summaryrefslogtreecommitdiffstats
path: root/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java
diff options
context:
space:
mode:
Diffstat (limited to 'base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java')
-rw-r--r--base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java161
1 files changed, 153 insertions, 8 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java b/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java
index 75fb886df..560d7f9f8 100644
--- a/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java
+++ b/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java
@@ -19,19 +19,31 @@
package com.netscape.cms.servlet.key;
+import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.Hashtable;
+import java.util.List;
+
+import javax.ws.rs.Path;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriBuilder;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.dbs.keydb.IKeyRecord;
+import com.netscape.certsrv.dbs.keydb.IKeyRepository;
import com.netscape.certsrv.dbs.keydb.KeyId;
+import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
import com.netscape.certsrv.request.IRequest;
+import com.netscape.certsrv.request.IRequestQueue;
import com.netscape.certsrv.request.RequestId;
import com.netscape.certsrv.request.RequestStatus;
import com.netscape.cms.servlet.base.CMSResourceService;
-import com.netscape.cms.servlet.key.model.KeyDAO;
import com.netscape.cms.servlet.key.model.KeyData;
+import com.netscape.cms.servlet.key.model.KeyDataInfo;
import com.netscape.cms.servlet.key.model.KeyDataInfos;
import com.netscape.cms.servlet.request.model.KeyRequestDAO;
import com.netscape.cms.servlet.request.model.KeyRequestInfo;
@@ -44,6 +56,16 @@ import com.netscape.cmsutil.ldap.LDAPUtil;
*/
public class KeyResourceService extends CMSResourceService implements KeyResource{
+ private IKeyRepository repo;
+ private IKeyRecoveryAuthority kra;
+ private IRequestQueue queue;
+
+ public KeyResourceService() {
+ kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( "kra" );
+ repo = kra.getKeyRepository();
+ queue = kra.getRequestQueue();
+ }
+
/**
* Used to retrieve a key
* @param data
@@ -52,12 +74,10 @@ public class KeyResourceService extends CMSResourceService implements KeyResourc
public KeyData retrieveKey(RecoveryRequestData data) {
// auth and authz
KeyId keyId = validateRequest(data);
- KeyDAO dao = new KeyDAO();
KeyData keyData;
try {
- keyData = dao.getKey(keyId, data);
+ keyData = getKey(keyId, data);
} catch (EBaseException e) {
- // log error
e.printStackTrace();
throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
}
@@ -74,6 +94,104 @@ public class KeyResourceService extends CMSResourceService implements KeyResourc
return retrieveKey(data);
}
+ public KeyData getKey(KeyId keyId, RecoveryRequestData data) throws EBaseException {
+ KeyData keyData;
+
+ RequestId rId = data.getRequestId();
+
+ String transWrappedSessionKey;
+ String sessionWrappedPassphrase;
+
+ IRequest request = queue.findRequest(rId);
+
+ if (request == null) {
+ return null;
+ }
+
+ // get wrapped key
+ IKeyRecord rec = repo.readKeyRecord(keyId.toBigInteger());
+ if (rec == null) {
+ return null;
+ }
+
+ Hashtable<String, Object> requestParams = kra.getVolatileRequest(
+ request.getRequestId());
+
+ if(requestParams == null) {
+ throw new EBaseException("Can't obtain Volatile requestParams in getKey!");
+ }
+
+ String sessWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_SESS_WRAPPED_DATA);
+ String passWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_PASS_WRAPPED_DATA);
+ String nonceData = (String) requestParams.get(IRequest.SECURITY_DATA_IV_STRING_OUT);
+
+ if (sessWrappedKeyData != null || passWrappedKeyData != null) {
+ //The recovery process has already placed a valid recovery
+ //package, either session key wrapped or pass wrapped, into the request.
+ //Request already has been processed.
+ keyData = new KeyData();
+
+ } else {
+ // The request has not yet been processed, let's see if the RecoveryRequestData contains
+ // the info now needed to process the recovery request.
+
+ transWrappedSessionKey = data.getTransWrappedSessionKey();
+ sessionWrappedPassphrase = data.getSessionWrappedPassphrase();
+ nonceData = data.getNonceData();
+
+ if (transWrappedSessionKey == null) {
+ //There must be at least a transWrappedSessionKey input provided.
+ //The command AND the request have provided insufficient data, end of the line.
+ throw new EBaseException("Can't retrieve key, insufficient input data!");
+ }
+
+ if (sessionWrappedPassphrase != null) {
+ requestParams.put(IRequest.SECURITY_DATA_SESS_PASS_PHRASE, sessionWrappedPassphrase);
+ }
+
+ if (transWrappedSessionKey != null) {
+ requestParams.put(IRequest.SECURITY_DATA_TRANS_SESS_KEY, transWrappedSessionKey);
+ }
+
+ if (nonceData != null) {
+ requestParams.put(IRequest.SECURITY_DATA_IV_STRING_IN, nonceData);
+ }
+
+ try {
+ // Has to be in this state or it won't go anywhere.
+ request.setRequestStatus(RequestStatus.BEGIN);
+ queue.processRequest(request);
+ } catch (EBaseException e) {
+ kra.destroyVolatileRequest(request.getRequestId());
+ throw new EBaseException(e.toString());
+ }
+
+ nonceData = null;
+ keyData = new KeyData();
+
+ sessWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_SESS_WRAPPED_DATA);
+ passWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_PASS_WRAPPED_DATA);
+ nonceData = (String) requestParams.get(IRequest.SECURITY_DATA_IV_STRING_OUT);
+
+ }
+
+ if (sessWrappedKeyData != null) {
+ keyData.setWrappedPrivateData(sessWrappedKeyData);
+ }
+ if (passWrappedKeyData != null) {
+ keyData.setWrappedPrivateData(passWrappedKeyData);
+ }
+ if (nonceData != null) {
+ keyData.setNonceData(nonceData);
+ }
+
+ kra.destroyVolatileRequest(request.getRequestId());
+
+ queue.markAsServiced(request);
+
+ return keyData;
+ }
+
private KeyId validateRequest(RecoveryRequestData data) {
// confirm request exists
@@ -134,10 +252,24 @@ public class KeyResourceService extends CMSResourceService implements KeyResourc
String filter = createSearchFilter(status, clientID);
CMS.debug("listKeys: filter is " + filter);
- KeyDAO dao = new KeyDAO();
- KeyDataInfos infos;
+ KeyDataInfos infos = new KeyDataInfos();
try {
- infos = dao.listKeys(filter, maxResults, maxTime, uriInfo);
+ List <KeyDataInfo> list = new ArrayList<KeyDataInfo>();
+ Enumeration<IKeyRecord> e = null;
+
+ e = repo.searchKeys(filter, maxResults, maxTime);
+ if (e == null) {
+ throw new EBaseException("search results are null");
+ }
+
+ while (e.hasMoreElements()) {
+ IKeyRecord rec = e.nextElement();
+ if (rec != null) {
+ list.add(createKeyDataInfo(rec));
+ }
+ }
+
+ infos.setKeyInfos(list);
} catch (EBaseException e) {
e.printStackTrace();
throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
@@ -145,6 +277,20 @@ public class KeyResourceService extends CMSResourceService implements KeyResourc
return infos;
}
+
+ public KeyDataInfo createKeyDataInfo(IKeyRecord rec) throws EBaseException {
+ KeyDataInfo ret = new KeyDataInfo();
+
+ Path keyPath = KeyResource.class.getAnnotation(Path.class);
+ BigInteger serial = rec.getSerialNumber();
+
+ UriBuilder keyBuilder = uriInfo.getBaseUriBuilder();
+ keyBuilder.path(keyPath.value() + "/" + serial);
+ ret.setKeyURL(keyBuilder.build().toString());
+
+ return ret;
+ }
+
private String createSearchFilter(String status, String clientID) {
String filter = "";
int matches = 0;
@@ -170,5 +316,4 @@ public class KeyResourceService extends CMSResourceService implements KeyResourc
return filter;
}
-
}
generated by cgit (git 2.34.1) at 2024-05-21 20:15:42 +0000