diff options
6 files changed, 45 insertions, 22 deletions
diff --git a/base/kra/src/com/netscape/kra/NetkeyKeygenService.java b/base/kra/src/com/netscape/kra/NetkeyKeygenService.java index f409eea96..e77ef25db 100644 --- a/base/kra/src/com/netscape/kra/NetkeyKeygenService.java +++ b/base/kra/src/com/netscape/kra/NetkeyKeygenService.java @@ -410,6 +410,12 @@ public class NetkeyKeygenService implements IService { audit(auditMessage); String rWrappedDesKeyString = request.getExtDataInString(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY); + // the request reocrd field delayLDAPCommit == "true" will cause + // updateRequest() to delay actual write to ldap + request.setExtData("delayLDAPCommit", "true"); + // wrappedDesKey no longer needed. removing. + request.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, ""); + // CMS.debug("NetkeyKeygenService: received DRM-trans-wrapped DES key ="+rWrappedDesKeyString); wrapped_des_key = com.netscape.cmsutil.util.Utils.SpecialDecode(rWrappedDesKeyString); CMS.debug("NetkeyKeygenService: wrapped_des_key specialDecoded"); diff --git a/base/server/cms/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java b/base/server/cms/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java index 83f159a83..7cf750a33 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java @@ -234,6 +234,19 @@ public class GenerateKeyPairServlet extends CMSServlet { String ivString = thisreq.getExtDataInString("iv_s"); /* + * clean up fields in request + */ + thisreq.setExtData("wrappedUserPrivate", ""); + thisreq.setExtData("public_key", ""); + thisreq.setExtData("iv_s", ""); + thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, ""); + String test = thisreq.getExtDataInString("wrappedUserPrivate"); + + // now that fields are cleared, we can really write to ldap + thisreq.setExtData("delayLDAPCommit", "false"); + queue.updateRequest(thisreq); + + /* if (selectedToken == null) status = "4"; */ @@ -251,7 +264,7 @@ public class GenerateKeyPairServlet extends CMSServlet { value = sb.toString(); } - CMS.debug("processServerSideKeyGen:outputString.encode " + value); + //CMS.debug("processServerSideKeyGen:outputString.encode " + value); try { resp.setContentLength(value.length()); diff --git a/base/server/cmscore/src/com/netscape/cmscore/request/ARequestQueue.java b/base/server/cmscore/src/com/netscape/cmscore/request/ARequestQueue.java index 3d82f8eb5..798da3fa5 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/request/ARequestQueue.java +++ b/base/server/cmscore/src/com/netscape/cmscore/request/ARequestQueue.java @@ -540,6 +540,8 @@ public abstract class ARequestQueue } public void updateRequest(IRequest r) { + // defualt is to really update ldap + String delayLDAPCommit = r.getExtDataInString("delayLDAPCommit"); ((Request) r).mModificationTime = CMS.getCurrentDate(); String name = getUserIdentity(); @@ -547,9 +549,12 @@ public abstract class ARequestQueue if (name != null) r.setExtData(IRequest.UPDATED_BY, name); - // TODO: use a state flag to determine whether to call - // addRequest or modifyRequest (see newRequest as well) - modifyRequest(r); + // by default, write request to LDAP + if (delayLDAPCommit == null || !delayLDAPCommit.equals("true")) { + // TODO: use a state flag to determine whether to call + // addRequest or modifyRequest (see newRequest as well) + modifyRequest(r); + } // else: delay the write to ldap } // PRIVATE functions diff --git a/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java b/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java index 1f7347ddd..0f3de3351 100644 --- a/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java +++ b/base/tps/src/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java @@ -107,7 +107,7 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler "&" + IRemoteRequest.KRA_Trans_DesKey + "=" + sDesKey; - CMS.debug("KRARemoteRequestHandler: outgoing request for ECC: " + request); + //CMS.debug("KRARemoteRequestHandler: outgoing request for ECC: " + request); resp = conn.send("GenerateKeyPair", @@ -127,7 +127,7 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler "&" + IRemoteRequest.KRA_Trans_DesKey + "=" + sDesKey; - CMS.debug("KRARemoteRequestHandler: outgoing request for RSA: " + request); + //CMS.debug("KRARemoteRequestHandler: outgoing request for RSA: " + request); resp = conn.send("GenerateKeyPair", @@ -144,8 +144,8 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler String content = resp.getContent(); - CMS.debug("KRARemoteRequestHandler: serverSideKeyGen(): got content = " + content); if (content != null && !content.equals("")) { + CMS.debug("KRARemoteRequestHandler: serverSideKeyGen(): got content"); Hashtable<String, Object> response = parseResponse(content); @@ -192,8 +192,7 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler CMS.debug("KRARemoteRequestHandler: serverSideKeyGen(): response missing name-value pair for: " + IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey); } else { - CMS.debug("KRARemoteRequestHandler:serverSideKeyGen(): got IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey= " - + value); + CMS.debug("KRARemoteRequestHandler:serverSideKeyGen(): got IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey"); response.put(IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey, value); } @@ -202,8 +201,7 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler CMS.debug("KRARemoteRequestHandler: serverSideKeyGen(): response missing name-value pair for: " + IRemoteRequest.KRA_RESPONSE_IV_Param); } else { - CMS.debug("KRARemoteRequestHandler:serverSideKeyGen(): got IRemoteRequest.KRA_RESPONSE_IV_Param= " - + value); + CMS.debug("KRARemoteRequestHandler:serverSideKeyGen(): got IRemoteRequest.KRA_RESPONSE_IV_Param"); response.put(IRemoteRequest.KRA_RESPONSE_IV_Param, value); } @@ -283,7 +281,7 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler "&" + IRemoteRequest.KRA_Trans_DesKey + "=" + sDesKey; } - CMS.debug("KRARemoteRequestHandler: recoverKey(): sendMsg =" + sendMsg); + //CMS.debug("KRARemoteRequestHandler: recoverKey(): sendMsg =" + sendMsg); HttpResponse resp = conn.send("TokenKeyRecovery", sendMsg); @@ -294,8 +292,8 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler String content = resp.getContent(); - CMS.debug("KRARemoteRequestHandler: recoverKey(): got content = " + content); if (content != null && !content.equals("")) { + CMS.debug("KRARemoteRequestHandler: recoverKey(): got content"); Hashtable<String, Object> response = parseResponse(content); @@ -337,8 +335,7 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler CMS.debug("KRARemoteRequestHandler: recoverKey(): response missing name-value pair for: " + IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey); } else { - CMS.debug("KRARemoteRequestHandler:recoverKey(): got IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey= " - + value); + CMS.debug("KRARemoteRequestHandler:recoverKey(): got IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey"); response.put(IRemoteRequest.KRA_RESPONSE_Wrapped_PrivKey, value); } @@ -347,7 +344,7 @@ public class KRARemoteRequestHandler extends RemoteRequestHandler CMS.debug("KRARemoteRequestHandler: recoverKey(): response missing name-value pair for: " + IRemoteRequest.KRA_RESPONSE_IV_Param); } else { - CMS.debug("KRARemoteRequestHandler:recoverKey(): got IRemoteRequest.KRA_RESPONSE_IV_Param= " + value); + CMS.debug("KRARemoteRequestHandler:recoverKey(): got IRemoteRequest.KRA_RESPONSE_IV_Param"); response.put(IRemoteRequest.KRA_RESPONSE_IV_Param, value); } diff --git a/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java b/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java index 32dd7a200..bc9d12c19 100644 --- a/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java +++ b/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java @@ -537,9 +537,11 @@ public class TPSEngine { boolean archive, boolean isECC) throws TPSException { +/* CMS.debug("TPSEngine.serverSideKeyGen entering... keySize: " + keySize + " cuid: " + cuid + " userid: " + userid + " drmConnId: " + drmConnId + " wrappedDesKey: " + wrappedDesKey + " archive: " + archive + " isECC: " + isECC); +*/ if (cuid == null || userid == null || drmConnId == null || wrappedDesKey == null) { throw new TPSException("TPSEngine.serverSideKeyGen: Invalid input data!", diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java index 07f7fa0d0..19df79f53 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java @@ -2816,7 +2816,7 @@ public class TPSEnrollProcessor extends TPSProcessor { TPSBuffer privKeyBuff = new TPSBuffer(Util.uriDecodeFromHex(wrappedPrivKeyStr)); privKeyBlob.add(privKeyBuff); - CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8 privKeyBlob: " + privKeyBlob.toHexString()); + //CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8 privKeyBlob: " + privKeyBlob.toHexString()); byte[] perms = { 0x40, 0x00, @@ -2840,7 +2840,7 @@ public class TPSEnrollProcessor extends TPSProcessor { CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8 : keyCheck: " + keyCheck.toHexString()); // String ivParams = ssKeyGenResponse.getIVParam(); - CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8: ivParams: " + ivParams); + //CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8: ivParams: " + ivParams); TPSBuffer ivParamsBuff = new TPSBuffer(Util.uriDecodeFromHex(ivParams)); if (ivParamsBuff.size() == 0) { @@ -2851,9 +2851,9 @@ public class TPSEnrollProcessor extends TPSProcessor { TPSBuffer kekWrappedDesKey = channel.getKekDesKey(); - if (kekWrappedDesKey != null) - CMS.debug("TPSEnrollProcessor.importPrivateKeyPKCS8: keyWrappedDesKey: " + kekWrappedDesKey.toHexString()); - else + if (kekWrappedDesKey != null) { + //CMS.debug("TPSEnrollProcessor.importPrivateKeyPKCS8: keyWrappedDesKey: " + kekWrappedDesKey.toHexString()); + } else CMS.debug("TPSEnrollProcessor.iportPrivateKeyPKC8: null kekWrappedDesKey!"); byte alg = (byte) 0x80; @@ -2873,7 +2873,7 @@ public class TPSEnrollProcessor extends TPSProcessor { } data.add((byte) ivParamsBuff.size()); data.add(ivParamsBuff); - CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8: key data outgoing: " + data.toHexString()); + //CMS.debug("TPSEnrollProcessor.importprivateKeyPKCS8: key data outgoing: " + data.toHexString()); int pe1 = (cEnrollInfo.getKeyUser() << 4) + cEnrollInfo.getPrivateKeyNumber(); int pe2 = (cEnrollInfo.getKeyUsage() << 4) + cEnrollInfo.getPublicKeyNumber(); |