summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--base/kra/src/com/netscape/kra/NetkeyKeygenService.java6
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java15
-rw-r--r--base/server/cmscore/src/com/netscape/cmscore/request/ARequestQueue.java11
-rw-r--r--base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java21
-rw-r--r--base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java2
-rw-r--r--base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java12
6 files changed, 45 insertions, 22 deletions
diff --git a/base/kra/src/com/netscape/kra/NetkeyKeygenService.java b/base/kra/src/com/netscape/kra/NetkeyKeygenService.java
index f409eea96..e77ef25db 100644
--- a/base/kra/src/com/netscape/kra/NetkeyKeygenService.java
+++ b/base/kra/src/com/netscape/kra/NetkeyKeygenService.java
@@ -410,6 +410,12 @@ public class NetkeyKeygenService implements IService {
audit(auditMessage);
String rWrappedDesKeyString = request.getExtDataInString(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY);
+ // the request reocrd field delayLDAPCommit == "true" will cause
+ // updateRequest() to delay actual write to ldap
+ request.setExtData("delayLDAPCommit", "true");
+ // wrappedDesKey no longer needed. removing.
+ request.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, "");
+
// CMS.debug("NetkeyKeygenService: received DRM-trans-wrapped DES key ="+rWrappedDesKeyString);
wrapped_des_key = com.netscape.cmsutil.util.Utils.SpecialDecode(rWrappedDesKeyString);
CMS.debug("NetkeyKeygenService: wrapped_des_key specialDecoded");
diff --git a/base/server/cms/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java b/base/server/cms/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
index 83f159a83..7cf750a33 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
@@ -234,6 +234,19 @@ public class GenerateKeyPairServlet extends CMSServlet {
String ivString = thisreq.getExtDataInString("iv_s");
/*
+ * clean up fields in request
+ */
+ thisreq.setExtData("wrappedUserPrivate", "");
+ thisreq.setExtData("public_key", "");
+ thisreq.setExtData("iv_s", "");
+ thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, "");
+ String test = thisreq.getExtDataInString("wrappedUserPrivate");
+
+ // now that fields are cleared, we can really write to ldap
+ thisreq.setExtData("delayLDAPCommit", "false");
+ queue.updateRequest(thisreq);
+
+ /*
if (selectedToken == null)
status = "4";
*/
@@ -251,7 +264,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
value = sb.toString();
}
- CMS.debug("processServerSideKeyGen:outputString.encode " + value);
+ //CMS.debug("processServerSideKeyGen:outputString.encode " + value);
try {
resp.setContentLength(value.length());
diff --git a/base/server/cmscore/src/com/netscape/cmscore/request/ARequestQueue.java b/base/server/cmscore/src/com/netscape/cmscore/request/ARequestQueue.java
index 3d82f8eb5..798da3fa5 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/request/ARequestQueue.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/request/ARequestQueue.java
@@ -540,6 +540,8 @@ public abstract class ARequestQueue
}
public void updateRequest(IRequest r) {
+ // defualt is to really update ldap
+ String delayLDAPCommit = r.getExtDataInString("delayLDAPCommit");
((Request) r).mModificationTime = CMS.getCurrentDate();
String name = getUserIdentity();
@@ -547,9 +549,12 @@ public abstract class ARequestQueue
if (name != null)
r.setExtData(IRequest.UPDATED_BY, name);
- // TODO: use a state flag to determine whether to call
- // addRequest or modifyRequest (see newRequest as well)
- modifyRequest(r);
+ // by default, write request to LDAP
+ if (delayLDAPCommit == null || !delayLDAPCommit.equals("true")) {
+ // TODO: use a state flag to determine whether to call
+ // addRequest or modifyRequest (see newRequest as well)
+ modifyRequest(r);
+ } // else: delay the write to ldap
}
// PRIVATE functions
diff --git a/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java b/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java
index 1f7347ddd..0f3de3351 100644
--- a/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java
+++ b/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java
@@ -107,7 +107,7 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler
"&" + IRemoteRequest.KRA_Trans_DesKey + "=" +
sDesKey;
- CMS.debug("KRARemoteRequestHandler: outgoing request for ECC: " + request);
+ //CMS.debug("KRARemoteRequestHandler: outgoing request for ECC: " + request);
resp =
conn.send("GenerateKeyPair",
@@ -127,7 +127,7 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler
"&" + IRemoteRequest.KRA_Trans_DesKey + "=" +
sDesKey;
- CMS.debug("KRARemoteRequestHandler: outgoing request for RSA: " + request);
+ //CMS.debug("KRARemoteRequestHandler: outgoing request for RSA: " + request);
resp =
conn.send("GenerateKeyPair",
@@ -144,8 +144,8 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler
String content = resp.getContent();
- CMS.debug("KRARemoteRequestHandler: serverSideKeyGen(): got content = " + content);
if (content != null && !content.equals("")) {
+ CMS.debug("KRARemoteRequestHandler: serverSideKeyGen(): got content");
Hashtable<String, Object> response =
parseResponse(content);
@@ -192,8 +192,7 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler
CMS.debug("KRARemoteRequestHandler: serverSideKeyGen(): response missing name-value pair for: " +
IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey);
} else {
- CMS.debug("KRARemoteRequestHandler:serverSideKeyGen(): got IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey= "
- + value);
+ CMS.debug("KRARemoteRequestHandler:serverSideKeyGen(): got IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey");
response.put(IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey, value);
}
@@ -202,8 +201,7 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler
CMS.debug("KRARemoteRequestHandler: serverSideKeyGen(): response missing name-value pair for: " +
IRemoteRequest.KRA_RESPONSE_IV_Param);
} else {
- CMS.debug("KRARemoteRequestHandler:serverSideKeyGen(): got IRemoteRequest.KRA_RESPONSE_IV_Param= "
- + value);
+ CMS.debug("KRARemoteRequestHandler:serverSideKeyGen(): got IRemoteRequest.KRA_RESPONSE_IV_Param");
response.put(IRemoteRequest.KRA_RESPONSE_IV_Param, value);
}
@@ -283,7 +281,7 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler
"&" + IRemoteRequest.KRA_Trans_DesKey + "=" +
sDesKey;
}
- CMS.debug("KRARemoteRequestHandler: recoverKey(): sendMsg =" + sendMsg);
+ //CMS.debug("KRARemoteRequestHandler: recoverKey(): sendMsg =" + sendMsg);
HttpResponse resp =
conn.send("TokenKeyRecovery",
sendMsg);
@@ -294,8 +292,8 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler
String content = resp.getContent();
- CMS.debug("KRARemoteRequestHandler: recoverKey(): got content = " + content);
if (content != null && !content.equals("")) {
+ CMS.debug("KRARemoteRequestHandler: recoverKey(): got content");
Hashtable<String, Object> response =
parseResponse(content);
@@ -337,8 +335,7 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler
CMS.debug("KRARemoteRequestHandler: recoverKey(): response missing name-value pair for: " +
IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey);
} else {
- CMS.debug("KRARemoteRequestHandler:recoverKey(): got IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey= "
- + value);
+ CMS.debug("KRARemoteRequestHandler:recoverKey(): got IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey");
response.put(IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey, value);
}
@@ -347,7 +344,7 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler
CMS.debug("KRARemoteRequestHandler: recoverKey(): response missing name-value pair for: " +
IRemoteRequest.KRA_RESPONSE_IV_Param);
} else {
- CMS.debug("KRARemoteRequestHandler:recoverKey(): got IRemoteRequest.KRA_RESPONSE_IV_Param= " + value);
+ CMS.debug("KRARemoteRequestHandler:recoverKey(): got IRemoteRequest.KRA_RESPONSE_IV_Param");
response.put(IRemoteRequest.KRA_RESPONSE_IV_Param, value);
}
diff --git a/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java b/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java
index 32dd7a200..bc9d12c19 100644
--- a/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java
+++ b/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java
@@ -537,9 +537,11 @@ public class TPSEngine {
boolean archive,
boolean isECC) throws TPSException {
+/*
CMS.debug("TPSEngine.serverSideKeyGen entering... keySize: " + keySize + " cuid: " + cuid + " userid: "
+ userid + " drmConnId: " + drmConnId + " wrappedDesKey: " + wrappedDesKey + " archive: " + archive
+ " isECC: " + isECC);
+*/
if (cuid == null || userid == null || drmConnId == null || wrappedDesKey == null) {
throw new TPSException("TPSEngine.serverSideKeyGen: Invalid input data!",
diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
index 07f7fa0d0..19df79f53 100644
--- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
+++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
@@ -2816,7 +2816,7 @@ public class TPSEnrollProcessor extends TPSProcessor {
TPSBuffer privKeyBuff = new TPSBuffer(Util.uriDecodeFromHex(wrappedPrivKeyStr));
privKeyBlob.add(privKeyBuff);
- CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8 privKeyBlob: " + privKeyBlob.toHexString());
+ //CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8 privKeyBlob: " + privKeyBlob.toHexString());
byte[] perms = { 0x40,
0x00,
@@ -2840,7 +2840,7 @@ public class TPSEnrollProcessor extends TPSProcessor {
CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8 : keyCheck: " + keyCheck.toHexString());
// String ivParams = ssKeyGenResponse.getIVParam();
- CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8: ivParams: " + ivParams);
+ //CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8: ivParams: " + ivParams);
TPSBuffer ivParamsBuff = new TPSBuffer(Util.uriDecodeFromHex(ivParams));
if (ivParamsBuff.size() == 0) {
@@ -2851,9 +2851,9 @@ public class TPSEnrollProcessor extends TPSProcessor {
TPSBuffer kekWrappedDesKey = channel.getKekDesKey();
- if (kekWrappedDesKey != null)
- CMS.debug("TPSEnrollProcessor.importPrivateKeyPKCS8: keyWrappedDesKey: " + kekWrappedDesKey.toHexString());
- else
+ if (kekWrappedDesKey != null) {
+ //CMS.debug("TPSEnrollProcessor.importPrivateKeyPKCS8: keyWrappedDesKey: " + kekWrappedDesKey.toHexString());
+ } else
CMS.debug("TPSEnrollProcessor.iportPrivateKeyPKC8: null kekWrappedDesKey!");
byte alg = (byte) 0x80;
@@ -2873,7 +2873,7 @@ public class TPSEnrollProcessor extends TPSProcessor {
}
data.add((byte) ivParamsBuff.size());
data.add(ivParamsBuff);
- CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8: key data outgoing: " + data.toHexString());
+ //CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8: key data outgoing: " + data.toHexString());
int pe1 = (cEnrollInfo.getKeyUser() << 4) + cEnrollInfo.getPrivateKeyNumber();
int pe2 = (cEnrollInfo.getKeyUsage() << 4) + cEnrollInfo.getPublicKeyNumber();
generated by cgit (git 2.34.1) at 2024-04-30 12:50:49 +0000