diff options
Diffstat (limited to 'base/kra')
6 files changed, 72 insertions, 194 deletions
diff --git a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java deleted file mode 100644 index 372b8aea6..000000000 --- a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java +++ /dev/null @@ -1,130 +0,0 @@ -package com.netscape.cms.servlet.test; - -import java.net.URISyntaxException; -import java.util.Collection; -import java.util.Iterator; - -import org.jboss.resteasy.client.ClientResponse; - -import com.netscape.certsrv.dbs.keydb.KeyId; -import com.netscape.certsrv.request.RequestId; -import com.netscape.cms.client.cli.ClientConfig; -import com.netscape.cms.servlet.admin.SystemCertificateResource; -import com.netscape.cms.servlet.cert.model.CertificateData; -import com.netscape.cms.servlet.csadmin.CMSRestClient; -import com.netscape.cms.servlet.key.KeyResource; -import com.netscape.cms.servlet.key.model.KeyData; -import com.netscape.cms.servlet.key.model.KeyDataInfo; -import com.netscape.cms.servlet.key.model.KeyDataInfos; -import com.netscape.cms.servlet.request.KeyRequestResource; -import com.netscape.cms.servlet.request.model.ArchivalRequestData; -import com.netscape.cms.servlet.request.model.KeyRequestInfo; -import com.netscape.cms.servlet.request.model.KeyRequestInfos; -import com.netscape.cms.servlet.request.model.RecoveryRequestData; -import com.netscape.cmsutil.util.Utils; - -public class DRMRestClient extends CMSRestClient { - - private KeyResource keyClient; - private KeyRequestResource keyRequestClient; - private SystemCertificateResource systemCertClient; - - public DRMRestClient(ClientConfig config) throws URISyntaxException { - super(config); - - systemCertClient = createProxy(SystemCertificateResource.class); - keyRequestClient = createProxy(KeyRequestResource.class); - keyClient = createProxy(KeyResource.class); - } - - public String getTransportCert() { - @SuppressWarnings("unchecked") - ClientResponse<CertificateData> response = (ClientResponse<CertificateData>) systemCertClient - .getTransportCert(); - CertificateData certData = getEntity(response); - String transportCert = certData.getEncoded(); - return transportCert; - } - - public Collection<KeyRequestInfo> listRequests(String requestState, String requestType) { - KeyRequestInfos infos = keyRequestClient.listRequests( - requestState, requestType, null, new RequestId(0), 100, 100, 10 - ); - Collection<KeyRequestInfo> list = infos.getRequests(); - return list; - } - - public KeyRequestInfo archiveSecurityData(byte[] encoded, String clientId, String dataType) { - // create archival request - ArchivalRequestData data = new ArchivalRequestData(); - String req1 = Utils.base64encode(encoded); - data.setWrappedPrivateData(req1); - data.setClientId(clientId); - data.setDataType(dataType); - - KeyRequestInfo info = keyRequestClient.archiveKey(data); - return info; - } - - public KeyDataInfo getKeyData(String clientId, String status) { - KeyDataInfos infos = keyClient.listKeys(clientId, status, 100, 10); - Collection<KeyDataInfo> list = infos.getKeyInfos(); - Iterator<KeyDataInfo> iter = list.iterator(); - - while (iter.hasNext()) { - KeyDataInfo info = iter.next(); - if (info != null) { - // return the first one - return info; - } - } - return null; - } - - public KeyRequestInfo requestRecovery(KeyId keyId, byte[] rpwd, byte[] rkey, byte[] nonceData) { - // create recovery request - RecoveryRequestData data = new RecoveryRequestData(); - data.setKeyId(keyId); - if (rpwd != null) { - data.setSessionWrappedPassphrase(Utils.base64encode(rpwd)); - } - if (rkey != null) { - data.setTransWrappedSessionKey(Utils.base64encode(rkey)); - } - - if (nonceData != null) { - data.setNonceData(Utils.base64encode(nonceData)); - } - - KeyRequestInfo info = keyRequestClient.recoverKey(data); - return info; - } - - public void approveRecovery(RequestId recoveryId) { - keyRequestClient.approveRequest(recoveryId); - } - - public KeyData retrieveKey(KeyId keyId, RequestId requestId, byte[] rpwd, byte[] rkey, byte[] nonceData) { - // create recovery request - RecoveryRequestData data = new RecoveryRequestData(); - data.setKeyId(keyId); - data.setRequestId(requestId); - if (rkey != null) { - data.setTransWrappedSessionKey(Utils.base64encode(rkey)); - } - if (rpwd != null) { - data.setSessionWrappedPassphrase(Utils.base64encode(rpwd)); - } - - if (nonceData != null) { - data.setNonceData(Utils.base64encode(nonceData)); - } - - KeyData key = keyClient.retrieveKey(data); - return key; - } - - public KeyRequestInfo getRequest(RequestId id) { - return keyRequestClient.getRequestInfo(id); - } -} diff --git a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java index 62cdfe992..7035803ab 100644 --- a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java +++ b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java @@ -38,14 +38,15 @@ import org.mozilla.jss.crypto.SymmetricKey; import org.mozilla.jss.util.Password; import com.netscape.certsrv.dbs.keydb.KeyId; +import com.netscape.certsrv.key.KeyData; +import com.netscape.certsrv.key.KeyDataInfo; +import com.netscape.certsrv.key.KeyRequestInfo; +import com.netscape.certsrv.key.KeyRequestResource; import com.netscape.certsrv.request.RequestId; -import com.netscape.cms.client.cli.ClientConfig; -import com.netscape.cms.servlet.base.CMSResourceService; -import com.netscape.cms.servlet.key.model.KeyData; -import com.netscape.cms.servlet.key.model.KeyDataInfo; -import com.netscape.cms.servlet.request.KeyRequestResource; -import com.netscape.cms.servlet.request.RequestNotFoundException; -import com.netscape.cms.servlet.request.model.KeyRequestInfo; +import com.netscape.certsrv.request.RequestNotFoundException; +import com.netscape.cms.client.ClientConfig; +import com.netscape.cms.client.kra.DRMClient; +import com.netscape.cms.servlet.base.PKIService; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.Utils; @@ -194,13 +195,13 @@ public class DRMTest { // Set base URI and get client - DRMRestClient client; + DRMClient client; try { ClientConfig config = new ClientConfig(); config.setServerURI(protocol + "://" + host + ":" + port + "/kra"); config.setCertNickname(clientCertNickname); - client = new DRMRestClient(config); + client = new DRMClient(config); } catch (Exception e) { e.printStackTrace(); @@ -209,8 +210,8 @@ public class DRMTest { // Test 1: Get transport certificate from DRM transportCert = client.getTransportCert(); - transportCert = transportCert.substring(CMSResourceService.HEADER.length(), - transportCert.indexOf(CMSResourceService.TRAILER)); + transportCert = transportCert.substring(PKIService.HEADER.length(), + transportCert.indexOf(PKIService.TRAILER)); log("Transport Cert retrieved from DRM: " + transportCert); diff --git a/base/kra/src/CMakeLists.txt b/base/kra/src/CMakeLists.txt index 71056ffa6..5f5e3f016 100644 --- a/base/kra/src/CMakeLists.txt +++ b/base/kra/src/CMakeLists.txt @@ -76,41 +76,47 @@ find_file(SYMKEY_JAR ) -# identify java sources -set(pki-kra_java_SRCS - com/netscape/kra/KeyRecoveryAuthority.java - com/netscape/kra/KeyRecoveryAuthorityApplication.java - com/netscape/kra/EnrollmentService.java - com/netscape/kra/RecoveryService.java - com/netscape/kra/SecurityDataRecoveryService.java - com/netscape/kra/TokenKeyRecoveryService.java - com/netscape/kra/EncryptionUnit.java - com/netscape/kra/KRAService.java - com/netscape/kra/NetkeyKeygenService.java - com/netscape/kra/SecurityDataService.java - com/netscape/kra/KRANotify.java - com/netscape/kra/KRAPolicy.java - com/netscape/kra/TransportKeyUnit.java - com/netscape/kra/StorageKeyUnit.java - com/netscape/kra/ArchiveOptions.java +# build pki-kra +javac(pki-kra-classes + SOURCES + com/netscape/kra/*.java + CLASSPATH + ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR} ${PKI_CMSCORE_JAR} + ${PKI_CMSUTIL_JAR} ${PKI_NSUTIL_JAR} + ${LDAPJDK_JAR} ${JAXRS_API_JAR} + ${JSS_JAR} ${COMMONS_CODEC_JAR} ${SYMKEY_JAR} + OUTPUT_DIR + ${CMAKE_BINARY_DIR}/classes + DEPENDS + symkey pki-nsutil pki-cmsutil pki-certsrv pki-cms pki-cmscore ) +jar(pki-kra-jar + CREATE + ${CMAKE_BINARY_DIR}/dist/pki-kra-${APPLICATION_VERSION}.jar + INPUT_DIR + ${CMAKE_BINARY_DIR}/classes + FILES + com/netscape/kra/*.class + DEPENDS + pki-kra-classes +) -# set classpath -set(CMAKE_JAVA_INCLUDE_PATH - ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR} ${PKI_CMSCORE_JAR} - ${PKI_CMSUTIL_JAR} ${PKI_NSUTIL_JAR} - ${LDAPJDK_JAR} ${JAXRS_API_JAR} - ${JSS_JAR} ${COMMONS_CODEC_JAR} ${SYMKEY_JAR}) - - -# set version -set(CMAKE_JAVA_TARGET_VERSION ${APPLICATION_VERSION}) - +link(pki-kra + SOURCE + ${CMAKE_BINARY_DIR}/dist/pki-kra.jar + DEST + pki-kra-${APPLICATION_VERSION}.jar + DEPENDS + pki-kra-jar +) -# build pki-kra.jar -add_jar(pki-kra ${pki-kra_java_SRCS}) -add_dependencies(pki-kra symkey pki-nsutil pki-cmsutil pki-certsrv pki-cms pki-cmscore) -install_jar(pki-kra ${JAVA_JAR_INSTALL_DIR}/pki) -set(PKI_KRA_JAR ${pki-kra_JAR_FILE} CACHE INTERNAL "pki-kra jar file") +install( + FILES + ${CMAKE_BINARY_DIR}/dist/pki-kra.jar + ${CMAKE_BINARY_DIR}/dist/pki-kra-${APPLICATION_VERSION}.jar + DESTINATION + ${JAVA_JAR_INSTALL_DIR}/pki +) +set(PKI_KRA_JAR ${CMAKE_BINARY_DIR}/dist/pki-kra.jar CACHE INTERNAL "pki-kra jar file") diff --git a/base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java b/base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java index 612b0ff18..f972fe4b5 100644 --- a/base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java +++ b/base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java @@ -5,15 +5,15 @@ import java.util.Set; import javax.ws.rs.core.Application; -import com.netscape.cms.servlet.admin.GroupMemberResourceService; -import com.netscape.cms.servlet.admin.GroupResourceService; -import com.netscape.cms.servlet.admin.SystemCertificateResourceService; -import com.netscape.cms.servlet.admin.UserCertResourceService; -import com.netscape.cms.servlet.admin.UserResourceService; -import com.netscape.cms.servlet.base.CMSException; -import com.netscape.cms.servlet.csadmin.SystemConfigurationResourceService; -import com.netscape.cms.servlet.key.KeyResourceService; -import com.netscape.cms.servlet.request.KeyRequestResourceService; +import com.netscape.certsrv.base.PKIException; +import com.netscape.cms.servlet.admin.GroupMemberService; +import com.netscape.cms.servlet.admin.GroupService; +import com.netscape.cms.servlet.admin.SystemCertService; +import com.netscape.cms.servlet.admin.UserCertService; +import com.netscape.cms.servlet.admin.UserService; +import com.netscape.cms.servlet.csadmin.SystemConfigService; +import com.netscape.cms.servlet.key.KeyService; +import com.netscape.cms.servlet.request.KeyRequestService; public class KeyRecoveryAuthorityApplication extends Application { @@ -22,23 +22,23 @@ public class KeyRecoveryAuthorityApplication extends Application { public KeyRecoveryAuthorityApplication() { // installer - classes.add(SystemConfigurationResourceService.class); + classes.add(SystemConfigService.class); // keys and keyrequests - classes.add(KeyResourceService.class); - classes.add(KeyRequestResourceService.class); + classes.add(KeyService.class); + classes.add(KeyRequestService.class); // user and group management - classes.add(GroupMemberResourceService.class); - classes.add(GroupResourceService.class); - classes.add(UserCertResourceService.class); - classes.add(UserResourceService.class); + classes.add(GroupMemberService.class); + classes.add(GroupService.class); + classes.add(UserCertService.class); + classes.add(UserService.class); // system certs - classes.add(SystemCertificateResourceService.class); + classes.add(SystemCertService.class); // exception mapper - classes.add(CMSException.Mapper.class); + classes.add(PKIException.Mapper.class); } diff --git a/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java b/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java index 527548381..afe4ed6ea 100644 --- a/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java +++ b/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java @@ -54,13 +54,13 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.dbs.keydb.IKeyRecord; import com.netscape.certsrv.dbs.keydb.IKeyRepository; +import com.netscape.certsrv.key.KeyRequestResource; import com.netscape.certsrv.kra.EKRAException; import com.netscape.certsrv.kra.IKeyRecoveryAuthority; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IService; import com.netscape.certsrv.security.IStorageKeyUnit; import com.netscape.certsrv.security.ITransportKeyUnit; -import com.netscape.cms.servlet.request.KeyRequestResource; import com.netscape.cmscore.dbs.KeyRecord; import com.netscape.cmsutil.util.Utils; diff --git a/base/kra/src/com/netscape/kra/SecurityDataService.java b/base/kra/src/com/netscape/kra/SecurityDataService.java index fa009dac9..8a5886fa5 100644 --- a/base/kra/src/com/netscape/kra/SecurityDataService.java +++ b/base/kra/src/com/netscape/kra/SecurityDataService.java @@ -19,6 +19,8 @@ package com.netscape.kra; import java.math.BigInteger; import org.mozilla.jss.crypto.SymmetricKey; + +import com.netscape.certsrv.key.KeyRequestResource; import com.netscape.certsrv.kra.IKeyRecoveryAuthority; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.profile.IEnrollProfile; @@ -30,7 +32,6 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.dbs.keydb.IKeyRecord; import com.netscape.certsrv.dbs.keydb.IKeyRepository; import com.netscape.certsrv.apps.CMS; -import com.netscape.cms.servlet.request.KeyRequestResource; import com.netscape.cmscore.dbs.KeyRecord; import com.netscape.cmsutil.util.Utils; |