summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/model/RecoveryRequestData.java18
-rw-r--r--pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java7
-rw-r--r--pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java105
3 files changed, 73 insertions, 57 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/model/RecoveryRequestData.java b/pki/base/common/src/com/netscape/cms/servlet/request/model/RecoveryRequestData.java
index 88533a38d..c84d8f491 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/model/RecoveryRequestData.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/model/RecoveryRequestData.java
@@ -38,7 +38,7 @@ public class RecoveryRequestData {
private static final String KEY_ID = "keyId";
private static final String REQUEST_ID = "requestId";
private static final String TRANS_WRAPPED_SESSION_KEY = "transWrappedSessionKey";
- private static final String TRANS_WRAPPED_PASSPHRASE = "transWrappedPassphrase";
+ private static final String SESSION_WRAPPED_PASSPHRASE = "sessionWrappedPassphrase";
@XmlElement
protected String keyId;
@@ -50,7 +50,7 @@ public class RecoveryRequestData {
protected String transWrappedSessionKey;
@XmlElement
- protected String transWrappedPassphrase;
+ protected String sessionWrappedPassphrase;
public RecoveryRequestData() {
// required for JAXB (defaults)
@@ -60,7 +60,7 @@ public class RecoveryRequestData {
keyId = form.getFirst(KEY_ID);
requestId = form.getFirst(REQUEST_ID);
transWrappedSessionKey = form.getFirst(TRANS_WRAPPED_SESSION_KEY);
- transWrappedPassphrase = form.getFirst(TRANS_WRAPPED_PASSPHRASE);
+ sessionWrappedPassphrase = form.getFirst(SESSION_WRAPPED_PASSPHRASE);
}
/**
@@ -106,17 +106,17 @@ public class RecoveryRequestData {
}
/**
- * @return the transWrappedPassphrase
+ * @return the sessionWrappedPassphrase
*/
- public String getTransWrappedPassphrase() {
- return transWrappedPassphrase;
+ public String getSessionWrappedPassphrase() {
+ return sessionWrappedPassphrase;
}
/**
- * @param transWrappedPassphrase the transWrappedPassphrase to set
+ * @param sessionWrappedPassphrase the sessionWrappedPassphrase to set
*/
- public void setTransWrappedPassphrase(String transWrappedPassphrase) {
- this.transWrappedPassphrase = transWrappedPassphrase;
+ public void setSessionWrappedPassphrase(String sessionWrappedPassphrase) {
+ this.sessionWrappedPassphrase = sessionWrappedPassphrase;
}
}
diff --git a/pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java b/pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java
index 8447faaec..412df39a9 100644
--- a/pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java
+++ b/pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java
@@ -81,7 +81,7 @@ public class DRMRestClient {
RecoveryRequestData data = new RecoveryRequestData();
data.setKeyId(keyId);
if (rpwd != null) {
- data.setTransWrappedPassphrase(com.netscape.osutil.OSUtil.BtoA(rpwd));
+ data.setSessionWrappedPassphrase(com.netscape.osutil.OSUtil.BtoA(rpwd));
}
if (rkey != null) {
data.setTransWrappedSessionKey(com.netscape.osutil.OSUtil.BtoA(rkey));
@@ -102,8 +102,9 @@ public class DRMRestClient {
data.setRequestId(requestId);
if (rkey != null) {
data.setTransWrappedSessionKey(com.netscape.osutil.OSUtil.BtoA(rkey));
- } else {
- data.setTransWrappedPassphrase(com.netscape.osutil.OSUtil.BtoA(rpwd));
+ }
+ if (rpwd != null) {
+ data.setSessionWrappedPassphrase(com.netscape.osutil.OSUtil.BtoA(rpwd));
}
KeyData key = keyClient.retrieveKey(data);
return key;
diff --git a/pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java b/pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java
index f222e5413..bf15381a9 100644
--- a/pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java
+++ b/pki/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java
@@ -226,19 +226,32 @@ public class DRMTest {
log("Getting key: " + keyId);
KeyData keyData = client.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey);
- String recoveredWrappedKey = keyData.getWrappedPrivateData();
- String recoveredKey = unwrap(recoveredWrappedKey, recoveryKey);
+ String wrappedRecoveredKey = keyData.getWrappedPrivateData();
+ String recoveredKey = unwrap(wrappedRecoveredKey, recoveryKey);
if (!recoveredKey.equals(com.netscape.osutil.OSUtil.BtoA(vek.getEncoded()))) {
log("Error: recovered and archived keys do not match!");
}
// Test 9: Submit a recovery request for the symmetric key using a passphrase
- log("Submitting a recovery request for the symmetric key using session key");
+ log("Submitting a recovery request for the symmetric key using a passphrase");
String recoveryPassphrase = "Gimme me keys please";
- byte[] wrappedRecoveryPassphrase = wrapPassphrase(recoveryPassphrase, transportCert);
- KeyRequestInfo info = client.requestRecovery(keyId, wrappedRecoveryPassphrase, null);
- recoveryRequestId = getId(info.getRequestURL());
+ byte[] wrappedRecoveryPassphrase = null;
+ KeyRequestInfo info = null;
+ byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
+ IVParameterSpec IV = null;
+ IV = new IVParameterSpec(iv);
+
+ try {
+ recoveryKey = kg1.generate();
+ wrappedRecoveryPassphrase = wrapPassphrase(token, recoveryPassphrase, IV, recoveryKey);
+ wrappedRecoveryKey = wrapSymmetricKey(manager, token, transportCert, recoveryKey);
+ info = client.requestRecovery(keyId, wrappedRecoveryPassphrase, wrappedRecoveryKey);
+ recoveryRequestId = getId(info.getRequestURL());
+ } catch (Exception e) {
+ log("Exception in recovering symmetric key using passphrase" + e.toString());
+ e.printStackTrace();
+ }
//Test 10: Approve recovery
log("Approving recovery request: " + recoveryRequestId);
@@ -246,9 +259,9 @@ public class DRMTest {
// Test 11: Get key
log("Getting key: " + keyId);
- keyData = client.retrieveKey(keyId, recoveryRequestId, wrappedRecoveryPassphrase, null);
- recoveredWrappedKey = keyData.getWrappedPrivateData();
- recoveredKey = unwrap(recoveredWrappedKey, recoveryKey);
+ keyData = client.retrieveKey(keyId, recoveryRequestId, wrappedRecoveryPassphrase, wrappedRecoveryKey);
+ wrappedRecoveredKey = keyData.getWrappedPrivateData();
+ recoveredKey = unwrap(wrappedRecoveredKey, recoveryPassphrase);
if (!recoveredKey.equals(com.netscape.osutil.OSUtil.BtoA(vek.getEncoded()))) {
log("Error: recovered and archived keys do not match!");
@@ -304,16 +317,16 @@ public class DRMTest {
log("Getting passphrase: " + keyId);
keyData = client.retrieveKey(keyId, recoveryRequestId, null, wrappedRecoveryKey);
- recoveredWrappedKey = keyData.getWrappedPrivateData();
- recoveredKey = unwrap(recoveredWrappedKey, recoveryKey);
+ wrappedRecoveredKey = keyData.getWrappedPrivateData();
+ recoveredKey = unwrap(wrappedRecoveredKey, recoveryKey);
- if (!unwrap(recoveredKey).equals(passphrase)) {
+ if (!recoveredKey.equals(passphrase)) {
log("Error: recovered and archived passphrases do not match!");
}
// Test 17: Submit a recovery request for the passphrase using a passphrase
log("Submitting a recovery request for the passphrase using a passphrase");
- info = client.requestRecovery(keyId, wrappedRecoveryPassphrase, null);
+ info = client.requestRecovery(keyId, wrappedRecoveryPassphrase, wrappedRecoveryKey);
recoveryRequestId = getId(info.getRequestURL());
//Test 18: Approve recovery
@@ -322,22 +335,17 @@ public class DRMTest {
// Test 19: Get key
log("Getting passphrase: " + keyId);
- keyData = client.retrieveKey(keyId, recoveryRequestId, wrappedRecoveryPassphrase, null);
- recoveredWrappedKey = keyData.getWrappedPrivateData();
- recoveredKey = unwrap(recoveredWrappedKey, recoveryKey);
+ keyData = client.retrieveKey(keyId, recoveryRequestId, wrappedRecoveryPassphrase, wrappedRecoveryKey);
+ wrappedRecoveredKey = keyData.getWrappedPrivateData();
+ recoveredKey = unwrap(wrappedRecoveredKey, recoveryPassphrase);
- if (!unwrap(recoveredKey).equals(passphrase)) {
+ if (!recoveredKey.equals(passphrase)) {
log("Error: recovered and archived passphrases do not match!");
}
}
- private static String unwrap(String recoveredKey) {
- // TODO Auto-generated method stub
- return null;
- }
-
- private static byte[] wrapPassphrase(String recoveryPassphrase, String transportCert) {
+ private static String unwrap(String wrappedRecoveredKey, String recoveryPassphrase) {
// TODO Auto-generated method stub
return null;
}
@@ -347,7 +355,7 @@ public class DRMTest {
System.out.println(string);
}
- private static String unwrap(String recoveredWrappedKey, SymmetricKey recoveryKey) {
+ private static String unwrap(String wrappedRecoveredKey, SymmetricKey recoveryKey) {
// TODO Auto-generated method stub
return null;
}
@@ -361,7 +369,6 @@ public class DRMTest {
NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException,
CertificateEncodingException, IOException, IllegalStateException, IllegalBlockSizeException,
BadPaddingException {
- EncryptionAlgorithm encryptionAlgorithm = null;
byte[] key_data = null;
byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
IVParameterSpec IV = null;
@@ -371,29 +378,11 @@ public class DRMTest {
SymmetricKey sk = kg1.generate();
if (passphrase != null) {
- Cipher cipher = null;
- encryptionAlgorithm = EncryptionAlgorithm.DES3_CBC_PAD;
- cipher = token.getCipherContext(encryptionAlgorithm);
- log("cipher " + cipher);
-
- if (cipher != null) {
- cipher.initEncrypt(sk, IV);
- key_data = cipher.doFinal(passphrase.getBytes());
- log("Pass phrase mode key_data: " + key_data);
-
- // Try to decrypt
- cipher.initDecrypt(sk, IV);
- byte[] decrypted = cipher.doFinal(key_data);
- String s = new String(decrypted);
- log("Re decrypted pass phrase " + s);
-
- } else {
- throw new IOException("Failed to create cipher");
- }
+ key_data = wrapPassphrase(token, passphrase, IV, sk);
} else {
// wrap payload using session key
KeyWrapper wrapper1 = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD);
- wrapper1.initWrap(sk, new IVParameterSpec(iv));
+ wrapper1.initWrap(sk, IV);
key_data = wrapper1.wrap(vek);
}
@@ -416,6 +405,32 @@ public class DRMTest {
return encoded;
}
+ private static byte[] wrapPassphrase(CryptoToken token, String passphrase, IVParameterSpec IV, SymmetricKey sk)
+ throws NoSuchAlgorithmException, TokenException, InvalidKeyException,
+ InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, IOException {
+ byte[] key_data = null;
+ Cipher cipher = null;
+ EncryptionAlgorithm encryptionAlgorithm = EncryptionAlgorithm.DES3_CBC_PAD;
+ cipher = token.getCipherContext(encryptionAlgorithm);
+ log("cipher " + cipher);
+
+ if (cipher != null) {
+ cipher.initEncrypt(sk, IV);
+ key_data = cipher.doFinal(passphrase.getBytes());
+ log("Pass phrase mode key_data: " + key_data);
+
+ // Try to decrypt
+ cipher.initDecrypt(sk, IV);
+ byte[] decrypted = cipher.doFinal(key_data);
+ String s = new String(decrypted);
+ log("Re decrypted pass phrase " + s);
+
+ } else {
+ throw new IOException("Failed to create cipher");
+ }
+ return key_data;
+ }
+
private static byte[] wrapSymmetricKey(CryptoManager manager, CryptoToken token, String transportCert,
SymmetricKey sk) throws CertificateEncodingException, TokenException, NoSuchAlgorithmException,
InvalidKeyException, InvalidAlgorithmParameterException {
generated by cgit (git 2.34.1) at 2024-07-03 16:23:22 +0000