KRA changes for archiving and recovering symmetric keys and passphrases.

Ticket #66 and #68.

Add ability to archive and recover symmetric keys and passphrases using rest interface.
Enhanced test client to test out new functionality.
Provided support to return recovered data either wrapped by symmetric key or wrapped in PBE password based encryption blob.

DRM symmetric key support cleanup changes.

Consists of suggested cleanup measures based on review comments.

4 files changed, 147 insertions, 2 deletions

diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java
index 010661d8b..7da212469 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java
@@ -40,6 +40,10 @@ public interface IKeyRecord {
     public static final String ATTR_MODIFY_TIME = "keyModifyTime";
     public static final String ATTR_META_INFO = "keyMetaInfo";
     public static final String ATTR_ARCHIVED_BY = "keyArchivedBy";
+    public static final String ATTR_CLIENT_ID = "clientId";
+    public static final String ATTR_DATA_TYPE = "dataType";
+    public static final String ATTR_STATUS = "status";
+
 
     // key state
     public static final String STATUS_ANY = "ANY";
@@ -86,10 +90,35 @@ public interface IKeyRecord {
     public Integer getKeySize() throws EBaseException;
 
     /**
+     * Retrieves client ID.
+     *
+     * @return client id
+     * @exception EBaseException failed to retrieve client id
+     */
+    public String getClientId() throws EBaseException;
+
+    /**
+     * Retrieves key data type.
+     *
+     * @return data type
+     * @exception EBaseException failed to retrieve data type
+     */
+    public String getDataType() throws EBaseException;
+
+    /**
+     * Retrieves key status.
+     *
+     * @return key status
+     * @exception EBaseException failed to retrieve key status
+     */
+    public String getKeyStatus() throws EBaseException;
+
+    /**
      * Retrieves archiver identifier.
      * 
      * @return archiver uid
      */
+
     public String getArchivedBy();
 
     /**
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequest.java b/pki/base/common/src/com/netscape/certsrv/request/IRequest.java
index 19b830898..ec1f43fb3 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequest.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequest.java
@@ -69,8 +69,6 @@ public interface IRequest {
     public static final String CLA_UNCERT4CRL_REQUEST = "uncert4crl";
     public static final String NETKEY_KEYGEN_REQUEST = "netkeyKeygen";
     public static final String NETKEY_KEYRECOVERY_REQUEST = "netkeyKeyRecovery";
-    public static final String SECURITY_DATA_ENROLLMENT_REQUEST = "securityDataEnrollment";
-    public static final String SECURITY_DATA_RECOVERY_REQUEST = "securityDataRecovery";
 
     public static final String REQUESTOR_NAME = "csrRequestorName";
     public static final String REQUESTOR_PHONE = "csrRequestorPhone";
@@ -152,6 +150,18 @@ public interface IRequest {
     public final static String NETKEY_ATTR_USER_CERT = "cert";
     public final static String NETKEY_ATTR_KEY_SIZE = "keysize";
 
+    //Security Data request attributes
+    public static final String SECURITY_DATA_ENROLLMENT_REQUEST = "securityDataEnrollment";
+    public static final String SECURITY_DATA_RECOVERY_REQUEST = "securityDataRecovery";
+    public static final String SECURITY_DATA_CLIENT_ID = "clientID";
+    public static final String SECURITY_DATA_TYPE = "dataType";
+    public static final String SECURITY_DATA_STATUS = "status";
+    public static final String SECURITY_DATA_TRANS_SESS_KEY = "transWrappedSessionKey";
+    public static final String SECURITY_DATA_SESS_PASS_PHRASE = "sessionWrappedPassphrase";
+    public static final String SECURITY_DATA_IV_STRING_IN = "iv_in";
+    public static final String SECURITY_DATA_IV_STRING_OUT = "iv_out";
+
+
     // requestor type values.
     public static final String REQUESTOR_EE = "EE";
     public static final String REQUESTOR_RA = "RA";
diff --git a/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java b/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java
index e318188a6..0a526e582 100644
--- a/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java
+++ b/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java
@@ -20,6 +20,7 @@ package com.netscape.certsrv.security;
 import java.security.PublicKey;
 
 import org.mozilla.jss.crypto.PrivateKey;
+import org.mozilla.jss.crypto.SymmetricKey;
 
 import com.netscape.certsrv.base.EBaseException;
 
@@ -48,6 +49,16 @@ public interface IEncryptionUnit extends IToken {
     public byte[] wrap(PrivateKey priKey) throws EBaseException;
 
     /**
+     * Wraps data. The given key will be wrapped by the
+     * private key in this unit.
+     *
+     * @param symKey symmetric key to be wrapped
+     * @return wrapped data
+     * @exception EBaseException failed to wrap
+     */
+    public byte[] wrap(SymmetricKey symKey) throws EBaseException;
+
+    /**
      * Verifies the given key pair.
      * 
      * @param publicKey public key
@@ -74,6 +85,46 @@ public interface IEncryptionUnit extends IToken {
             throws EBaseException;
 
     /**
+     * Unwraps symmetric key data. This method rebuilds the symmetric key by
+     * unwrapping the private data blob.
+     *
+     * @param wrappedKeyData symmetric key data wrapped up with session key
+     * @return Symmetric key object
+     * @exception EBaseException failed to unwrap
+     */
+
+    public SymmetricKey unwrap(byte wrappedKeyData[])
+            throws EBaseException;
+
+    /**
+     * Unwraps symmetric key . This method
+     * unwraps the symmetric key.
+     *
+     * @param sessionKey session key that unwrap the symmetric key
+     * @param symmAlgOID symmetric algorithm
+     * @param symmAlgParams symmetric algorithm parameters
+     * @param symmetricKey  symmetric key data
+     * @return Symmetric key object
+     * @exception EBaseException failed to unwrap
+     */
+
+    public SymmetricKey unwrap_symmetric(byte sessionKey[], String symmAlgOID,
+            byte symmAlgParams[], byte symmetricKey[])
+            throws EBaseException;
+
+    /**
+     * Unwraps symmetric key . This method
+     * unwraps the symmetric key.
+     *
+     * @param encSymmKey wrapped symmetric key to be unwrapped
+     * @return Symmetric key object
+     * @exception EBaseException failed to unwrap
+     */
+
+    public SymmetricKey unwrap_sym(byte encSymmKey[],
+            SymmetricKey.Usage usage);
+
+    /**
      * Unwraps data. This method rebuilds the private key by
      * unwrapping the private key data.
      * 
diff --git a/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java b/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java
index 0a012e8a6..6e1c7ab4a 100644
--- a/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java
+++ b/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java
@@ -41,16 +41,71 @@ public interface ITransportKeyUnit extends IEncryptionUnit {
      */
     public org.mozilla.jss.crypto.X509Certificate getCertificate();
 
+    /**
+     * Unwraps symmetric key . This method
+     * unwraps the symmetric key.
+     *
+     * @param encSymmKey wrapped symmetric key to be unwrapped
+     * @param usage Key usage for unwrapped key.
+     * @return Symmetric key object
+     * @exception EBaseException failed to unwrap
+     */
+
+    public SymmetricKey unwrap_sym(byte encSymmKey[], SymmetricKey.Usage usage);
+
+    /**
+     * Unwraps symmetric key . This method
+     * unwraps the symmetric key.
+     *
+     * @param encSymmKey wrapped symmetric key to be unwrapped
+     * @return Symmetric key object
+     * @exception EBaseException failed to unwrap
+     */
+
     public SymmetricKey unwrap_sym(byte encSymmKey[]);
 
+    /**
+     * Unwraps symmetric key for encrypton . This method
+     * unwraps the symmetric key.
+     *
+     * @param encSymmKey wrapped symmetric key to be unwrapped
+     * @return Symmetric key object
+     * @exception EBaseException failed to unwrap
+     */
+
     public SymmetricKey unwrap_encrypt_sym(byte encSymmKey[]);
 
+    /**
+     * Unwraps temporary private key . This method
+     * unwraps the temporary private key.
+     *
+     * @param wrappedKeyData wrapped private key to be unwrapped
+     * @param pubKey public key
+     * @return Private key object
+     * @exception EBaseException failed to unwrap
+     */
+
     public PrivateKey unwrap_temp(byte wrappedKeyData[], PublicKey
             pubKey) throws EBaseException;
+    /**
+     * Returns this Unit's crypto token object.
+     * @return CryptoToken object.
+     */
 
     public CryptoToken getToken();
 
+    /**
+     * Returns this Unit's signing algorithm in String format.
+     * @return String of signing algorithm
+     * @throws EBaseException
+     */
+
     public String getSigningAlgorithm() throws EBaseException;
 
+    /**
+     * Sets this Unit's signing algorithm.
+     * @param str String of signing algorithm to set.
+     * @throws EBaseException
+     */
     public void setSigningAlgorithm(String str) throws EBaseException;
 }