diff options
Diffstat (limited to 'base/common/src/com/netscape/certsrv/key/KeyClient.java')
-rw-r--r-- | base/common/src/com/netscape/certsrv/key/KeyClient.java | 53 |
1 files changed, 47 insertions, 6 deletions
diff --git a/base/common/src/com/netscape/certsrv/key/KeyClient.java b/base/common/src/com/netscape/certsrv/key/KeyClient.java index f459737e7..750d27081 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyClient.java +++ b/base/common/src/com/netscape/certsrv/key/KeyClient.java @@ -18,7 +18,10 @@ package com.netscape.certsrv.key; import java.net.URISyntaxException; +import java.security.KeyFactory; import java.security.NoSuchAlgorithmException; +import java.security.PublicKey; +import java.security.spec.X509EncodedKeySpec; import java.util.List; import javax.ws.rs.core.Response; @@ -401,11 +404,51 @@ public class KeyClient extends Client { byte[] transWrappedSessionKey = crypto.wrapSessionKeyWithTransportCert(sessionKey, transportCert); Key data = retrieveKey(keyId, transWrappedSessionKey); - if (data.getEncryptedData()!= null) + processKeyData(data, sessionKey); + return data; + } + + public void processKeyData(Key data, SymmetricKey sessionKey) throws Exception { + if (data.getEncryptedData() == null) + return; + + if (data.getWrapAlgorithm() == null) { + // data was encrypted data.setData(crypto.unwrapWithSessionKey(data.getEncryptedData(), sessionKey, - encryptAlgorithm, data.getNonceData())); + encryptAlgorithm, data.getNonceData())); + return; + } - return data; + // data was key-wrapped and is a private or symmetric key + byte[] bytes = null; + + if (data.getType().equalsIgnoreCase(KeyRequestResource.SYMMETRIC_KEY_TYPE)) { + bytes = crypto.unwrapSymmetricKeyWithSessionKey( + data.getEncryptedData(), + sessionKey, + wrapAlgorithm, + data.getNonceData(), + data.getAlgorithm(), + data.getSize()); + } else { + // private key in asymmetric key pair + + // get public key from key_info + // TODO(alee) This assumes RSA for now + + byte[] pubKeyBytes = Utils.base64decode(data.getPublicKey()); + PublicKey pubKey = KeyFactory.getInstance("RSA").generatePublic( + new X509EncodedKeySpec(pubKeyBytes)); + + bytes = crypto.unwrapAsymmetricKeyWithSessionKey( + data.getEncryptedData(), + sessionKey, + wrapAlgorithm, + data.getNonceData(), + pubKey); + } + + data.setData(bytes); } public Key retrieveKeyByRequest(RequestId requestId) throws Exception { @@ -421,9 +464,7 @@ public class KeyClient extends Client { recoveryRequest.setPayloadEncryptionOID(getEncryptAlgorithmOID()); Key data = retrieveKeyData(recoveryRequest); - if (data.getEncryptedData() != null) - data.setData(crypto.unwrapWithSessionKey(data.getEncryptedData(), sessionKey, - encryptAlgorithm, data.getNonceData())); + processKeyData(data, sessionKey); return data; } |