diff options
author | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-03-22 21:58:54 +0000 |
---|---|---|
committer | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-03-22 21:58:54 +0000 |
commit | 154f27d2fc07bb7f3b70ea72483952fc442b310a (patch) | |
tree | 03f8cd9b793d1fa136a14545b7ccd48acccf45ee /pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java | |
parent | c089ef29c921947d1828b1932b5543789b4aa135 (diff) | |
download | pki-154f27d2fc07bb7f3b70ea72483952fc442b310a.tar.gz pki-154f27d2fc07bb7f3b70ea72483952fc442b310a.tar.xz pki-154f27d2fc07bb7f3b70ea72483952fc442b310a.zip |
Bugzilla Bug #522343 Add asynchronous key recovery mode
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1027 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java | 108 |
1 files changed, 90 insertions, 18 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java index e88abccbe..7882b815f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java @@ -176,14 +176,33 @@ public class RecoverBySerial extends CMSServlet { try { String localAgents = req.getParameter("localAgents"); + String initAsyncRecovery = req.getParameter("initAsyncRecovery"); // this information is needed within the server for // various signed audit log messages to report ctx = SessionContext.getContext(); - ctx.put(SessionContext.RECOVERY_ID, - req.getParameter("recoveryID")); - byte pkcs12[] = process(form, argSet, header, + /* + When Recovery is first initiated, if it is in asynch mode, + no pkcs#12 password is needed. + The initiating agent uid will be recorded in the recovery + request. + Later, as approving agents submit their approvals, they will + also be listed in the request. + */ + if ((initAsyncRecovery != null) && + initAsyncRecovery.equalsIgnoreCase("ON")) { + process(form, argSet, header, + req.getParameter(IN_SERIALNO), + req.getParameter(IN_CERT), + req, resp, locale[0]); + + int requiredNumber = mService.getNoOfRequiredAgents(); + header.addIntegerValue("noOfRequiredAgents", requiredNumber); + } else { + ctx.put(SessionContext.RECOVERY_ID, + req.getParameter("recoveryID")); + byte pkcs12[] = process(form, argSet, header, req.getParameter(IN_SERIALNO), req.getParameter("localAgents"), req.getParameter(IN_PASSWORD), @@ -193,13 +212,14 @@ public class RecoverBySerial extends CMSServlet { req.getParameter(IN_NICKNAME), req, resp, locale[0]); - if (pkcs12 != null) { + if (pkcs12 != null) { //resp.setStatus(HttpServletResponse.SC_OK); resp.setContentType("application/x-pkcs12"); //resp.setContentLength(pkcs12.length); resp.getOutputStream().write(pkcs12); mRenderResult = false; return; + } } } catch (NumberFormatException e) { header.addStringValue(OUT_ERROR, @@ -228,6 +248,61 @@ public class RecoverBySerial extends CMSServlet { } /** + * Async Key Recovery - request initiation + */ + private void process(CMSTemplate form, CMSTemplateParams argSet, + IArgBlock header, String seq, String cert, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { + + // seq is the key id + if (seq == null) { + header.addStringValue(OUT_ERROR, "sequence number not found"); + return; + } + X509CertImpl x509cert = null; + + if (cert == null) { + header.addStringValue(OUT_ERROR, "certificate not found"); + return; + } else { + try { + x509cert = Cert.mapCert(cert); + } catch (IOException e) { + header.addStringValue(OUT_ERROR, e.toString()); + } + } + if (x509cert == null) { + header.addStringValue(OUT_ERROR, "invalid X.509 certificate"); + return; + } + + SessionContext sContext = SessionContext.getContext(); + + try { + String reqID = mService.initAsyncKeyRecovery( + new BigInteger(seq), x509cert, + (String) sContext.get(SessionContext.USER_ID)); + header.addStringValue(OUT_SERIALNO, req.getParameter(IN_SERIALNO)); + header.addStringValue("requestID", reqID); + } catch (EBaseException e) { + String error = + "Failed to recover key for key id " + + seq + ".\nException: " + e.toString(); + + CMS.getLogger().log(ILogger.EV_SYSTEM, + ILogger.S_KRA, ILogger.LL_FAILURE, error); + try { + ((IKeyRecoveryAuthority) mService).createError(seq, error); + } catch (EBaseException eb) { + CMS.getLogger().log(ILogger.EV_SYSTEM, + ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); + } + } + return; + } + + /** * Recovers a key. The p12 will be protected by the password * provided by the administrator. */ @@ -269,6 +344,12 @@ public class RecoverBySerial extends CMSServlet { try { Credential creds[] = null; + SessionContext sContext = SessionContext.getContext(); + String agent = null; + + if (sContext != null) { + agent = (String) sContext.get(SessionContext.USER_ID); + } if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { if (localAgents == null) { String recoveryID = req.getParameter("recoveryID"); @@ -283,12 +364,6 @@ public class RecoverBySerial extends CMSServlet { header.addStringValue("recoveryID", recoveryID); - SessionContext sContext = SessionContext.getContext(); - String agent = null; - - if (sContext != null) { - agent = (String) sContext.get(SessionContext.USER_ID); - } params.put("agent", agent); // new thread to wait for pk12 @@ -330,7 +405,7 @@ public class RecoverBySerial extends CMSServlet { byte pkcs12[] = mService.doKeyRecovery( new BigInteger(seq), creds, password, x509cert, - delivery, nickname); + delivery, nickname, agent); return pkcs12; } else { @@ -346,12 +421,6 @@ public class RecoverBySerial extends CMSServlet { header.addStringValue("recoveryID", recoveryID); - SessionContext sContext = SessionContext.getContext(); - String agent = null; - - if (sContext != null) { - agent = (String) sContext.get(SessionContext.USER_ID); - } params.put("agent", agent); // new thread to wait for pk12 @@ -423,11 +492,14 @@ public class RecoverBySerial extends CMSServlet { return; } + SessionContext sContext = SessionContext.getContext(); + try { byte pkcs12[] = mService.doKeyRecovery( new BigInteger(theSeq), creds, thePassword, theCert, - theDelivery, theNickname); + theDelivery, theNickname, + (String) sContext.get(SessionContext.USER_ID)); ((IKeyRecoveryAuthority) mService).createPk12(theRecoveryID, pkcs12); } catch (EBaseException e) { |