteRequest.KRA_RECOVERY_CERT + "=" + + b64cert + + "&" + IRemoteRequest.KRA_Trans_DesKey + "=" + + sDesKey; + } else if (keyid != BigInteger.valueOf(0)){ // recover by keyid ... keyid != BigInteger.valueOf(0) + CMS.debug("KRARemoteRequestHandler: recoverKey(): keyid = " + keyid); + sendMsg = IRemoteRequest.TOKEN_CUID + "=" + + cuid + + "&" + IRemoteRequest.KRA_UserId + "=" + + userid + + "&" + IRemoteRequest.KRA_RECOVERY_KEYID + "=" + + keyid.toString() + + "&" + IRemoteRequest.KRA_Trans_DesKey + "=" + + sDesKey; + } + CMS.debug("KRARemoteRequestHandler: recoverKey(): sendMsg =" + sendMsg); HttpResponse resp = conn.send("TokenKeyRecovery", - "&" + IRemoteRequest.TOKEN_CUID + "=" + - cuid + - "&" + IRemoteRequest.KRA_UserId + "=" + - userid + - "&" + IRemoteRequest.KRA_RECOVERY_CERT + "=" + - b64cert + - "&" + IRemoteRequest.KRA_Trans_DesKey + "=" + - sDesKey); + sendMsg); + if (resp == null) { + throw new EBaseException( + "KRARemoteRequestHandler: recoverKey(): No response object returned from connection."); + } String content = resp.getContent(); |