summaryrefslogtreecommitdiffstats
path: root/base/kra
diff options
context:
space:
mode:
Diffstat (limited to 'base/kra')
-rw-r--r--base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java130
-rw-r--r--base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java23
-rw-r--r--base/kra/src/CMakeLists.txt72
-rw-r--r--base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java36
-rw-r--r--base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java2
-rw-r--r--base/kra/src/com/netscape/kra/SecurityDataService.java3
6 files changed, 72 insertions, 194 deletions
diff --git a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java
deleted file mode 100644
index 372b8aea6..000000000
--- a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java
+++ /dev/null
@@ -1,130 +0,0 @@
-package com.netscape.cms.servlet.test;
-
-import java.net.URISyntaxException;
-import java.util.Collection;
-import java.util.Iterator;
-
-import org.jboss.resteasy.client.ClientResponse;
-
-import com.netscape.certsrv.dbs.keydb.KeyId;
-import com.netscape.certsrv.request.RequestId;
-import com.netscape.cms.client.cli.ClientConfig;
-import com.netscape.cms.servlet.admin.SystemCertificateResource;
-import com.netscape.cms.servlet.cert.model.CertificateData;
-import com.netscape.cms.servlet.csadmin.CMSRestClient;
-import com.netscape.cms.servlet.key.KeyResource;
-import com.netscape.cms.servlet.key.model.KeyData;
-import com.netscape.cms.servlet.key.model.KeyDataInfo;
-import com.netscape.cms.servlet.key.model.KeyDataInfos;
-import com.netscape.cms.servlet.request.KeyRequestResource;
-import com.netscape.cms.servlet.request.model.ArchivalRequestData;
-import com.netscape.cms.servlet.request.model.KeyRequestInfo;
-import com.netscape.cms.servlet.request.model.KeyRequestInfos;
-import com.netscape.cms.servlet.request.model.RecoveryRequestData;
-import com.netscape.cmsutil.util.Utils;
-
-public class DRMRestClient extends CMSRestClient {
-
- private KeyResource keyClient;
- private KeyRequestResource keyRequestClient;
- private SystemCertificateResource systemCertClient;
-
- public DRMRestClient(ClientConfig config) throws URISyntaxException {
- super(config);
-
- systemCertClient = createProxy(SystemCertificateResource.class);
- keyRequestClient = createProxy(KeyRequestResource.class);
- keyClient = createProxy(KeyResource.class);
- }
-
- public String getTransportCert() {
- @SuppressWarnings("unchecked")
- ClientResponse<CertificateData> response = (ClientResponse<CertificateData>) systemCertClient
- .getTransportCert();
- CertificateData certData = getEntity(response);
- String transportCert = certData.getEncoded();
- return transportCert;
- }
-
- public Collection<KeyRequestInfo> listRequests(String requestState, String requestType) {
- KeyRequestInfos infos = keyRequestClient.listRequests(
- requestState, requestType, null, new RequestId(0), 100, 100, 10
- );
- Collection<KeyRequestInfo> list = infos.getRequests();
- return list;
- }
-
- public KeyRequestInfo archiveSecurityData(byte[] encoded, String clientId, String dataType) {
- // create archival request
- ArchivalRequestData data = new ArchivalRequestData();
- String req1 = Utils.base64encode(encoded);
- data.setWrappedPrivateData(req1);
- data.setClientId(clientId);
- data.setDataType(dataType);
-
- KeyRequestInfo info = keyRequestClient.archiveKey(data);
- return info;
- }
-
- public KeyDataInfo getKeyData(String clientId, String status) {
- KeyDataInfos infos = keyClient.listKeys(clientId, status, 100, 10);
- Collection<KeyDataInfo> list = infos.getKeyInfos();
- Iterator<KeyDataInfo> iter = list.iterator();
-
- while (iter.hasNext()) {
- KeyDataInfo info = iter.next();
- if (info != null) {
- // return the first one
- return info;
- }
- }
- return null;
- }
-
- public KeyRequestInfo requestRecovery(KeyId keyId, byte[] rpwd, byte[] rkey, byte[] nonceData) {
- // create recovery request
- RecoveryRequestData data = new RecoveryRequestData();
- data.setKeyId(keyId);
- if (rpwd != null) {
- data.setSessionWrappedPassphrase(Utils.base64encode(rpwd));
- }
- if (rkey != null) {
- data.setTransWrappedSessionKey(Utils.base64encode(rkey));
- }
-
- if (nonceData != null) {
- data.setNonceData(Utils.base64encode(nonceData));
- }
-
- KeyRequestInfo info = keyRequestClient.recoverKey(data);
- return info;
- }
-
- public void approveRecovery(RequestId recoveryId) {
- keyRequestClient.approveRequest(recoveryId);
- }
-
- public KeyData retrieveKey(KeyId keyId, RequestId requestId, byte[] rpwd, byte[] rkey, byte[] nonceData) {
- // create recovery request
- RecoveryRequestData data = new RecoveryRequestData();
- data.setKeyId(keyId);
- data.setRequestId(requestId);
- if (rkey != null) {
- data.setTransWrappedSessionKey(Utils.base64encode(rkey));
- }
- if (rpwd != null) {
- data.setSessionWrappedPassphrase(Utils.base64encode(rpwd));
- }
-
- if (nonceData != null) {
- data.setNonceData(Utils.base64encode(nonceData));
- }
-
- KeyData key = keyClient.retrieveKey(data);
- return key;
- }
-
- public KeyRequestInfo getRequest(RequestId id) {
- return keyRequestClient.getRequestInfo(id);
- }
-}
diff --git a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java
index 62cdfe992..7035803ab 100644
--- a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java
+++ b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java
@@ -38,14 +38,15 @@ import org.mozilla.jss.crypto.SymmetricKey;
import org.mozilla.jss.util.Password;
import com.netscape.certsrv.dbs.keydb.KeyId;
+import com.netscape.certsrv.key.KeyData;
+import com.netscape.certsrv.key.KeyDataInfo;
+import com.netscape.certsrv.key.KeyRequestInfo;
+import com.netscape.certsrv.key.KeyRequestResource;
import com.netscape.certsrv.request.RequestId;
-import com.netscape.cms.client.cli.ClientConfig;
-import com.netscape.cms.servlet.base.CMSResourceService;
-import com.netscape.cms.servlet.key.model.KeyData;
-import com.netscape.cms.servlet.key.model.KeyDataInfo;
-import com.netscape.cms.servlet.request.KeyRequestResource;
-import com.netscape.cms.servlet.request.RequestNotFoundException;
-import com.netscape.cms.servlet.request.model.KeyRequestInfo;
+import com.netscape.certsrv.request.RequestNotFoundException;
+import com.netscape.cms.client.ClientConfig;
+import com.netscape.cms.client.kra.DRMClient;
+import com.netscape.cms.servlet.base.PKIService;
import com.netscape.cmsutil.crypto.CryptoUtil;
import com.netscape.cmsutil.util.Utils;
@@ -194,13 +195,13 @@ public class DRMTest {
// Set base URI and get client
- DRMRestClient client;
+ DRMClient client;
try {
ClientConfig config = new ClientConfig();
config.setServerURI(protocol + "://" + host + ":" + port + "/kra");
config.setCertNickname(clientCertNickname);
- client = new DRMRestClient(config);
+ client = new DRMClient(config);
} catch (Exception e) {
e.printStackTrace();
@@ -209,8 +210,8 @@ public class DRMTest {
// Test 1: Get transport certificate from DRM
transportCert = client.getTransportCert();
- transportCert = transportCert.substring(CMSResourceService.HEADER.length(),
- transportCert.indexOf(CMSResourceService.TRAILER));
+ transportCert = transportCert.substring(PKIService.HEADER.length(),
+ transportCert.indexOf(PKIService.TRAILER));
log("Transport Cert retrieved from DRM: " + transportCert);
diff --git a/base/kra/src/CMakeLists.txt b/base/kra/src/CMakeLists.txt
index 71056ffa6..5f5e3f016 100644
--- a/base/kra/src/CMakeLists.txt
+++ b/base/kra/src/CMakeLists.txt
@@ -76,41 +76,47 @@ find_file(SYMKEY_JAR
)
-# identify java sources
-set(pki-kra_java_SRCS
- com/netscape/kra/KeyRecoveryAuthority.java
- com/netscape/kra/KeyRecoveryAuthorityApplication.java
- com/netscape/kra/EnrollmentService.java
- com/netscape/kra/RecoveryService.java
- com/netscape/kra/SecurityDataRecoveryService.java
- com/netscape/kra/TokenKeyRecoveryService.java
- com/netscape/kra/EncryptionUnit.java
- com/netscape/kra/KRAService.java
- com/netscape/kra/NetkeyKeygenService.java
- com/netscape/kra/SecurityDataService.java
- com/netscape/kra/KRANotify.java
- com/netscape/kra/KRAPolicy.java
- com/netscape/kra/TransportKeyUnit.java
- com/netscape/kra/StorageKeyUnit.java
- com/netscape/kra/ArchiveOptions.java
+# build pki-kra
+javac(pki-kra-classes
+ SOURCES
+ com/netscape/kra/*.java
+ CLASSPATH
+ ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR} ${PKI_CMSCORE_JAR}
+ ${PKI_CMSUTIL_JAR} ${PKI_NSUTIL_JAR}
+ ${LDAPJDK_JAR} ${JAXRS_API_JAR}
+ ${JSS_JAR} ${COMMONS_CODEC_JAR} ${SYMKEY_JAR}
+ OUTPUT_DIR
+ ${CMAKE_BINARY_DIR}/classes
+ DEPENDS
+ symkey pki-nsutil pki-cmsutil pki-certsrv pki-cms pki-cmscore
)
+jar(pki-kra-jar
+ CREATE
+ ${CMAKE_BINARY_DIR}/dist/pki-kra-${APPLICATION_VERSION}.jar
+ INPUT_DIR
+ ${CMAKE_BINARY_DIR}/classes
+ FILES
+ com/netscape/kra/*.class
+ DEPENDS
+ pki-kra-classes
+)
-# set classpath
-set(CMAKE_JAVA_INCLUDE_PATH
- ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR} ${PKI_CMSCORE_JAR}
- ${PKI_CMSUTIL_JAR} ${PKI_NSUTIL_JAR}
- ${LDAPJDK_JAR} ${JAXRS_API_JAR}
- ${JSS_JAR} ${COMMONS_CODEC_JAR} ${SYMKEY_JAR})
-
-
-# set version
-set(CMAKE_JAVA_TARGET_VERSION ${APPLICATION_VERSION})
-
+link(pki-kra
+ SOURCE
+ ${CMAKE_BINARY_DIR}/dist/pki-kra.jar
+ DEST
+ pki-kra-${APPLICATION_VERSION}.jar
+ DEPENDS
+ pki-kra-jar
+)
-# build pki-kra.jar
-add_jar(pki-kra ${pki-kra_java_SRCS})
-add_dependencies(pki-kra symkey pki-nsutil pki-cmsutil pki-certsrv pki-cms pki-cmscore)
-install_jar(pki-kra ${JAVA_JAR_INSTALL_DIR}/pki)
-set(PKI_KRA_JAR ${pki-kra_JAR_FILE} CACHE INTERNAL "pki-kra jar file")
+install(
+ FILES
+ ${CMAKE_BINARY_DIR}/dist/pki-kra.jar
+ ${CMAKE_BINARY_DIR}/dist/pki-kra-${APPLICATION_VERSION}.jar
+ DESTINATION
+ ${JAVA_JAR_INSTALL_DIR}/pki
+)
+set(PKI_KRA_JAR ${CMAKE_BINARY_DIR}/dist/pki-kra.jar CACHE INTERNAL "pki-kra jar file")
diff --git a/base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java b/base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java
index 612b0ff18..f972fe4b5 100644
--- a/base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java
+++ b/base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java
@@ -5,15 +5,15 @@ import java.util.Set;
import javax.ws.rs.core.Application;
-import com.netscape.cms.servlet.admin.GroupMemberResourceService;
-import com.netscape.cms.servlet.admin.GroupResourceService;
-import com.netscape.cms.servlet.admin.SystemCertificateResourceService;
-import com.netscape.cms.servlet.admin.UserCertResourceService;
-import com.netscape.cms.servlet.admin.UserResourceService;
-import com.netscape.cms.servlet.base.CMSException;
-import com.netscape.cms.servlet.csadmin.SystemConfigurationResourceService;
-import com.netscape.cms.servlet.key.KeyResourceService;
-import com.netscape.cms.servlet.request.KeyRequestResourceService;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.cms.servlet.admin.GroupMemberService;
+import com.netscape.cms.servlet.admin.GroupService;
+import com.netscape.cms.servlet.admin.SystemCertService;
+import com.netscape.cms.servlet.admin.UserCertService;
+import com.netscape.cms.servlet.admin.UserService;
+import com.netscape.cms.servlet.csadmin.SystemConfigService;
+import com.netscape.cms.servlet.key.KeyService;
+import com.netscape.cms.servlet.request.KeyRequestService;
public class KeyRecoveryAuthorityApplication extends Application {
@@ -22,23 +22,23 @@ public class KeyRecoveryAuthorityApplication extends Application {
public KeyRecoveryAuthorityApplication() {
// installer
- classes.add(SystemConfigurationResourceService.class);
+ classes.add(SystemConfigService.class);
// keys and keyrequests
- classes.add(KeyResourceService.class);
- classes.add(KeyRequestResourceService.class);
+ classes.add(KeyService.class);
+ classes.add(KeyRequestService.class);
// user and group management
- classes.add(GroupMemberResourceService.class);
- classes.add(GroupResourceService.class);
- classes.add(UserCertResourceService.class);
- classes.add(UserResourceService.class);
+ classes.add(GroupMemberService.class);
+ classes.add(GroupService.class);
+ classes.add(UserCertService.class);
+ classes.add(UserService.class);
// system certs
- classes.add(SystemCertificateResourceService.class);
+ classes.add(SystemCertService.class);
// exception mapper
- classes.add(CMSException.Mapper.class);
+ classes.add(PKIException.Mapper.class);
}
diff --git a/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java b/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java
index 527548381..afe4ed6ea 100644
--- a/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java
+++ b/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java
@@ -54,13 +54,13 @@ import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.dbs.keydb.IKeyRecord;
import com.netscape.certsrv.dbs.keydb.IKeyRepository;
+import com.netscape.certsrv.key.KeyRequestResource;
import com.netscape.certsrv.kra.EKRAException;
import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.IService;
import com.netscape.certsrv.security.IStorageKeyUnit;
import com.netscape.certsrv.security.ITransportKeyUnit;
-import com.netscape.cms.servlet.request.KeyRequestResource;
import com.netscape.cmscore.dbs.KeyRecord;
import com.netscape.cmsutil.util.Utils;
diff --git a/base/kra/src/com/netscape/kra/SecurityDataService.java b/base/kra/src/com/netscape/kra/SecurityDataService.java
index fa009dac9..8a5886fa5 100644
--- a/base/kra/src/com/netscape/kra/SecurityDataService.java
+++ b/base/kra/src/com/netscape/kra/SecurityDataService.java
@@ -19,6 +19,8 @@ package com.netscape.kra;
import java.math.BigInteger;
import org.mozilla.jss.crypto.SymmetricKey;
+
+import com.netscape.certsrv.key.KeyRequestResource;
import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.profile.IEnrollProfile;
@@ -30,7 +32,6 @@ import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.dbs.keydb.IKeyRecord;
import com.netscape.certsrv.dbs.keydb.IKeyRepository;
import com.netscape.certsrv.apps.CMS;
-import com.netscape.cms.servlet.request.KeyRequestResource;
import com.netscape.cmscore.dbs.KeyRecord;
import com.netscape.cmsutil.util.Utils;
generated by cgit (git 2.34.1) at 2024-09-24 12:39:50 +0000