diff options
Diffstat (limited to 'base/common/src/com')
-rw-r--r-- | base/common/src/com/netscape/certsrv/request/IRequest.java | 2 | ||||
-rw-r--r-- | base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java | 87 |
2 files changed, 67 insertions, 22 deletions
diff --git a/base/common/src/com/netscape/certsrv/request/IRequest.java b/base/common/src/com/netscape/certsrv/request/IRequest.java index f54352ce1..59ae460e5 100644 --- a/base/common/src/com/netscape/certsrv/request/IRequest.java +++ b/base/common/src/com/netscape/certsrv/request/IRequest.java @@ -153,6 +153,8 @@ public interface IRequest { public final static String NETKEY_ATTR_ENC_PRIVKEY_FLAG ="encryptPrivKey"; public final static String NETKEY_ATTR_USER_CERT = "cert"; public final static String NETKEY_ATTR_KEY_SIZE = "keysize"; + public final static String NETKEY_ATTR_KEY_TYPE = "keytype"; + public final static String NETKEY_ATTR_KEY_EC_CURVE = "eckeycurve"; // requestor type values. public static final String REQUESTOR_EE = "EE"; diff --git a/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java b/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java index 2f41efc14..ec9b28cad 100644 --- a/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java +++ b/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java @@ -24,6 +24,7 @@ import javax.servlet.*; import javax.servlet.http.*; import java.io.*; +import java.util.Hashtable; import com.netscape.certsrv.common.*; import com.netscape.certsrv.request.*; @@ -55,6 +56,7 @@ public class GenerateKeyPairServlet extends CMSServlet { IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":"); protected IAuthSubsystem mAuthSubsystem = null; protected ILogger mLogger = CMS.getLogger(); + private Hashtable supportedECCurves_ht = null; /** * Constructs GenerateKeyPair servlet. @@ -67,6 +69,7 @@ public class GenerateKeyPairServlet extends CMSServlet { public void init(ServletConfig config) throws ServletException { super.init(config); mConfig = config; + IConfigStore sconfig = CMS.getConfigStore(); String authority = config.getInitParameter(PROP_AUTHORITY); if (authority != null) @@ -74,6 +77,22 @@ public class GenerateKeyPairServlet extends CMSServlet { CMS.getSubsystem(authority); mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + + // supported EC cuves by the smart cards + String curveList = null; + try { + curveList = sconfig.getString("kra.keygen.curvelist", + "nistp256,nistp384,nistp521"); + } catch (EBaseException e) { + curveList = "nistp256,nistp384,nistp521"; + } + + supportedECCurves_ht = new Hashtable(); + String[] supportedECCurves = curveList.split(","); + for ( int i = 0; i < supportedECCurves.length; i++) { + supportedECCurves_ht.put(supportedECCurves[i], supportedECCurves[i]); + } + } /** @@ -113,8 +132,10 @@ public class GenerateKeyPairServlet extends CMSServlet { String rCUID = req.getParameter("CUID"); String rUserid = req.getParameter("userid"); String rdesKeyString = req.getParameter("drm_trans_desKey"); - String rArchive = req.getParameter("archive"); - String rKeysize = req.getParameter("keysize"); + String rArchive = req.getParameter("archive"); + String rKeysize = req.getParameter("keysize"); + String rKeytype = req.getParameter("keytype"); + String rKeycurve = req.getParameter("eckeycurve"); if ((rCUID == null) || (rCUID.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: CUID"); @@ -126,9 +147,29 @@ public class GenerateKeyPairServlet extends CMSServlet { missingParam = true; } - if ((rKeysize == null) || (rKeysize.equals(""))) { - rKeysize = "1024"; // default to 1024 - } + // keysize is for non-EC (EC uses keycurve) + if (!rKeytype.equals("EC") && ((rKeysize == null) || (rKeysize.equals("")))) { + rKeysize = "1024"; // default to 1024 + } + + // if not specified, default to RSA + if ((rKeytype == null) || (rKeytype.equals(""))) { + rKeytype = "RSA"; + } + + if (rKeytype.equals("EC")) { + if ((rKeycurve == null) || (rKeycurve.equals(""))) { + rKeycurve = "nistp256"; + } + // is the specified curve supported? + boolean isSupportedCurve = supportedECCurves_ht.containsKey(rKeycurve); + if (isSupportedCurve == false) { + CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): unsupported curve:"+ rKeycurve); + missingParam = true; + } else { + CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): curve to be generated:"+ rKeycurve); + } + } if ((rdesKeyString == null) || (rdesKeyString.equals(""))) { @@ -138,7 +179,7 @@ public class GenerateKeyPairServlet extends CMSServlet { if ((rArchive == null) || (rArchive.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing key archival flag 'archive' ,default to true"); - rArchive = "true"; + rArchive = "true"; } String selectedToken = null; @@ -150,17 +191,19 @@ public class GenerateKeyPairServlet extends CMSServlet { thisreq.setExtData(IRequest.NETKEY_ATTR_CUID, rCUID); thisreq.setExtData(IRequest.NETKEY_ATTR_USERID, rUserid); thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString); - thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive); - thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize); + thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive); + thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize); + thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_TYPE, rKeytype); + thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_EC_CURVE, rKeycurve); queue.processRequest( thisreq ); Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); if (result != null) { - // sighs! tps thinks 0 is good, and DRM thinks 1 is good - if (result.intValue() == 1) - status = "0"; - else - status = result.toString(); + // sighs! tps thinks 0 is good, and DRM thinks 1 is good + if (result.intValue() == 1) + status = "0"; + else + status = result.toString(); } else status = "7"; @@ -183,7 +226,7 @@ public class GenerateKeyPairServlet extends CMSServlet { publicKeyString = thisreq.getExtDataInString("public_key"); wrappedPrivKeyString = thisreq.getExtDataInString("wrappedUserPrivate"); - String ivString = thisreq.getExtDataInString("iv_s"); + String ivString = thisreq.getExtDataInString("iv_s"); /* if (selectedToken == null) @@ -194,12 +237,12 @@ public class GenerateKeyPairServlet extends CMSServlet { else { StringBuffer sb = new StringBuffer(); sb.append("status=0&"); - sb.append("wrapped_priv_key="); - sb.append(wrappedPrivKeyString); - sb.append("&iv_param="); - sb.append(ivString); + sb.append("wrapped_priv_key="); + sb.append(wrappedPrivKeyString); + sb.append("&iv_param="); + sb.append(ivString); sb.append("&public_key="); - sb.append(publicKeyString); + sb.append(publicKeyString); value = sb.toString(); } @@ -267,9 +310,9 @@ public class GenerateKeyPairServlet extends CMSServlet { } // begin Netkey serverSideKeyGen and archival - CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called"); - processServerSideKeyGen(req, resp); - return; + CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called"); + processServerSideKeyGen(req, resp); + return; // end Netkey functions } |