diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java | 165 |
1 files changed, 90 insertions, 75 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java index 27b5200b1..2a024c3ad 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java @@ -40,14 +40,17 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; + + /** - * GenerateKeyPairServlet handles "server-side key pair generation" requests - * from the netkey RA. - * + * GenerateKeyPairServlet + * handles "server-side key pair generation" requests from the + * netkey RA. + * * @author Christina Fu (cfu) * @version $Revision$, $Date$ */ -// XXX add auditing later +//XXX add auditing later public class GenerateKeyPairServlet extends CMSServlet { /** @@ -65,7 +68,7 @@ public class GenerateKeyPairServlet extends CMSServlet { /** * Constructs GenerateKeyPair servlet. - * + * */ public GenerateKeyPairServlet() { super(); @@ -77,30 +80,37 @@ public class GenerateKeyPairServlet extends CMSServlet { String authority = config.getInitParameter(PROP_AUTHORITY); if (authority != null) - mAuthority = (IAuthority) CMS.getSubsystem(authority); - + mAuthority = (IAuthority) + CMS.getSubsystem(authority); + mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /* - * processServerSideKeyGen - handles netkey DRM serverside keygen. netkey - * operations: 1. generate keypair (archive user priv key) 2. unwrap des key - * with transport key, then url decode it 3. wrap user priv key with des key - * 4. send the following to RA: * des key wrapped(user priv key) * user - * public key (note: RA should have kek-wrapped des key from TKS) * recovery - * blob (used for recovery) + * processServerSideKeyGen - + * handles netkey DRM serverside keygen. + * netkey operations: + * 1. generate keypair (archive user priv key) + * 2. unwrap des key with transport key, then url decode it + * 3. wrap user priv key with des key + * 4. send the following to RA: + * * des key wrapped(user priv key) + * * user public key + * (note: RA should have kek-wrapped des key from TKS) + * * recovery blob (used for recovery) */ private void processServerSideKeyGen(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { + HttpServletResponse resp) throws EBaseException + { IRequestQueue queue = mAuthority.getRequestQueue(); IRequest thisreq = null; @@ -113,8 +123,8 @@ public class GenerateKeyPairServlet extends CMSServlet { String rCUID = req.getParameter("CUID"); String rUserid = req.getParameter("userid"); String rdesKeyString = req.getParameter("drm_trans_desKey"); - String rArchive = req.getParameter("archive"); - String rKeysize = req.getParameter("keysize"); + String rArchive = req.getParameter("archive"); + String rKeysize = req.getParameter("keysize"); if ((rCUID == null) || (rCUID.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: CUID"); @@ -126,18 +136,19 @@ public class GenerateKeyPairServlet extends CMSServlet { missingParam = true; } - if ((rKeysize == null) || (rKeysize.equals(""))) { - rKeysize = "1024"; // default to 1024 - } + if ((rKeysize == null) || (rKeysize.equals(""))) { + rKeysize = "1024"; // default to 1024 + } - if ((rdesKeyString == null) || (rdesKeyString.equals(""))) { + if ((rdesKeyString == null) || + (rdesKeyString.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: DRM-transportKey-wrapped DES key"); missingParam = true; } if ((rArchive == null) || (rArchive.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing key archival flag 'archive' ,default to true"); - rArchive = "true"; + rArchive = "true"; } String selectedToken = null; @@ -145,23 +156,21 @@ public class GenerateKeyPairServlet extends CMSServlet { if (!missingParam) { thisreq = queue.newRequest(IRequest.NETKEY_KEYGEN_REQUEST); - thisreq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_NETKEY_RA); + thisreq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_NETKEY_RA); thisreq.setExtData(IRequest.NETKEY_ATTR_CUID, rCUID); thisreq.setExtData(IRequest.NETKEY_ATTR_USERID, rUserid); - thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, - rdesKeyString); - thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive); - thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize); + thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString); + thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive); + thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize); - queue.processRequest(thisreq); + queue.processRequest( thisreq ); Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); if (result != null) { - // sighs! tps thinks 0 is good, and DRM thinks 1 is good - if (result.intValue() == 1) - status = "0"; - else - status = result.toString(); + // sighs! tps thinks 0 is good, and DRM thinks 1 is good + if (result.intValue() == 1) + status = "0"; + else + status = result.toString(); } else status = "7"; @@ -175,40 +184,40 @@ public class GenerateKeyPairServlet extends CMSServlet { String wrappedPrivKeyString = ""; String publicKeyString = ""; - if (thisreq == null) { - CMS.debug("GenerateKeyPairServlet::processServerSideKeyGen() - " - + "thisreq is null!"); - throw new EBaseException("thisreq is null"); + if( thisreq == null ) { + CMS.debug( "GenerateKeyPairServlet::processServerSideKeyGen() - " + + "thisreq is null!" ); + throw new EBaseException( "thisreq is null" ); } publicKeyString = thisreq.getExtDataInString("public_key"); wrappedPrivKeyString = thisreq.getExtDataInString("wrappedUserPrivate"); - String ivString = thisreq.getExtDataInString("iv_s"); + String ivString = thisreq.getExtDataInString("iv_s"); /* - * if (selectedToken == null) status = "4"; - */ - if (!status.equals("0")) - value = "status=" + status; + if (selectedToken == null) + status = "4"; + */ + if (!status.equals("0")) + value = "status="+status; else { StringBuffer sb = new StringBuffer(); sb.append("status=0&"); - sb.append("wrapped_priv_key="); - sb.append(wrappedPrivKeyString); - sb.append("&iv_param="); - sb.append(ivString); + sb.append("wrapped_priv_key="); + sb.append(wrappedPrivKeyString); + sb.append("&iv_param="); + sb.append(ivString); sb.append("&public_key="); - sb.append(publicKeyString); + sb.append(publicKeyString); value = sb.toString(); } - CMS.debug("processServerSideKeyGen:outputString.encode " + value); + CMS.debug("processServerSideKeyGen:outputString.encode " +value); - try { + try{ resp.setContentLength(value.length()); - CMS.debug("GenerateKeyPairServlet:outputString.length " - + value.length()); + CMS.debug("GenerateKeyPairServlet:outputString.length " +value.length()); OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -218,14 +227,20 @@ public class GenerateKeyPairServlet extends CMSServlet { } } - /* - * - * For GenerateKeyPair: - * - * input: CUID=value0 trans-wrapped-desKey=value1 - * - * output: status=value0 publicKey=value1 - * desKey-wrapped-userPrivateKey=value2 proofOfArchival=value3 + + /* + + * For GenerateKeyPair: + * + * input: + * CUID=value0 + * trans-wrapped-desKey=value1 + * + * output: + * status=value0 + * publicKey=value1 + * desKey-wrapped-userPrivateKey=value2 + * proofOfArchival=value3 */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -236,14 +251,14 @@ public class GenerateKeyPairServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "execute"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "execute"); } catch (Exception e) { } if (authzToken == null) { - try { + try{ resp.setContentType("text/html"); String value = "unauthorized="; CMS.debug("GenerateKeyPairServlet: Unauthorized"); @@ -253,7 +268,7 @@ public class GenerateKeyPairServlet extends CMSServlet { ooss.write(value.getBytes()); ooss.flush(); mRenderResult = false; - } catch (Exception e) { + }catch (Exception e) { CMS.debug("GenerateKeyPairServlet: " + e.toString()); } @@ -262,28 +277,28 @@ public class GenerateKeyPairServlet extends CMSServlet { } // begin Netkey serverSideKeyGen and archival - CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called"); - processServerSideKeyGen(req, resp); - return; + CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called"); + processServerSideKeyGen(req, resp); + return; // end Netkey functions } - /** - * XXX remember tocheck peer SSL cert and get RA id later - * + /** XXX remember tocheck peer SSL cert and get RA id later + * * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - super.service(req, resp); + super.service(req, resp); + } } |