diff options
21 files changed, 157 insertions, 153 deletions
diff --git a/base/common/python/pki/cryptoutil.py b/base/common/python/pki/cryptoutil.py index c48c6ca0f..b450e820c 100644 --- a/base/common/python/pki/cryptoutil.py +++ b/base/common/python/pki/cryptoutil.py @@ -113,6 +113,7 @@ class NSSCryptoUtil(CryptoUtil): self.nonce_iv = "e4:bb:3b:d3:c3:71:2e:58" def initialize_db(self): + ''' initialize the nss db. Must be done before any crypto operations ''' nss.nss_init(self.certdb_dir) def import_cert(self, cert_nick, cert, trust): diff --git a/base/common/python/pki/key.py b/base/common/python/pki/key.py index ab6db9625..0d1dd36f3 100644 --- a/base/common/python/pki/key.py +++ b/base/common/python/pki/key.py @@ -76,7 +76,7 @@ class KeyInfo(object): def __init__(self): ''' Constructor ''' - self.clientID = None + self.clientKeyID = None self.keyURL = None self.algorithm = None self.status = None @@ -219,12 +219,12 @@ class KeyArchivalRequest(pki.ResourceMessage): Class representing the object sent to the DRM when archiving a secret. ''' - def __init__(self, client_id=None, data_type=None, wrapped_private_data=None, + def __init__(self, client_key_id=None, data_type=None, wrapped_private_data=None, key_algorithm=None, key_size=None): ''' Constructor ''' pki.ResourceMessage.__init__(self, "com.netscape.certsrv.key.KeyArchivalRequest") - self.add_attribute("clientID", client_id) + self.add_attribute("clientKeyID", client_key_id) self.add_attribute("dataType", data_type) self.add_attribute("wrappedPrivateData", wrapped_private_data) self.add_attribute("keyAlgorithm", key_algorithm) @@ -266,13 +266,13 @@ class SymKeyGenerationRequest(pki.ResourceMessage): DECRYPT_USAGE = "decrypt" ENCRYPT_USAGE = "encrypt" - def __init__(self, client_id=None, key_size=None, key_algorithm=None, + def __init__(self, client_key_id=None, key_size=None, key_algorithm=None, key_usages=None): ''' Constructor ''' pki.ResourceMessage.__init__(self, "com.netscape.certsrv.key.SymKeyGenerationRequest") key_usages = key_usages or [] - self.add_attribute("clientID", client_id) + self.add_attribute("clientKeyID", client_key_id) self.add_attribute("keySize", key_size) self.add_attribute("keyAlgorithm", key_algorithm) self.add_attribute("keyUsage", ','.join(key_usages)) @@ -296,14 +296,14 @@ class KeyClient(object): self.keyRequestsURL = '/rest/agent/keyrequests' @pki.handle_exceptions() - def list_keys(self, client_id=None, status=None, max_results=None, + def list_keys(self, client_key_id=None, status=None, max_results=None, max_time=None, start=None, size=None): ''' List/Search archived secrets in the DRM. See KRAClient.list_keys for the valid values of status. Returns a KeyInfoCollection object. ''' - query_params = {'clientID':client_id, 'status':status, + query_params = {'clientKeyID':client_key_id, 'status':status, 'maxResults':max_results, 'maxTime':max_time, 'start':start, 'size':size} response = self.connection.get(self.keyURL, self.headers, params=query_params) @@ -359,7 +359,7 @@ class KeyClient(object): return self.retrieve_key(request) @pki.handle_exceptions() - def list_requests(self, request_state=None, request_type=None, client_id=None, + def list_requests(self, request_state=None, request_type=None, client_key_id=None, start=None, page_size=None, max_results=None, max_time=None): ''' List/Search key requests in the DRM. @@ -367,7 +367,7 @@ class KeyClient(object): request_type. Returns a KeyRequestInfoCollection object. ''' query_params = {'requestState':request_state, 'requestType':request_type, - 'clientID':client_id, 'start':start, 'pageSize':page_size, + 'clientKeyID':client_key_id, 'start':start, 'pageSize':page_size, 'maxResults':max_results, 'maxTime':max_time} response = self.connection.get(self.keyRequestsURL, self.headers, params=query_params) @@ -435,7 +435,7 @@ class KeyClient(object): return self.create_request(request) @pki.handle_exceptions() - def request_archival(self, client_id, data_type, wrapped_private_data, + def request_archival(self, client_key_id, data_type, wrapped_private_data, key_algorithm=None, key_size=None): ''' Archive a secret (symmetric key or passphrase) on the DRM. @@ -452,7 +452,7 @@ class KeyClient(object): key_algorithm and key_size are applicable to symmetric keys only. If a symmetric key is being archived, these parameters are required. ''' - request = KeyArchivalRequest(client_id=client_id, + request = KeyArchivalRequest(client_key_id=client_key_id, data_type=data_type, wrapped_private_data=wrapped_private_data, key_algorithm=key_algorithm, @@ -467,9 +467,9 @@ class KeyClient(object): return KeyInfo.from_json(response.json()) @pki.handle_exceptions() - def get_active_key_info(self, client_id): + def get_active_key_info(self, client_key_id): ''' Get the info in the KeyRecord for the active secret in the DRM. ''' - url = self.keyURL + '/active/' + urllib.quote_plus(client_id) + url = self.keyURL + '/active/' + urllib.quote_plus(client_key_id) response = self.connection.get(url, headers=self.headers) print response return KeyInfo.from_json(response.json()) @@ -491,9 +491,9 @@ encoder.NOTYPES['SymKeyGenerationRequest'] = SymKeyGenerationRequest def main(): ''' Some unit tests - basically printing different types of requests ''' print "printing symkey generation request" - client_id = "vek 123" + client_key_id = "vek 123" usages = [SymKeyGenerationRequest.DECRYPT_USAGE, SymKeyGenerationRequest.ENCRYPT_USAGE] - gen_request = SymKeyGenerationRequest(client_id, 128, "AES", usages) + gen_request = SymKeyGenerationRequest(client_key_id, 128, "AES", usages) print json.dumps(gen_request, cls=encoder.CustomTypeEncoder, sort_keys=True) print "printing key recovery request" @@ -502,7 +502,7 @@ def main(): print json.dumps(key_request, cls=encoder.CustomTypeEncoder, sort_keys=True) print "printing key archival request" - archival_request = KeyArchivalRequest(client_id, "symmetricKey", + archival_request = KeyArchivalRequest(client_key_id, "symmetricKey", "MX123AABBCD", "AES", 128) print json.dumps(archival_request, cls=encoder.CustomTypeEncoder, sort_keys=True) diff --git a/base/common/python/pki/kraclient.py b/base/common/python/pki/kraclient.py index 227298c85..25c4dc9ca 100644 --- a/base/common/python/pki/kraclient.py +++ b/base/common/python/pki/kraclient.py @@ -42,9 +42,11 @@ class KRAClient(object): :param crypto - CryptoUtil object. NSSCryptoUtil is provided by default. If a different crypto implementation is desired, a different subclass of CryptoUtil must be provided. - :param trnasport_cert_nick - identifier for the DRM transport certificate. This will + :param transport_cert_nick - identifier for the DRM transport certificate. This will be passed to the CryptoUtil.get_cert() command to get a representation of the transport certificate usable for crypto operations. + Note that for NSS databases, the database must have been initialized + beforehand. ''' self.connection = connection self.keys = key.KeyClient(connection) @@ -170,19 +172,19 @@ class KRAClient(object): return self.keys.request_key_retrieval(key_id, request_id, passphrase) - def generate_sym_key(self, client_id, algorithm, size, usages): + def generate_symmetric_key(self, client_key_id, algorithm, size, usages): ''' Generate and archive a symmetric key on the DRM. Return a KeyRequestResponse which contains a KeyRequestInfo object that describes the URL for the request and generated key. ''' - request = key.SymKeyGenerationRequest(client_id=client_id, + request = key.SymKeyGenerationRequest(client_key_id=client_key_id, key_size=size, key_algorithm=algorithm, key_usages=usages) return self.keys.create_request(request) - def archive_key(self, client_id, data_type, private_data=None, + def archive_key(self, client_key_id, data_type, private_data=None, wrapped_private_data=None, key_algorithm=None, key_size=None): ''' Archive a secret (symmetric key or passphrase) on the DRM. @@ -218,7 +220,7 @@ class KRAClient(object): # raise BadRequestException - to be added in next patch return None wrapped_private_data = self.generate_archive_options(private_data) - return self.keys.request_archival(client_id, data_type, wrapped_private_data, + return self.keys.request_archival(client_key_id, data_type, wrapped_private_data, key_algorithm, key_size) def generate_pki_archive_options(self, trans_wrapped_session_key, session_wrapped_secret): diff --git a/base/common/src/com/netscape/certsrv/key/KeyArchivalRequest.java b/base/common/src/com/netscape/certsrv/key/KeyArchivalRequest.java index ba87e1b8b..3c7628af9 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyArchivalRequest.java +++ b/base/common/src/com/netscape/certsrv/key/KeyArchivalRequest.java @@ -36,7 +36,7 @@ import com.netscape.certsrv.base.ResourceMessage; @XmlAccessorType(XmlAccessType.FIELD) public class KeyArchivalRequest extends ResourceMessage { - private static final String CLIENT_ID = "clientID"; + private static final String CLIENT_KEY_ID = "clientKeyID"; private static final String DATA_TYPE = "dataType"; private static final String WRAPPED_PRIVATE_DATA = "wrappedPrivateData"; private static final String KEY_ALGORITHM = "keyAlgorithm"; @@ -48,7 +48,7 @@ public class KeyArchivalRequest extends ResourceMessage { } public KeyArchivalRequest(MultivaluedMap<String, String> form) { - attributes.put(CLIENT_ID, form.getFirst(CLIENT_ID)); + attributes.put(CLIENT_KEY_ID, form.getFirst(CLIENT_KEY_ID)); attributes.put(DATA_TYPE, form.getFirst(DATA_TYPE)); attributes.put(WRAPPED_PRIVATE_DATA, form.getFirst(WRAPPED_PRIVATE_DATA)); attributes.put(KEY_ALGORITHM, form.getFirst(KEY_ALGORITHM)); @@ -62,17 +62,17 @@ public class KeyArchivalRequest extends ResourceMessage { } /** - * @return the clientId + * @return the clientKeyID */ - public String getClientId() { - return attributes.get(CLIENT_ID); + public String getClientKeyId() { + return attributes.get(CLIENT_KEY_ID); } /** - * @param clientId the clientId to set + * @param clientKeyId the clientKeyId to set */ - public void setClientId(String clientId) { - attributes.put(CLIENT_ID, clientId); + public void setClientKeyId(String clientKeyId) { + attributes.put(CLIENT_KEY_ID, clientKeyId); } /** @@ -150,7 +150,7 @@ public class KeyArchivalRequest extends ResourceMessage { public static void main(String args[]) throws Exception { KeyArchivalRequest before = new KeyArchivalRequest(); - before.setClientId("vek 12345"); + before.setClientKeyId("vek 12345"); before.setDataType(KeyRequestResource.SYMMETRIC_KEY_TYPE); before.setWrappedPrivateData("XXXXABCDEFXXX"); before.setKeyAlgorithm(KeyRequestResource.AES_ALGORITHM); diff --git a/base/common/src/com/netscape/certsrv/key/KeyClient.java b/base/common/src/com/netscape/certsrv/key/KeyClient.java index cb5d59772..3c27dbb6c 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyClient.java +++ b/base/common/src/com/netscape/certsrv/key/KeyClient.java @@ -47,14 +47,14 @@ public class KeyClient extends Client { keyRequestClient = createProxy(KeyRequestResource.class); } - public KeyInfoCollection findKeys(String clientID, String status, Integer maxSize, Integer maxTime, + public KeyInfoCollection findKeys(String clientKeyID, String status, Integer maxSize, Integer maxTime, Integer start, Integer size) { - Response response = keyClient.listKeys(clientID, status, maxSize, maxTime, start, size); + Response response = keyClient.listKeys(clientKeyID, status, maxSize, maxTime, start, size); return client.getEntity(response, KeyInfoCollection.class); } - public KeyInfo getActiveKeyInfo(String clientID) { - Response response = keyClient.getActiveKeyInfo(clientID); + public KeyInfo getActiveKeyInfo(String clientKeyID) { + Response response = keyClient.getActiveKeyInfo(clientKeyID); return client.getEntity(response, KeyInfo.class); } @@ -97,7 +97,7 @@ public class KeyClient extends Client { public KeyRequestInfoCollection findRequests( String requestState, String requestType, - String clientID, + String clientKeyID, RequestId start, Integer pageSize, Integer maxResults, @@ -105,7 +105,7 @@ public class KeyClient extends Client { Response response = keyRequestClient.listRequests( requestState, requestType, - clientID, + clientKeyID, start, pageSize, maxResults, @@ -118,12 +118,12 @@ public class KeyClient extends Client { return client.getEntity(response, KeyRequestInfo.class); } - public KeyRequestResponse archiveSecurityData(byte[] encoded, String clientId, String dataType, String algorithm, int strength) { + public KeyRequestResponse archiveSecurityData(byte[] encoded, String clientKeyId, String dataType, String algorithm, int strength) { // create archival request KeyArchivalRequest data = new KeyArchivalRequest(); String req1 = Utils.base64encode(encoded); data.setWrappedPrivateData(req1); - data.setClientId(clientId); + data.setClientKeyId(clientKeyId); data.setDataType(dataType); data.setKeyAlgorithm(algorithm); data.setKeySize(strength); @@ -158,9 +158,9 @@ public class KeyClient extends Client { return createRequest(data); } - public KeyRequestResponse generateKey(String clientId, String keyAlgorithm, int keySize, List<String> usages) { + public KeyRequestResponse generateKey(String clientKeyId, String keyAlgorithm, int keySize, List<String> usages) { SymKeyGenerationRequest data = new SymKeyGenerationRequest(); - data.setClientId(clientId); + data.setClientKeyId(clientKeyId); data.setKeyAlgorithm(keyAlgorithm); data.setKeySize(new Integer(keySize)); data.setUsages(usages); diff --git a/base/common/src/com/netscape/certsrv/key/KeyInfo.java b/base/common/src/com/netscape/certsrv/key/KeyInfo.java index a4f4e62f3..10da545d8 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyInfo.java +++ b/base/common/src/com/netscape/certsrv/key/KeyInfo.java @@ -40,7 +40,7 @@ public class KeyInfo { protected String keyURL; @XmlElement - protected String clientID; + protected String clientKeyID; @XmlElement protected String status; @@ -81,17 +81,17 @@ public class KeyInfo { } /** - * @return the clientID + * @return the clientKeyID */ - public String getClientID() { - return clientID; + public String getClientKeyID() { + return clientKeyID; } /** - * @param clientID the clientID to set + * @param clientKeyID the clientKeyID to set */ - public void setClientID(String clientID) { - this.clientID = clientID; + public void setClientKeyID(String clientKeyID) { + this.clientKeyID = clientKeyID; } public String getStatus() { diff --git a/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java b/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java index 867136bc1..f5a652872 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java +++ b/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java @@ -44,7 +44,7 @@ public interface KeyRequestResource { @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public Response listRequests(@QueryParam("requestState") String requestState, @QueryParam("requestType") String requestType, - @QueryParam("clientID") String clientID, + @QueryParam("clientKeyID") String clientKeyID, @QueryParam("start") RequestId start, @QueryParam("pageSize") Integer pageSize, @QueryParam("maxResults") Integer maxResults, diff --git a/base/common/src/com/netscape/certsrv/key/KeyResource.java b/base/common/src/com/netscape/certsrv/key/KeyResource.java index 5b5bf7a74..4b1281a4f 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyResource.java +++ b/base/common/src/com/netscape/certsrv/key/KeyResource.java @@ -26,7 +26,7 @@ public interface KeyResource { @GET @ClientResponseType(entityType=KeyInfoCollection.class) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - public Response listKeys(@QueryParam("clientID") String clientID, + public Response listKeys(@QueryParam("clientKeyID") String clientKeyID, @QueryParam("status") String status, @QueryParam("maxResults") Integer maxResults, @QueryParam("maxTime") Integer maxTime, @@ -34,10 +34,10 @@ public interface KeyResource { @QueryParam("size") Integer size); @GET - @Path("active/{clientID}") + @Path("active/{clientKeyID}") @ClientResponseType(entityType=KeyInfo.class) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - public Response getActiveKeyInfo(@PathParam("clientID") String clientID); + public Response getActiveKeyInfo(@PathParam("clientKeyID") String clientKeyID); @GET @Path("{id}") diff --git a/base/common/src/com/netscape/certsrv/key/SymKeyGenerationRequest.java b/base/common/src/com/netscape/certsrv/key/SymKeyGenerationRequest.java index 7510b8c78..01326442f 100644 --- a/base/common/src/com/netscape/certsrv/key/SymKeyGenerationRequest.java +++ b/base/common/src/com/netscape/certsrv/key/SymKeyGenerationRequest.java @@ -21,7 +21,7 @@ import com.netscape.certsrv.base.ResourceMessage; @XmlAccessorType(XmlAccessType.FIELD) public class SymKeyGenerationRequest extends ResourceMessage { - private static final String CLIENT_ID = "clientID"; + private static final String CLIENT_KEY_ID = "clientKeyID"; private static final String KEY_SIZE = "keySize"; private static final String KEY_ALGORITHM = "keyAlgorithm"; private static final String KEY_USAGE = "keyUsage"; @@ -61,7 +61,7 @@ public class SymKeyGenerationRequest extends ResourceMessage { } public SymKeyGenerationRequest(MultivaluedMap<String, String> form) { - attributes.put(CLIENT_ID, form.getFirst(CLIENT_ID)); + attributes.put(CLIENT_KEY_ID, form.getFirst(CLIENT_KEY_ID)); attributes.put(KEY_SIZE, form.getFirst(KEY_SIZE)); attributes.put(KEY_ALGORITHM, form.getFirst(KEY_ALGORITHM)); attributes.put(KEY_USAGE, form.getFirst(KEY_USAGE)); @@ -79,17 +79,17 @@ public class SymKeyGenerationRequest extends ResourceMessage { } /** - * @return the clientId + * @return the clientKeyId */ - public String getClientId() { - return attributes.get(CLIENT_ID); + public String getClientKeyId() { + return attributes.get(CLIENT_KEY_ID); } /** - * @param clientId the clientId to set + * @param clientKeyId the clientKeyId to set */ - public void setClientId(String clientId) { - attributes.put(CLIENT_ID, clientId); + public void setClientKeyId(String clientKeyId) { + attributes.put(CLIENT_KEY_ID, clientKeyId); } /** @@ -139,7 +139,7 @@ public class SymKeyGenerationRequest extends ResourceMessage { public static void main(String args[]) throws Exception { SymKeyGenerationRequest before = new SymKeyGenerationRequest(); - before.setClientId("vek 12345"); + before.setClientKeyId("vek 12345"); before.setKeyAlgorithm(KeyRequestResource.AES_ALGORITHM); before.setKeySize(128); before.addUsage(SymKeyGenerationRequest.DECRYPT_USAGE); diff --git a/base/common/src/com/netscape/certsrv/request/IRequest.java b/base/common/src/com/netscape/certsrv/request/IRequest.java index 8dbbb5cd3..e77a2e2b8 100644 --- a/base/common/src/com/netscape/certsrv/request/IRequest.java +++ b/base/common/src/com/netscape/certsrv/request/IRequest.java @@ -157,7 +157,7 @@ public interface IRequest extends Serializable { //Security Data request attributes public static final String SECURITY_DATA_ENROLLMENT_REQUEST = "securityDataEnrollment"; public static final String SECURITY_DATA_RECOVERY_REQUEST = "securityDataRecovery"; - public static final String SECURITY_DATA_CLIENT_ID = "clientID"; + public static final String SECURITY_DATA_CLIENT_KEY_ID = "clientKeyID"; public static final String SECURITY_DATA_STRENGTH = "strength"; public static final String SECURITY_DATA_ALGORITHM = "algorithm"; public static final String SECURITY_DATA_TYPE = "dataType"; diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java index f205506aa..59624b64f 100644 --- a/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java @@ -63,7 +63,7 @@ public class KeyCLI extends CLI { public static void printKeyInfo(KeyInfo info) { System.out.println(" Key ID: "+info.getKeyId().toHexString()); - if (info.getClientID() != null) System.out.println(" Client ID: "+info.getClientID()); + if (info.getClientKeyID() != null) System.out.println(" Client ID: "+info.getClientKeyID()); if (info.getStatus() != null) System.out.println(" Status: "+info.getStatus()); if (info.getAlgorithm() != null) System.out.println(" Algorithm: "+info.getAlgorithm()); if (info.getSize() != null) System.out.println(" Size: "+info.getSize()); diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyFindCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyFindCLI.java index f3c9badbd..ce095a22e 100644 --- a/base/java-tools/src/com/netscape/cmstools/key/KeyFindCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/key/KeyFindCLI.java @@ -82,7 +82,7 @@ public class KeyFindCLI extends CLI { System.exit(1); } - String clientID = cmd.getOptionValue("client"); + String clientKeyID = cmd.getOptionValue("client"); String status = cmd.getOptionValue("status"); String s = cmd.getOptionValue("maxResults"); @@ -97,7 +97,7 @@ public class KeyFindCLI extends CLI { s = cmd.getOptionValue("size"); Integer size = s == null ? null : Integer.valueOf(s); - KeyInfoCollection keys = keyCLI.keyClient.findKeys(clientID, status, maxResults, maxTime, start, size); + KeyInfoCollection keys = keyCLI.keyClient.findKeys(clientKeyID, status, maxResults, maxTime, start, size); Collection<KeyInfo> entries = keys.getEntries(); diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyRequestFindCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyRequestFindCLI.java index 633d34d03..d1385b0a5 100644 --- a/base/java-tools/src/com/netscape/cmstools/key/KeyRequestFindCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/key/KeyRequestFindCLI.java @@ -89,7 +89,7 @@ public class KeyRequestFindCLI extends CLI { String status = cmd.getOptionValue("status"); String type = cmd.getOptionValue("type"); - String clientID = cmd.getOptionValue("client"); + String clientKeyID = cmd.getOptionValue("client"); String s = cmd.getOptionValue("start"); RequestId start = s == null ? null : new RequestId(s); @@ -104,7 +104,7 @@ public class KeyRequestFindCLI extends CLI { Integer maxTime = s == null ? null : Integer.valueOf(s); KeyRequestInfoCollection keys = keyCLI.keyClient.findRequests( - status, type, clientID, start, pageSize, maxResults, maxTime); + status, type, clientKeyID, start, pageSize, maxResults, maxTime); MainCLI.printMessage(keys.getTotal() + " entries matched"); if (keys.getTotal() == 0) return; diff --git a/base/kra/functional/drmtest.py b/base/kra/functional/drmtest.py index f658d06b8..90cc8b2c8 100644 --- a/base/kra/functional/drmtest.py +++ b/base/kra/functional/drmtest.py @@ -48,7 +48,7 @@ def print_key_request(request): def print_key_info(key_info): ''' Prints the relevant fields of a KeyInfo object ''' print "Key URL: " + str(key_info.keyURL) - print "Client ID: " + str(key_info.clientID) + print "Client ID: " + str(key_info.clientKeyID) print "Algorithm: " + str(key_info.algorithm) print "Status: " + str(key_info.status) print "Owner Name: " + str(key_info.ownerName) @@ -94,18 +94,19 @@ def main(): # Test 4: generate symkey -- same as barbican_encode() print "Now generating symkey on KRA" - client_id = "Vek #1" + time.strftime('%X %x %Z') + #client_key_id = "Vek #1" + time.strftime('%X %x %Z') + client_key_id = "abcxyz" algorithm = "AES" key_size = 128 usages = [key.SymKeyGenerationRequest.DECRYPT_USAGE, key.SymKeyGenerationRequest.ENCRYPT_USAGE] - response = kraclient.generate_sym_key(client_id, algorithm, key_size, usages) + response = kraclient.generate_symmetric_key(client_key_id, algorithm, key_size, usages) print_key_request(response.requestInfo) print "Request ID is " + response.requestInfo.get_request_id() key_id = response.get_key_id() # Test 5: Confirm the key_id matches - print "Now getting key ID for clientID=\"" + client_id + "\"" - key_infos = kraclient.keys.list_keys(client_id=client_id, status="active") + print "Now getting key ID for clientKeyID=\"" + client_key_id + "\"" + key_infos = kraclient.keys.list_keys(client_key_id=client_key_id, status="active") for key_info in key_infos.key_infos: print_key_info(key_info) key_id2 = key_info.get_key_id() @@ -140,7 +141,7 @@ def main(): # Test 10 = test BadRequestException on create() print "Trying to generate a new symkey with the same client ID" try: - response = kraclient.generate_sym_key(client_id, algorithm, key_size, usages) + response = kraclient.generate_symmetric_key(client_key_id, algorithm, key_size, usages) except pki.BadRequestException as exc: print "BadRequestException thrown - Code:" + exc.code + " Message: " + exc.message @@ -168,8 +169,8 @@ def main(): print_key_info(key_info) # Test 14: get the active key - print "Get the active key for client id: " + client_id - key_info = kraclient.keys.get_active_key_info(client_id) + print "Get the active key for client id: " + client_key_id + key_info = kraclient.keys.get_active_key_info(client_key_id) print_key_info(key_info) #Test 15: change the key status @@ -187,7 +188,7 @@ def main(): # Test 17: Get key info for non-existent active key print "Get non-existent active key" try: - key_info = kraclient.keys.get_active_key_info(client_id) + key_info = kraclient.keys.get_active_key_info(client_key_id) except pki.ResourceNotFoundException as exc: print "ResourceNotFoundException thrown - Code: " + exc.code + "Message: " + exc.message diff --git a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java index 52190091e..5681c1114 100644 --- a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java +++ b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java @@ -167,7 +167,7 @@ public class DRMTest { // various ids used in recovery/archival operations KeyId keyId = null; - String clientId = null; + String clientKeyId = null; RequestId recoveryRequestId = null; // Variables for data structures from calls @@ -257,13 +257,13 @@ public class DRMTest { // Test 4: Generate and archive a symmetric key log("Archiving symmetric key"); - clientId = "UUID: 123-45-6789 VEK " + Calendar.getInstance().getTime().toString(); + clientKeyId = "UUID: 123-45-6789 VEK " + Calendar.getInstance().getTime().toString(); try { vek = CryptoUtil.generateKey(token, KeyGenAlgorithm.DES3); byte[] encoded = CryptoUtil.createPKIArchiveOptions(manager, token, transportCert, vek, null, KeyGenAlgorithm.DES3, ivps); - KeyRequestResponse info = keyClient.archiveSecurityData(encoded, clientId, + KeyRequestResponse info = keyClient.archiveSecurityData(encoded, clientKeyId, KeyRequestResource.SYMMETRIC_KEY_TYPE, KeyRequestResource.DES3_ALGORITHM, 0); log("Archival Results:"); printRequestInfo(info.getRequestInfo()); @@ -276,7 +276,7 @@ public class DRMTest { //Test 5: Get keyId for active key with client ID log("Getting key ID for symmetric key"); - keyInfo = keyClient.getActiveKeyInfo(clientId); + keyInfo = keyClient.getActiveKeyInfo(clientKeyId); printKeyInfo(keyInfo); KeyId keyId2 = keyInfo.getKeyId(); if (keyId2 == null) { @@ -371,11 +371,11 @@ public class DRMTest { passphrase = "secret12345"; // Test 12: Generate and archive a passphrase - clientId = "UUID: 123-45-6789 RKEK " + Calendar.getInstance().getTime().toString(); + clientKeyId = "UUID: 123-45-6789 RKEK " + Calendar.getInstance().getTime().toString(); try { byte[] encoded = CryptoUtil.createPKIArchiveOptions(manager, token, transportCert, null, passphrase, KeyGenAlgorithm.DES3, ivps); - requestResponse = keyClient.archiveSecurityData(encoded, clientId, + requestResponse = keyClient.archiveSecurityData(encoded, clientKeyId, KeyRequestResource.PASS_PHRASE_TYPE, null, 0); log("Archival Results:"); printRequestInfo(requestResponse.getRequestInfo()); @@ -387,7 +387,7 @@ public class DRMTest { //Test 13: Get keyId for active passphrase with client ID log("Getting key ID for passphrase"); - keyInfo = keyClient.getActiveKeyInfo(clientId); + keyInfo = keyClient.getActiveKeyInfo(clientKeyId); printKeyInfo(keyInfo); keyId2 = keyInfo.getKeyId(); if (keyId2 == null) { @@ -571,11 +571,11 @@ public class DRMTest { } // test 28: Generate symmetric key - clientId = "Symmetric Key #1234f " + Calendar.getInstance().getTime().toString(); + clientKeyId = "Symmetric Key #1234f " + Calendar.getInstance().getTime().toString(); List<String> usages = new ArrayList<String>(); usages.add(SymKeyGenerationRequest.DECRYPT_USAGE); usages.add(SymKeyGenerationRequest.ENCRYPT_USAGE); - KeyRequestResponse genKeyResponse = keyClient.generateKey(clientId, + KeyRequestResponse genKeyResponse = keyClient.generateKey(clientKeyId, KeyRequestResource.AES_ALGORITHM, 128, usages); printRequestInfo(genKeyResponse.getRequestInfo()); @@ -583,7 +583,7 @@ public class DRMTest { // test 29: Get keyId for active key with client ID log("Getting key ID for symmetric key"); - keyInfo = keyClient.getActiveKeyInfo(clientId); + keyInfo = keyClient.getActiveKeyInfo(clientKeyId); printKeyInfo(keyInfo); keyId2 = keyInfo.getKeyId(); if (keyId2 == null) { @@ -652,7 +652,7 @@ public class DRMTest { // Test 36: Generate and archive a symmetric key of type AES log("Archiving symmetric key"); - clientId = "UUID: 123-45-6789 VEK " + Calendar.getInstance().getTime().toString(); + clientKeyId = "UUID: 123-45-6789 VEK " + Calendar.getInstance().getTime().toString(); try { KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.AES); kg.initialize(128); @@ -661,7 +661,7 @@ public class DRMTest { byte[] encoded = CryptoUtil.createPKIArchiveOptions(manager, token, transportCert, vek, null, KeyGenAlgorithm.DES3, ivps); - KeyRequestResponse response = keyClient.archiveSecurityData(encoded, clientId, + KeyRequestResponse response = keyClient.archiveSecurityData(encoded, clientKeyId, KeyRequestResource.SYMMETRIC_KEY_TYPE, KeyRequestResource.AES_ALGORITHM, 128); log("Archival Results:"); printRequestInfo(response.getRequestInfo()); @@ -673,7 +673,7 @@ public class DRMTest { //Test 37: Get keyId for active key with client ID log("Getting key ID for symmetric key"); - keyInfo = keyClient.getActiveKeyInfo(clientId); + keyInfo = keyClient.getActiveKeyInfo(clientKeyId); printKeyInfo(keyInfo); keyId2 = keyInfo.getKeyId(); if (keyId2 == null) { @@ -737,9 +737,9 @@ public class DRMTest { //Test 43: Confirm no more active keys with this ID log("look for active keys with this id"); - clientId = keyInfo.getClientID(); + clientKeyId = keyInfo.getClientKeyID(); try { - keyInfo = keyClient.getActiveKeyInfo(clientId); + keyInfo = keyClient.getActiveKeyInfo(clientKeyId); printKeyInfo(keyInfo); } catch (ResourceNotFoundException e) { log("Success: ResourceNotFound exception thrown: " + e); @@ -748,7 +748,7 @@ public class DRMTest { private static void printKeyInfo(KeyInfo keyInfo) { log("Printing keyInfo:"); - log("ClientID: " + keyInfo.getClientID()); + log("Client Key ID: " + keyInfo.getClientKeyID()); log("Key URL: " + keyInfo.getKeyURL()); log("Algorithm: " + keyInfo.getAlgorithm()); log("Strength: " + keyInfo.getSize()); diff --git a/base/kra/src/com/netscape/kra/SecurityDataService.java b/base/kra/src/com/netscape/kra/SecurityDataService.java index bbea11c32..388079f32 100644 --- a/base/kra/src/com/netscape/kra/SecurityDataService.java +++ b/base/kra/src/com/netscape/kra/SecurityDataService.java @@ -83,7 +83,7 @@ public class SecurityDataService implements IService { public boolean serviceRequest(IRequest request) throws EBaseException { String id = request.getRequestId().toString(); - String clientId = request.getExtDataInString(IRequest.SECURITY_DATA_CLIENT_ID); + String clientKeyId = request.getExtDataInString(IRequest.SECURITY_DATA_CLIENT_KEY_ID); String wrappedSecurityData = request.getExtDataInString(IEnrollProfile.REQUEST_ARCHIVE_OPTIONS); String dataType = request.getExtDataInString(IRequest.SECURITY_DATA_TYPE); String algorithm = request.getExtDataInString(IRequest.SECURITY_DATA_ALGORITHM); @@ -96,9 +96,9 @@ public class SecurityDataService implements IService { String subjectID = auditSubjectID(); //Check here even though restful layer checks for this. - if(wrappedSecurityData == null || clientId == null || dataType == null) { + if(wrappedSecurityData == null || clientKeyId == null || dataType == null) { auditArchivalRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(), - clientId, null, "Bad data in request"); + clientKeyId, null, "Bad data in request"); throw new EBaseException("Bad data in SecurityDataService.serviceRequest"); } //We need some info from the PKIArchiveOptions wrapped security data @@ -110,7 +110,7 @@ public class SecurityDataService implements IService { //Check here just in case a null ArchiveOptions makes it this far if(options == null) { auditArchivalRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(), - clientId, null, "Problem decoding PKIArchiveOptions"); + clientKeyId, null, "Problem decoding PKIArchiveOptions"); throw new EBaseException("Problem decoding PKIArchiveOptions."); } @@ -148,7 +148,7 @@ public class SecurityDataService implements IService { privateSecurityData = mStorageUnit.encryptInternalPrivate(securityData); } else { // We have no data. auditArchivalRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(), - clientId, null, "Failed to create security data to archive"); + clientKeyId, null, "Failed to create security data to archive"); throw new EBaseException("Failed to create security data to archive!"); } // create key record @@ -156,13 +156,13 @@ public class SecurityDataService implements IService { privateSecurityData, owner, algStr, owner); - rec.set(IKeyRecord.ATTR_CLIENT_ID, clientId); + rec.set(IKeyRecord.ATTR_CLIENT_ID, clientKeyId); //Now we need a serial number for our new key. if (rec.getSerialNumber() != null) { auditArchivalRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(), - clientId, null, CMS.getUserMessage("CMS_KRA_INVALID_STATE")); + clientKeyId, null, CMS.getUserMessage("CMS_KRA_INVALID_STATE")); throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_STATE")); } @@ -173,7 +173,7 @@ public class SecurityDataService implements IService { mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_GET_NEXT_SERIAL")); auditArchivalRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(), - clientId, null, "Failed to get next Key ID"); + clientKeyId, null, "Failed to get next Key ID"); throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_STATE")); } @@ -193,7 +193,7 @@ public class SecurityDataService implements IService { storage.addKeyRecord(rec); auditArchivalRequestProcessed(subjectID, ILogger.SUCCESS, request.getRequestId(), - clientId, serialNo.toString(), "None"); + clientKeyId, serialNo.toString(), "None"); request.setExtData(IRequest.RESULT, IRequest.RES_SUCCESS); mKRA.getRequestQueue().updateRequest(request); @@ -236,14 +236,14 @@ public class SecurityDataService implements IService { return subjectID; } - private void auditArchivalRequestProcessed(String subjectID, String status, RequestId requestID, String clientID, + private void auditArchivalRequestProcessed(String subjectID, String status, RequestId requestID, String clientKeyID, String keyID, String reason) { String auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED, subjectID, status, requestID.toString(), - clientID, + clientKeyID, keyID != null ? keyID : "None", reason); audit(auditMessage); diff --git a/base/kra/src/com/netscape/kra/SymKeyGenService.java b/base/kra/src/com/netscape/kra/SymKeyGenService.java index 32dc1ceb9..99c57b8d9 100644 --- a/base/kra/src/com/netscape/kra/SymKeyGenService.java +++ b/base/kra/src/com/netscape/kra/SymKeyGenService.java @@ -88,7 +88,7 @@ public class SymKeyGenService implements IService { public boolean serviceRequest(IRequest request) throws EBaseException { String id = request.getRequestId().toString(); - String clientId = request.getExtDataInString(IRequest.SECURITY_DATA_CLIENT_ID); + String clientKeyId = request.getExtDataInString(IRequest.SECURITY_DATA_CLIENT_KEY_ID); String algorithm = request.getExtDataInString(IRequest.SYMKEY_GEN_ALGORITHM); String usageStr = request.getExtDataInString(IRequest.SYMKEY_GEN_USAGES); @@ -104,9 +104,9 @@ public class SymKeyGenService implements IService { String subjectID = auditSubjectID(); //Check here even though restful layer checks for this. - if (algorithm == null || clientId == null || keySize <= 0) { + if (algorithm == null || clientKeyId == null || keySize <= 0) { auditSymKeyGenRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(), - clientId, null, "Bad data in request"); + clientKeyId, null, "Bad data in request"); throw new EBaseException("Bad data in SymKeyGenService.serviceRequest"); } @@ -166,7 +166,7 @@ public class SymKeyGenService implements IService { | InvalidAlgorithmParameterException e) { CMS.debugStackTrace(); auditSymKeyGenRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(), - clientId, null, "Failed to generate symmetric key"); + clientKeyId, null, "Failed to generate symmetric key"); throw new EBaseException("Errors in generating symmetric key: " + e); } @@ -177,7 +177,7 @@ public class SymKeyGenService implements IService { privateSecurityData = mStorageUnit.wrap(sk); } else { // We have no data. auditSymKeyGenRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(), - clientId, null, "Failed to create security data to archive"); + clientKeyId, null, "Failed to create security data to archive"); throw new EBaseException("Failed to create security data to archive!"); } @@ -186,12 +186,12 @@ public class SymKeyGenService implements IService { privateSecurityData, owner, algorithm, owner); - rec.set(IKeyRecord.ATTR_CLIENT_ID, clientId); + rec.set(IKeyRecord.ATTR_CLIENT_ID, clientKeyId); //Now we need a serial number for our new key. if (rec.getSerialNumber() != null) { auditSymKeyGenRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(), - clientId, null, CMS.getUserMessage("CMS_KRA_INVALID_STATE")); + clientKeyId, null, CMS.getUserMessage("CMS_KRA_INVALID_STATE")); throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_STATE")); } @@ -202,7 +202,7 @@ public class SymKeyGenService implements IService { mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_GET_NEXT_SERIAL")); auditSymKeyGenRequestProcessed(subjectID, ILogger.FAILURE, request.getRequestId(), - clientId, null, "Failed to get next Key ID"); + clientKeyId, null, "Failed to get next Key ID"); throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_STATE")); } @@ -217,7 +217,7 @@ public class SymKeyGenService implements IService { storage.addKeyRecord(rec); auditSymKeyGenRequestProcessed(subjectID, ILogger.SUCCESS, request.getRequestId(), - clientId, serialNo.toString(), "None"); + clientKeyId, serialNo.toString(), "None"); request.setExtData(IRequest.RESULT, IRequest.RES_SUCCESS); mKRA.getRequestQueue().updateRequest(request); @@ -261,14 +261,14 @@ public class SymKeyGenService implements IService { return subjectID; } - private void auditSymKeyGenRequestProcessed(String subjectID, String status, RequestId requestID, String clientID, + private void auditSymKeyGenRequestProcessed(String subjectID, String status, RequestId requestID, String clientKeyID, String keyID, String reason) { String auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_SYMKEY_GEN_REQUEST_PROCESSED, subjectID, status, requestID.toString(), - clientID, + clientKeyID, keyID != null ? keyID : "None", reason); audit(auditMessage); diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java index b19f92b64..308d3daf8 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java +++ b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java @@ -136,13 +136,13 @@ public class KeyRequestDAO extends CMSRequestDAO { * @throws EBaseException */ public KeyRequestResponse submitRequest(KeyArchivalRequest data, UriInfo uriInfo) throws EBaseException { - String clientId = data.getClientId(); + String clientKeyId = data.getClientKeyId(); String wrappedSecurityData = data.getWrappedPrivateData(); String dataType = data.getDataType(); String keyAlgorithm = data.getKeyAlgorithm(); int keyStrength = data.getKeySize(); - boolean keyExists = doesKeyExist(clientId, "active", uriInfo); + boolean keyExists = doesKeyExist(clientKeyId, "active", uriInfo); if (keyExists == true) { throw new EBaseException("Can not archive already active existing key!"); @@ -151,7 +151,7 @@ public class KeyRequestDAO extends CMSRequestDAO { IRequest request = queue.newRequest(IRequest.SECURITY_DATA_ENROLLMENT_REQUEST); request.setExtData(REQUEST_ARCHIVE_OPTIONS, wrappedSecurityData); - request.setExtData(IRequest.SECURITY_DATA_CLIENT_ID, clientId); + request.setExtData(IRequest.SECURITY_DATA_CLIENT_KEY_ID, clientKeyId); request.setExtData(IRequest.SECURITY_DATA_TYPE, dataType); request.setExtData(IRequest.SECURITY_DATA_STRENGTH, (keyStrength > 0) ? Integer.toString(keyStrength) : Integer.toString(0)); @@ -215,16 +215,16 @@ public class KeyRequestDAO extends CMSRequestDAO { } public KeyRequestResponse submitRequest(SymKeyGenerationRequest data, UriInfo uriInfo) throws EBaseException { - String clientId = data.getClientId(); + String clientKeyId = data.getClientKeyId(); String algName = data.getKeyAlgorithm(); Integer keySize = data.getKeySize(); List<String> usages = data.getUsages(); - if (StringUtils.isBlank(clientId)) { + if (StringUtils.isBlank(clientKeyId)) { throw new BadRequestException("Invalid key generation request. Missing client ID"); } - boolean keyExists = doesKeyExist(clientId, "active", uriInfo); + boolean keyExists = doesKeyExist(clientKeyId, "active", uriInfo); if (keyExists == true) { throw new BadRequestException("Can not archive already active existing key!"); } @@ -259,7 +259,7 @@ public class KeyRequestDAO extends CMSRequestDAO { request.setExtData(IRequest.SECURITY_DATA_ALGORITHM, algName); request.setExtData(IRequest.SYMKEY_GEN_USAGES, StringUtils.join(usages, ",")); - request.setExtData(IRequest.SECURITY_DATA_CLIENT_ID, clientId); + request.setExtData(IRequest.SECURITY_DATA_CLIENT_KEY_ID, clientKeyId); queue.processRequest(request); queue.markAsServiced(request); @@ -331,9 +331,9 @@ public class KeyRequestDAO extends CMSRequestDAO { } //We only care if the key exists or not - private boolean doesKeyExist(String clientId, String keyStatus, UriInfo uriInfo) { + private boolean doesKeyExist(String clientKeyId, String keyStatus, UriInfo uriInfo) { String state = "active"; - String filter = "(&(" + IRequest.SECURITY_DATA_CLIENT_ID + "=" + clientId + ")" + String filter = "(&(" + IRequest.SECURITY_DATA_CLIENT_KEY_ID + "=" + clientKeyId + ")" + "(" + IRequest.SECURITY_DATA_STATUS + "=" + state + "))"; try { Enumeration<IKeyRecord> existingKeys = null; diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/KeyService.java b/base/server/cms/src/com/netscape/cms/servlet/key/KeyService.java index 31dd2c0aa..520ae4c5a 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/key/KeyService.java +++ b/base/server/cms/src/com/netscape/cms/servlet/key/KeyService.java @@ -332,19 +332,19 @@ public class KeyService extends PKIService implements KeyResource { * Used to generate list of key infos based on the search parameters */ @Override - public Response listKeys(String clientID, String status, Integer maxResults, Integer maxTime, + public Response listKeys(String clientKeyID, String status, Integer maxResults, Integer maxTime, Integer start, Integer size) { - return createOKResponse(listKeyInfos(clientID, status, maxResults, maxTime, start, size)); + return createOKResponse(listKeyInfos(clientKeyID, status, maxResults, maxTime, start, size)); } - public KeyInfoCollection listKeyInfos(String clientID, String status, Integer maxResults, Integer maxTime, + public KeyInfoCollection listKeyInfos(String clientKeyID, String status, Integer maxResults, Integer maxTime, Integer start, Integer size) { start = start == null ? 0 : start; size = size == null ? DEFAULT_SIZE : size; // get ldap filter - String filter = createSearchFilter(status, clientID); + String filter = createSearchFilter(status, clientKeyID); CMS.debug("listKeys: filter is " + filter); maxResults = maxResults == null ? DEFAULT_MAXRESULTS : maxResults; @@ -392,10 +392,10 @@ public class KeyService extends PKIService implements KeyResource { } @Override - public Response getActiveKeyInfo(String clientID) { + public Response getActiveKeyInfo(String clientKeyID) { KeyInfoCollection infos = listKeyInfos( - clientID, + clientKeyID, "active", null, null, @@ -419,7 +419,7 @@ public class KeyService extends PKIService implements KeyResource { public KeyInfo createKeyDataInfo(IKeyRecord rec) throws EBaseException { KeyInfo ret = new KeyInfo(); - ret.setClientID(rec.getClientId()); + ret.setClientKeyID(rec.getClientId()); ret.setStatus(rec.getKeyStatus()); ret.setAlgorithm(rec.getAlgorithm()); ret.setSize(rec.getKeySize()); @@ -435,11 +435,11 @@ public class KeyService extends PKIService implements KeyResource { return ret; } - private String createSearchFilter(String status, String clientID) { + private String createSearchFilter(String status, String clientKeyID) { String filter = ""; int matches = 0; - if ((status == null) && (clientID == null)) { + if ((status == null) && (clientKeyID == null)) { filter = "(serialno=*)"; return filter; } @@ -449,8 +449,8 @@ public class KeyService extends PKIService implements KeyResource { matches ++; } - if (clientID != null) { - filter += "(clientID=" + LDAPUtil.escapeFilter(clientID) + ")"; + if (clientKeyID != null) { + filter += "(clientID=" + LDAPUtil.escapeFilter(clientKeyID) + ")"; matches ++; } diff --git a/base/server/cms/src/com/netscape/cms/servlet/request/KeyRequestService.java b/base/server/cms/src/com/netscape/cms/servlet/request/KeyRequestService.java index b85978a34..dd27c2ac7 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/request/KeyRequestService.java +++ b/base/server/cms/src/com/netscape/cms/servlet/request/KeyRequestService.java @@ -162,7 +162,7 @@ public class KeyRequestService extends PKIService implements KeyRequestResource // auth and authz // Catch this before internal server processing has to deal with it - if (data == null || data.getClientId() == null + if (data == null || data.getClientKeyId() == null || data.getWrappedPrivateData() == null || data.getDataType() == null) { throw new BadRequestException("Invalid key archival request."); @@ -179,13 +179,13 @@ public class KeyRequestService extends PKIService implements KeyRequestResource KeyRequestResponse response; try { response = dao.submitRequest(data, uriInfo); - auditArchivalRequestMade(response.getRequestInfo().getRequestId(), ILogger.SUCCESS, data.getClientId()); + auditArchivalRequestMade(response.getRequestInfo().getRequestId(), ILogger.SUCCESS, data.getClientKeyId()); return createCreatedResponse(response, new URI(response.getRequestInfo().getRequestURL())); } catch (EBaseException | URISyntaxException e) { e.printStackTrace(); - auditArchivalRequestMade(null, ILogger.FAILURE, data.getClientId()); + auditArchivalRequestMade(null, ILogger.FAILURE, data.getClientKeyId()); throw new PKIException(e.toString()); } } @@ -318,12 +318,12 @@ public class KeyRequestService extends PKIService implements KeyRequestResource * Used to generate list of key requests based on the search parameters */ @Override - public Response listRequests(String requestState, String requestType, String clientID, + public Response listRequests(String requestState, String requestType, String clientKeyID, RequestId start, Integer pageSize, Integer maxResults, Integer maxTime) { // auth and authz // get ldap filter - String filter = createSearchFilter(requestState, requestType, clientID); + String filter = createSearchFilter(requestState, requestType, clientKeyID); CMS.debug("listRequests: filter is " + filter); start = start == null ? new RequestId(KeyRequestService.DEFAULT_START) : start; @@ -343,11 +343,11 @@ public class KeyRequestService extends PKIService implements KeyRequestResource return createOKResponse(requests); } - private String createSearchFilter(String requestState, String requestType, String clientID) { + private String createSearchFilter(String requestState, String requestType, String clientKeyID) { String filter = ""; int matches = 0; - if ((requestState == null) && (requestType == null) && (clientID == null)) { + if ((requestState == null) && (requestType == null) && (clientKeyID == null)) { filter = "(requeststate=*)"; return filter; } @@ -362,8 +362,8 @@ public class KeyRequestService extends PKIService implements KeyRequestResource matches ++; } - if (clientID != null) { - filter += "(clientID=" + LDAPUtil.escapeFilter(clientID) + ")"; + if (clientKeyID != null) { + filter += "(clientID=" + LDAPUtil.escapeFilter(clientKeyID) + ")"; matches ++; } @@ -394,23 +394,23 @@ public class KeyRequestService extends PKIService implements KeyRequestResource auditor.log(msg); } - public void auditArchivalRequestMade(RequestId requestId, String status, String clientId) { + public void auditArchivalRequestMade(RequestId requestId, String status, String clientKeyID) { String msg = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_SECURITY_DATA_ARCHIVAL_REQUEST, servletRequest.getUserPrincipal().getName(), status, requestId != null? requestId.toString(): "null", - clientId); + clientKeyID); auditor.log(msg); } - public void auditSymKeyGenRequestMade(RequestId requestId, String status, String clientId) { + public void auditSymKeyGenRequestMade(RequestId requestId, String status, String clientKeyID) { String msg = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_SYMKEY_GENERATION_REQUEST, servletRequest.getUserPrincipal().getName(), status, requestId != null ? requestId.toString() : "null", - clientId); + clientKeyID); auditor.log(msg); } @@ -452,13 +452,13 @@ public class KeyRequestService extends PKIService implements KeyRequestResource try { response = dao.submitRequest(data, uriInfo); auditSymKeyGenRequestMade(response.getRequestInfo().getRequestId(), ILogger.SUCCESS, - data.getClientId()); + data.getClientKeyId()); return createCreatedResponse(response, new URI(response.getRequestInfo().getRequestURL())); } catch (EBaseException | URISyntaxException e) { e.printStackTrace(); - auditArchivalRequestMade(null, ILogger.FAILURE, data.getClientId()); + auditArchivalRequestMade(null, ILogger.FAILURE, data.getClientKeyId()); throw new PKIException(e.toString()); } } diff --git a/base/server/cmsbundle/src/LogMessages.properties b/base/server/cmsbundle/src/LogMessages.properties index 0be13ad69..eb4d88d44 100644 --- a/base/server/cmsbundle/src/LogMessages.properties +++ b/base/server/cmsbundle/src/LogMessages.properties @@ -2392,14 +2392,14 @@ LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1=<type=CONFIG_SERIAL_NUMBER>:[AuditEv # Client ID must be the user supplied client ID associated with # the security data to be archived # -LOGGING_SIGNED_AUDIT_SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED_6=<type=SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED>:[AuditEvent=SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED][SubjectID={0}][Outcome={1}][ArchivalRequestID={2}][ClientID={3}][KeyID={4}][FailureReason={5}] security data archival request processed +LOGGING_SIGNED_AUDIT_SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED_6=<type=SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED>:[AuditEvent=SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED][SubjectID={0}][Outcome={1}][ArchivalRequestID={2}][ClientKeyID={3}][KeyID={4}][FailureReason={5}] security data archival request processed # # LOGGING_SIGNED_AUDIT_SECURITY_DATA_ARCHIVAL_REQUEST # - used when security data recovery request is made # RecoveryID must be the recovery request ID # CientID is the ID of the security data to be archived # -LOGGING_SIGNED_AUDIT_SECURITY_DATA_ARCHIVAL_REQUEST_4=<type=SECURITY_DATA_ARCHIVAL_REQUEST>:[AuditEvent=SECURITY_DATA_ARCHIVAL_REQUEST][SubjectID={0}][Outcome={1}][ArchivalRequestID={2}][ClientID={3}] security data archival request made +LOGGING_SIGNED_AUDIT_SECURITY_DATA_ARCHIVAL_REQUEST_4=<type=SECURITY_DATA_ARCHIVAL_REQUEST>:[AuditEvent=SECURITY_DATA_ARCHIVAL_REQUEST][SubjectID={0}][Outcome={1}][ArchivalRequestID={2}][ClientKeyID={3}] security data archival request made # # # LOGGING_SIGNED_AUDIT_SECURITY_DATA_RECOVERY_REQUEST_PROCESSED @@ -2440,13 +2440,13 @@ LOGGING_SIGNED_AUDIT_SECURITY_DATA_RETRIEVE_KEY_5=<type=SECURITY_DATA_RETRIEVE_K # Client ID must be the user supplied client ID associated with # the symmetric key to be generated and archived # -LOGGING_SIGNED_AUDIT_SYMKEY_GEN_REQUEST_PROCESSED_6=<type=SYMKEY_GENERATION_REQUEST_PROCESSED>:[AuditEvent=SYMKEY_GENERATION_REQUEST_PROCESSED][SubjectID={0}][Outcome={1}][GenerationRequestID={2}][ClientID={3}][KeyID={4}][FailureReason={5}] symkey generation request processed +LOGGING_SIGNED_AUDIT_SYMKEY_GEN_REQUEST_PROCESSED_6=<type=SYMKEY_GENERATION_REQUEST_PROCESSED>:[AuditEvent=SYMKEY_GENERATION_REQUEST_PROCESSED][SubjectID={0}][Outcome={1}][GenerationRequestID={2}][ClientKeyID={3}][KeyID={4}][FailureReason={5}] symkey generation request processed # # LOGGING_SIGNED_AUDIT_SYMKEY_GENERATION_REQUEST # - used when symmetric key generation request is made -# ClientID is the ID of the symmetirc key to be generated and archived +# ClientKeyID is the ID of the symmetirc key to be generated and archived # -LOGGING_SIGNED_AUDIT_SYMKEY_GENERATION_REQUEST_4=<type=SYMKEY_GENERATION_REQUEST>:[AuditEvent=SYMKEY_GENERATION_REQUEST][SubjectID={0}][Outcome={1}][GenerationRequestID={2}][ClientID={3}] symkey generation request made +LOGGING_SIGNED_AUDIT_SYMKEY_GENERATION_REQUEST_4=<type=SYMKEY_GENERATION_REQUEST>:[AuditEvent=SYMKEY_GENERATION_REQUEST][SubjectID={0}][Outcome={1}][GenerationRequestID={2}][ClientKeyID={3}] symkey generation request made ########################### #Unselectable signedAudit Events |