diff options
Diffstat (limited to 'base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java')
-rw-r--r-- | base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java | 161 |
1 files changed, 153 insertions, 8 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java b/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java index 75fb886df..560d7f9f8 100644 --- a/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java +++ b/base/common/src/com/netscape/cms/servlet/key/KeyResourceService.java @@ -19,19 +19,31 @@ package com.netscape.cms.servlet.key; +import java.math.BigInteger; +import java.util.ArrayList; +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.List; + +import javax.ws.rs.Path; import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; +import javax.ws.rs.core.UriBuilder; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.dbs.keydb.IKeyRecord; +import com.netscape.certsrv.dbs.keydb.IKeyRepository; import com.netscape.certsrv.dbs.keydb.KeyId; +import com.netscape.certsrv.kra.IKeyRecoveryAuthority; import com.netscape.certsrv.request.IRequest; +import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.base.CMSResourceService; -import com.netscape.cms.servlet.key.model.KeyDAO; import com.netscape.cms.servlet.key.model.KeyData; +import com.netscape.cms.servlet.key.model.KeyDataInfo; import com.netscape.cms.servlet.key.model.KeyDataInfos; import com.netscape.cms.servlet.request.model.KeyRequestDAO; import com.netscape.cms.servlet.request.model.KeyRequestInfo; @@ -44,6 +56,16 @@ import com.netscape.cmsutil.ldap.LDAPUtil; */ public class KeyResourceService extends CMSResourceService implements KeyResource{ + private IKeyRepository repo; + private IKeyRecoveryAuthority kra; + private IRequestQueue queue; + + public KeyResourceService() { + kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( "kra" ); + repo = kra.getKeyRepository(); + queue = kra.getRequestQueue(); + } + /** * Used to retrieve a key * @param data @@ -52,12 +74,10 @@ public class KeyResourceService extends CMSResourceService implements KeyResourc public KeyData retrieveKey(RecoveryRequestData data) { // auth and authz KeyId keyId = validateRequest(data); - KeyDAO dao = new KeyDAO(); KeyData keyData; try { - keyData = dao.getKey(keyId, data); + keyData = getKey(keyId, data); } catch (EBaseException e) { - // log error e.printStackTrace(); throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); } @@ -74,6 +94,104 @@ public class KeyResourceService extends CMSResourceService implements KeyResourc return retrieveKey(data); } + public KeyData getKey(KeyId keyId, RecoveryRequestData data) throws EBaseException { + KeyData keyData; + + RequestId rId = data.getRequestId(); + + String transWrappedSessionKey; + String sessionWrappedPassphrase; + + IRequest request = queue.findRequest(rId); + + if (request == null) { + return null; + } + + // get wrapped key + IKeyRecord rec = repo.readKeyRecord(keyId.toBigInteger()); + if (rec == null) { + return null; + } + + Hashtable<String, Object> requestParams = kra.getVolatileRequest( + request.getRequestId()); + + if(requestParams == null) { + throw new EBaseException("Can't obtain Volatile requestParams in getKey!"); + } + + String sessWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_SESS_WRAPPED_DATA); + String passWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_PASS_WRAPPED_DATA); + String nonceData = (String) requestParams.get(IRequest.SECURITY_DATA_IV_STRING_OUT); + + if (sessWrappedKeyData != null || passWrappedKeyData != null) { + //The recovery process has already placed a valid recovery + //package, either session key wrapped or pass wrapped, into the request. + //Request already has been processed. + keyData = new KeyData(); + + } else { + // The request has not yet been processed, let's see if the RecoveryRequestData contains + // the info now needed to process the recovery request. + + transWrappedSessionKey = data.getTransWrappedSessionKey(); + sessionWrappedPassphrase = data.getSessionWrappedPassphrase(); + nonceData = data.getNonceData(); + + if (transWrappedSessionKey == null) { + //There must be at least a transWrappedSessionKey input provided. + //The command AND the request have provided insufficient data, end of the line. + throw new EBaseException("Can't retrieve key, insufficient input data!"); + } + + if (sessionWrappedPassphrase != null) { + requestParams.put(IRequest.SECURITY_DATA_SESS_PASS_PHRASE, sessionWrappedPassphrase); + } + + if (transWrappedSessionKey != null) { + requestParams.put(IRequest.SECURITY_DATA_TRANS_SESS_KEY, transWrappedSessionKey); + } + + if (nonceData != null) { + requestParams.put(IRequest.SECURITY_DATA_IV_STRING_IN, nonceData); + } + + try { + // Has to be in this state or it won't go anywhere. + request.setRequestStatus(RequestStatus.BEGIN); + queue.processRequest(request); + } catch (EBaseException e) { + kra.destroyVolatileRequest(request.getRequestId()); + throw new EBaseException(e.toString()); + } + + nonceData = null; + keyData = new KeyData(); + + sessWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_SESS_WRAPPED_DATA); + passWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_PASS_WRAPPED_DATA); + nonceData = (String) requestParams.get(IRequest.SECURITY_DATA_IV_STRING_OUT); + + } + + if (sessWrappedKeyData != null) { + keyData.setWrappedPrivateData(sessWrappedKeyData); + } + if (passWrappedKeyData != null) { + keyData.setWrappedPrivateData(passWrappedKeyData); + } + if (nonceData != null) { + keyData.setNonceData(nonceData); + } + + kra.destroyVolatileRequest(request.getRequestId()); + + queue.markAsServiced(request); + + return keyData; + } + private KeyId validateRequest(RecoveryRequestData data) { // confirm request exists @@ -134,10 +252,24 @@ public class KeyResourceService extends CMSResourceService implements KeyResourc String filter = createSearchFilter(status, clientID); CMS.debug("listKeys: filter is " + filter); - KeyDAO dao = new KeyDAO(); - KeyDataInfos infos; + KeyDataInfos infos = new KeyDataInfos(); try { - infos = dao.listKeys(filter, maxResults, maxTime, uriInfo); + List <KeyDataInfo> list = new ArrayList<KeyDataInfo>(); + Enumeration<IKeyRecord> e = null; + + e = repo.searchKeys(filter, maxResults, maxTime); + if (e == null) { + throw new EBaseException("search results are null"); + } + + while (e.hasMoreElements()) { + IKeyRecord rec = e.nextElement(); + if (rec != null) { + list.add(createKeyDataInfo(rec)); + } + } + + infos.setKeyInfos(list); } catch (EBaseException e) { e.printStackTrace(); throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); @@ -145,6 +277,20 @@ public class KeyResourceService extends CMSResourceService implements KeyResourc return infos; } + + public KeyDataInfo createKeyDataInfo(IKeyRecord rec) throws EBaseException { + KeyDataInfo ret = new KeyDataInfo(); + + Path keyPath = KeyResource.class.getAnnotation(Path.class); + BigInteger serial = rec.getSerialNumber(); + + UriBuilder keyBuilder = uriInfo.getBaseUriBuilder(); + keyBuilder.path(keyPath.value() + "/" + serial); + ret.setKeyURL(keyBuilder.build().toString()); + + return ret; + } + private String createSearchFilter(String status, String clientID) { String filter = ""; int matches = 0; @@ -170,5 +316,4 @@ public class KeyResourceService extends CMSResourceService implements KeyResourc return filter; } - } |