diff options
author | Ade Lee <alee@redhat.com> | 2011-12-08 21:15:59 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2011-12-08 21:15:59 -0500 |
commit | 171aaece4f23709d33d180cf36eb3af5e454b0c9 (patch) | |
tree | 1485f9f0a7bd10de4ff25030db575dbb8dafae74 /pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java | |
parent | adad2fcee8a29fdb82376fbce07dedb11fccc182 (diff) | |
download | pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.gz pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.xz pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.zip |
Revert "Formatting"
This reverts commit 32150d3ee32f8ac27118af7c792794b538c78a2f.
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java | 203 |
1 files changed, 110 insertions, 93 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java index 0c67eaf14..fa454bd6e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java @@ -39,14 +39,16 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; + /** - * TokenKeyRecoveryServlet handles "key recovery service" requests from the + * TokenKeyRecoveryServlet + * handles "key recovery service" requests from the * netkey TPS - * + * * @author Christina Fu (cfu) * @version $Revision$, $Date$ */ -// XXX add auditing later +//XXX add auditing later public class TokenKeyRecoveryServlet extends CMSServlet { /** @@ -63,7 +65,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { /** * Constructs TokenKeyRecovery servlet. - * + * */ public TokenKeyRecoveryServlet() { super(); @@ -75,26 +77,27 @@ public class TokenKeyRecoveryServlet extends CMSServlet { String authority = config.getInitParameter(PROP_AUTHORITY); if (authority != null) - mAuthority = (IAuthority) CMS.getSubsystem(authority); - + mAuthority = (IAuthority) + CMS.getSubsystem(authority); + mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } - /** + /** * Process the HTTP request. - * + * * @param s The URL to decode */ - protected String URLdecode(String s) { + protected String URLdecode(String s) { if (s == null) return null; ByteArrayOutputStream out = new ByteArrayOutputStream(s.length()); @@ -114,30 +117,39 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } } // end for return out.toString(); - } + } /* - * processTokenKeyRecovery handles netkey key recovery requests input params - * are: CUID - the CUID of the old token where the keys/certs were initially - * for userid - the userid that belongs to both the old token and the new - * token drm_trans_desKey - the des key generated for the NEW token wrapped - * with DRM transport key cert - the user cert corresponding to the key to - * be recovered - * - * operations: 1. unwrap des key with transport key, then url decode it 2. - * retrieve user private key 3. wrap user priv key with des key 4. send the - * following to RA: * des key wrapped(user priv key) (note: RA should have - * kek-wrapped des key from TKS) * recovery blob (used for recovery) - * - * output params are: status=value0 publicKey=value1 - * desKey-wrapped-userPrivateKey=value2 + * processTokenKeyRecovery + * handles netkey key recovery requests + * input params are: + * CUID - the CUID of the old token where the keys/certs were initially for + * userid - the userid that belongs to both the old token and the new token + * drm_trans_desKey - the des key generated for the NEW token + * wrapped with DRM transport key + * cert - the user cert corresponding to the key to be recovered + * + * operations: + * 1. unwrap des key with transport key, then url decode it + * 2. retrieve user private key + * 3. wrap user priv key with des key + * 4. send the following to RA: + * * des key wrapped(user priv key) + * (note: RA should have kek-wrapped des key from TKS) + * * recovery blob (used for recovery) + * + * output params are: + * status=value0 + * publicKey=value1 + * desKey-wrapped-userPrivateKey=value2 */ private void processTokenKeyRecovery(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { + HttpServletResponse resp) throws EBaseException + { IRequestQueue queue = mAuthority.getRequestQueue(); IRequest thisreq = null; - - // IConfigStore sconfig = CMS.getConfigStore(); + + // IConfigStore sconfig = CMS.getConfigStore(); boolean missingParam = false; String status = "0"; @@ -146,7 +158,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { String rCUID = req.getParameter("CUID"); String rUserid = req.getParameter("userid"); String rdesKeyString = req.getParameter("drm_trans_desKey"); - String rCert = req.getParameter("cert"); + String rCert = req.getParameter("cert"); if ((rCUID == null) || (rCUID.equals(""))) { CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: CUID"); @@ -158,7 +170,8 @@ public class TokenKeyRecoveryServlet extends CMSServlet { missingParam = true; } - if ((rdesKeyString == null) || (rdesKeyString.equals(""))) { + if ((rdesKeyString == null) || + (rdesKeyString.equals(""))) { CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: DRM-transportKey-wrapped des key"); missingParam = true; } @@ -173,26 +186,24 @@ public class TokenKeyRecoveryServlet extends CMSServlet { if (!missingParam) { thisreq = queue.newRequest(IRequest.NETKEY_KEYRECOVERY_REQUEST); - thisreq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_NETKEY_RA); + thisreq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_NETKEY_RA); thisreq.setExtData(IRequest.NETKEY_ATTR_CUID, rCUID); thisreq.setExtData(IRequest.NETKEY_ATTR_USERID, rUserid); - thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, - rdesKeyString); + thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString); thisreq.setExtData(IRequest.NETKEY_ATTR_USER_CERT, rCert); - // XXX auto process for netkey - queue.processRequest(thisreq); - // IService svc = (IService) new TokenKeyRecoveryService(kra); - // svc.serviceRequest(thisreq); + //XXX auto process for netkey + queue.processRequest( thisreq ); + // IService svc = (IService) new TokenKeyRecoveryService(kra); + // svc.serviceRequest(thisreq); Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); if (result != null) { - // sighs! tps thinks 0 is good, and drm thinks 1 is good - if (result.intValue() == 1) - status = "0"; - else - status = result.toString(); + // sighs! tps thinks 0 is good, and drm thinks 1 is good + if (result.intValue() == 1) + status ="0"; + else + status = result.toString(); } else status = "7"; @@ -207,25 +218,25 @@ public class TokenKeyRecoveryServlet extends CMSServlet { String wrappedPrivKeyString = ""; String publicKeyString = ""; String ivString = ""; - /* - * if is RECOVERY_PROTOTYPE String recoveryBlobString = ""; - * - * IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord"); byte - * publicKey_b[] = kr.getPublicKeyData(); - * - * BigInteger serialNo = kr.getSerialNumber(); - * - * String serialNumberString = - * com.netscape.cmsutil.util.Utils.SpecialEncode - * (serialNo.toByteArray()); - * - * recoveryBlobString = (String) thisreq.get("recoveryBlob"); - */ - - if (thisreq == null) { - CMS.debug("TokenKeyRecoveryServlet::processTokenKeyRecovery() - " - + "thisreq is null!"); - throw new EBaseException("thisreq is null"); + /* if is RECOVERY_PROTOTYPE + String recoveryBlobString = ""; + + IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord"); + byte publicKey_b[] = kr.getPublicKeyData(); + + BigInteger serialNo = kr.getSerialNumber(); + + String serialNumberString = + com.netscape.cmsutil.util.Utils.SpecialEncode(serialNo.toByteArray()); + + recoveryBlobString = (String) + thisreq.get("recoveryBlob"); + */ + + if( thisreq == null ) { + CMS.debug( "TokenKeyRecoveryServlet::processTokenKeyRecovery() - " + + "thisreq is null!" ); + throw new EBaseException( "thisreq is null" ); } publicKeyString = thisreq.getExtDataInString("public_key"); @@ -233,10 +244,11 @@ public class TokenKeyRecoveryServlet extends CMSServlet { ivString = thisreq.getExtDataInString("iv_s"); /* - * if (selectedToken == null) status = "4"; - */ - if (!status.equals("0")) - value = "status=" + status; + if (selectedToken == null) + status = "4"; + */ + if (!status.equals("0")) + value = "status="+status; else { StringBuffer sb = new StringBuffer(); sb.append("status=0&"); @@ -247,14 +259,13 @@ public class TokenKeyRecoveryServlet extends CMSServlet { sb.append("&iv_param="); sb.append(ivString); value = sb.toString(); - + } - CMS.debug("ProcessTokenKeyRecovery:outputString.encode " + value); + CMS.debug("ProcessTokenKeyRecovery:outputString.encode " +value); - try { + try{ resp.setContentLength(value.length()); - CMS.debug("TokenKeyRecoveryServlet:outputString.length " - + value.length()); + CMS.debug("TokenKeyRecoveryServlet:outputString.length " +value.length()); OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -264,13 +275,19 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } } - /* - * For TokenKeyRecovery - * - * input: CUID=value0 trans-wrapped-desKey=value1 - * - * output: status=value0 publicKey=value1 - * desKey-wrapped-userPrivateKey=value2 proofOfArchival=value3 + + /* + * For TokenKeyRecovery + * + * input: + * CUID=value0 + * trans-wrapped-desKey=value1 + * + * output: + * status=value0 + * publicKey=value1 + * desKey-wrapped-userPrivateKey=value2 + * proofOfArchival=value3 */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -281,14 +298,14 @@ public class TokenKeyRecoveryServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "submit"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "submit"); } catch (Exception e) { } if (authzToken == null) { - try { + try{ resp.setContentType("text/html"); String value = "unauthorized="; CMS.debug("TokenKeyRecoveryServlet: Unauthorized"); @@ -298,7 +315,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { ooss.write(value.getBytes()); ooss.flush(); mRenderResult = false; - } catch (Exception e) { + }catch (Exception e) { CMS.debug("TokenKeyRecoveryServlet: " + e.toString()); } @@ -307,28 +324,28 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } // begin Netkey serverSideKeyGen and archival - CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called"); - processTokenKeyRecovery(req, resp); - return; + CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called"); + processTokenKeyRecovery(req, resp); + return; // end Netkey functions } - /** - * XXX remember to check peer SSL cert and get RA id later - * + /** XXX remember to check peer SSL cert and get RA id later + * * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - super.service(req, resp); + super.service(req, resp); + } } |