diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/certsrv')
4 files changed, 147 insertions, 2 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java index 010661d8b..7da212469 100644 --- a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java +++ b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java @@ -40,6 +40,10 @@ public interface IKeyRecord { public static final String ATTR_MODIFY_TIME = "keyModifyTime"; public static final String ATTR_META_INFO = "keyMetaInfo"; public static final String ATTR_ARCHIVED_BY = "keyArchivedBy"; + public static final String ATTR_CLIENT_ID = "clientId"; + public static final String ATTR_DATA_TYPE = "dataType"; + public static final String ATTR_STATUS = "status"; + // key state public static final String STATUS_ANY = "ANY"; @@ -86,10 +90,35 @@ public interface IKeyRecord { public Integer getKeySize() throws EBaseException; /** + * Retrieves client ID. + * + * @return client id + * @exception EBaseException failed to retrieve client id + */ + public String getClientId() throws EBaseException; + + /** + * Retrieves key data type. + * + * @return data type + * @exception EBaseException failed to retrieve data type + */ + public String getDataType() throws EBaseException; + + /** + * Retrieves key status. + * + * @return key status + * @exception EBaseException failed to retrieve key status + */ + public String getKeyStatus() throws EBaseException; + + /** * Retrieves archiver identifier. * * @return archiver uid */ + public String getArchivedBy(); /** diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequest.java b/pki/base/common/src/com/netscape/certsrv/request/IRequest.java index 19b830898..ec1f43fb3 100644 --- a/pki/base/common/src/com/netscape/certsrv/request/IRequest.java +++ b/pki/base/common/src/com/netscape/certsrv/request/IRequest.java @@ -69,8 +69,6 @@ public interface IRequest { public static final String CLA_UNCERT4CRL_REQUEST = "uncert4crl"; public static final String NETKEY_KEYGEN_REQUEST = "netkeyKeygen"; public static final String NETKEY_KEYRECOVERY_REQUEST = "netkeyKeyRecovery"; - public static final String SECURITY_DATA_ENROLLMENT_REQUEST = "securityDataEnrollment"; - public static final String SECURITY_DATA_RECOVERY_REQUEST = "securityDataRecovery"; public static final String REQUESTOR_NAME = "csrRequestorName"; public static final String REQUESTOR_PHONE = "csrRequestorPhone"; @@ -152,6 +150,18 @@ public interface IRequest { public final static String NETKEY_ATTR_USER_CERT = "cert"; public final static String NETKEY_ATTR_KEY_SIZE = "keysize"; + //Security Data request attributes + public static final String SECURITY_DATA_ENROLLMENT_REQUEST = "securityDataEnrollment"; + public static final String SECURITY_DATA_RECOVERY_REQUEST = "securityDataRecovery"; + public static final String SECURITY_DATA_CLIENT_ID = "clientID"; + public static final String SECURITY_DATA_TYPE = "dataType"; + public static final String SECURITY_DATA_STATUS = "status"; + public static final String SECURITY_DATA_TRANS_SESS_KEY = "transWrappedSessionKey"; + public static final String SECURITY_DATA_SESS_PASS_PHRASE = "sessionWrappedPassphrase"; + public static final String SECURITY_DATA_IV_STRING_IN = "iv_in"; + public static final String SECURITY_DATA_IV_STRING_OUT = "iv_out"; + + // requestor type values. public static final String REQUESTOR_EE = "EE"; public static final String REQUESTOR_RA = "RA"; diff --git a/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java b/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java index e318188a6..0a526e582 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java +++ b/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java @@ -20,6 +20,7 @@ package com.netscape.certsrv.security; import java.security.PublicKey; import org.mozilla.jss.crypto.PrivateKey; +import org.mozilla.jss.crypto.SymmetricKey; import com.netscape.certsrv.base.EBaseException; @@ -48,6 +49,16 @@ public interface IEncryptionUnit extends IToken { public byte[] wrap(PrivateKey priKey) throws EBaseException; /** + * Wraps data. The given key will be wrapped by the + * private key in this unit. + * + * @param symKey symmetric key to be wrapped + * @return wrapped data + * @exception EBaseException failed to wrap + */ + public byte[] wrap(SymmetricKey symKey) throws EBaseException; + + /** * Verifies the given key pair. * * @param publicKey public key @@ -74,6 +85,46 @@ public interface IEncryptionUnit extends IToken { throws EBaseException; /** + * Unwraps symmetric key data. This method rebuilds the symmetric key by + * unwrapping the private data blob. + * + * @param wrappedKeyData symmetric key data wrapped up with session key + * @return Symmetric key object + * @exception EBaseException failed to unwrap + */ + + public SymmetricKey unwrap(byte wrappedKeyData[]) + throws EBaseException; + + /** + * Unwraps symmetric key . This method + * unwraps the symmetric key. + * + * @param sessionKey session key that unwrap the symmetric key + * @param symmAlgOID symmetric algorithm + * @param symmAlgParams symmetric algorithm parameters + * @param symmetricKey symmetric key data + * @return Symmetric key object + * @exception EBaseException failed to unwrap + */ + + public SymmetricKey unwrap_symmetric(byte sessionKey[], String symmAlgOID, + byte symmAlgParams[], byte symmetricKey[]) + throws EBaseException; + + /** + * Unwraps symmetric key . This method + * unwraps the symmetric key. + * + * @param encSymmKey wrapped symmetric key to be unwrapped + * @return Symmetric key object + * @exception EBaseException failed to unwrap + */ + + public SymmetricKey unwrap_sym(byte encSymmKey[], + SymmetricKey.Usage usage); + + /** * Unwraps data. This method rebuilds the private key by * unwrapping the private key data. * diff --git a/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java b/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java index 0a012e8a6..6e1c7ab4a 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java +++ b/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java @@ -41,16 +41,71 @@ public interface ITransportKeyUnit extends IEncryptionUnit { */ public org.mozilla.jss.crypto.X509Certificate getCertificate(); + /** + * Unwraps symmetric key . This method + * unwraps the symmetric key. + * + * @param encSymmKey wrapped symmetric key to be unwrapped + * @param usage Key usage for unwrapped key. + * @return Symmetric key object + * @exception EBaseException failed to unwrap + */ + + public SymmetricKey unwrap_sym(byte encSymmKey[], SymmetricKey.Usage usage); + + /** + * Unwraps symmetric key . This method + * unwraps the symmetric key. + * + * @param encSymmKey wrapped symmetric key to be unwrapped + * @return Symmetric key object + * @exception EBaseException failed to unwrap + */ + public SymmetricKey unwrap_sym(byte encSymmKey[]); + /** + * Unwraps symmetric key for encrypton . This method + * unwraps the symmetric key. + * + * @param encSymmKey wrapped symmetric key to be unwrapped + * @return Symmetric key object + * @exception EBaseException failed to unwrap + */ + public SymmetricKey unwrap_encrypt_sym(byte encSymmKey[]); + /** + * Unwraps temporary private key . This method + * unwraps the temporary private key. + * + * @param wrappedKeyData wrapped private key to be unwrapped + * @param pubKey public key + * @return Private key object + * @exception EBaseException failed to unwrap + */ + public PrivateKey unwrap_temp(byte wrappedKeyData[], PublicKey pubKey) throws EBaseException; + /** + * Returns this Unit's crypto token object. + * @return CryptoToken object. + */ public CryptoToken getToken(); + /** + * Returns this Unit's signing algorithm in String format. + * @return String of signing algorithm + * @throws EBaseException + */ + public String getSigningAlgorithm() throws EBaseException; + /** + * Sets this Unit's signing algorithm. + * @param str String of signing algorithm to set. + * @throws EBaseException + */ public void setSigningAlgorithm(String str) throws EBaseException; } |