diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java | 165 |
1 files changed, 75 insertions, 90 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java index 2a024c3ad..27b5200b1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java @@ -40,17 +40,14 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; - - /** - * GenerateKeyPairServlet - * handles "server-side key pair generation" requests from the - * netkey RA. - * + * GenerateKeyPairServlet handles "server-side key pair generation" requests + * from the netkey RA. + * * @author Christina Fu (cfu) * @version $Revision$, $Date$ */ -//XXX add auditing later +// XXX add auditing later public class GenerateKeyPairServlet extends CMSServlet { /** @@ -68,7 +65,7 @@ public class GenerateKeyPairServlet extends CMSServlet { /** * Constructs GenerateKeyPair servlet. - * + * */ public GenerateKeyPairServlet() { super(); @@ -80,37 +77,30 @@ public class GenerateKeyPairServlet extends CMSServlet { String authority = config.getInitParameter(PROP_AUTHORITY); if (authority != null) - mAuthority = (IAuthority) - CMS.getSubsystem(authority); - + mAuthority = (IAuthority) CMS.getSubsystem(authority); + mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /* - * processServerSideKeyGen - - * handles netkey DRM serverside keygen. - * netkey operations: - * 1. generate keypair (archive user priv key) - * 2. unwrap des key with transport key, then url decode it - * 3. wrap user priv key with des key - * 4. send the following to RA: - * * des key wrapped(user priv key) - * * user public key - * (note: RA should have kek-wrapped des key from TKS) - * * recovery blob (used for recovery) + * processServerSideKeyGen - handles netkey DRM serverside keygen. netkey + * operations: 1. generate keypair (archive user priv key) 2. unwrap des key + * with transport key, then url decode it 3. wrap user priv key with des key + * 4. send the following to RA: * des key wrapped(user priv key) * user + * public key (note: RA should have kek-wrapped des key from TKS) * recovery + * blob (used for recovery) */ private void processServerSideKeyGen(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException - { + HttpServletResponse resp) throws EBaseException { IRequestQueue queue = mAuthority.getRequestQueue(); IRequest thisreq = null; @@ -123,8 +113,8 @@ public class GenerateKeyPairServlet extends CMSServlet { String rCUID = req.getParameter("CUID"); String rUserid = req.getParameter("userid"); String rdesKeyString = req.getParameter("drm_trans_desKey"); - String rArchive = req.getParameter("archive"); - String rKeysize = req.getParameter("keysize"); + String rArchive = req.getParameter("archive"); + String rKeysize = req.getParameter("keysize"); if ((rCUID == null) || (rCUID.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: CUID"); @@ -136,19 +126,18 @@ public class GenerateKeyPairServlet extends CMSServlet { missingParam = true; } - if ((rKeysize == null) || (rKeysize.equals(""))) { - rKeysize = "1024"; // default to 1024 - } + if ((rKeysize == null) || (rKeysize.equals(""))) { + rKeysize = "1024"; // default to 1024 + } - if ((rdesKeyString == null) || - (rdesKeyString.equals(""))) { + if ((rdesKeyString == null) || (rdesKeyString.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: DRM-transportKey-wrapped DES key"); missingParam = true; } if ((rArchive == null) || (rArchive.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing key archival flag 'archive' ,default to true"); - rArchive = "true"; + rArchive = "true"; } String selectedToken = null; @@ -156,21 +145,23 @@ public class GenerateKeyPairServlet extends CMSServlet { if (!missingParam) { thisreq = queue.newRequest(IRequest.NETKEY_KEYGEN_REQUEST); - thisreq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_NETKEY_RA); + thisreq.setExtData(IRequest.REQUESTOR_TYPE, + IRequest.REQUESTOR_NETKEY_RA); thisreq.setExtData(IRequest.NETKEY_ATTR_CUID, rCUID); thisreq.setExtData(IRequest.NETKEY_ATTR_USERID, rUserid); - thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString); - thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive); - thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize); + thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, + rdesKeyString); + thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive); + thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize); - queue.processRequest( thisreq ); + queue.processRequest(thisreq); Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); if (result != null) { - // sighs! tps thinks 0 is good, and DRM thinks 1 is good - if (result.intValue() == 1) - status = "0"; - else - status = result.toString(); + // sighs! tps thinks 0 is good, and DRM thinks 1 is good + if (result.intValue() == 1) + status = "0"; + else + status = result.toString(); } else status = "7"; @@ -184,40 +175,40 @@ public class GenerateKeyPairServlet extends CMSServlet { String wrappedPrivKeyString = ""; String publicKeyString = ""; - if( thisreq == null ) { - CMS.debug( "GenerateKeyPairServlet::processServerSideKeyGen() - " - + "thisreq is null!" ); - throw new EBaseException( "thisreq is null" ); + if (thisreq == null) { + CMS.debug("GenerateKeyPairServlet::processServerSideKeyGen() - " + + "thisreq is null!"); + throw new EBaseException("thisreq is null"); } publicKeyString = thisreq.getExtDataInString("public_key"); wrappedPrivKeyString = thisreq.getExtDataInString("wrappedUserPrivate"); - String ivString = thisreq.getExtDataInString("iv_s"); + String ivString = thisreq.getExtDataInString("iv_s"); /* - if (selectedToken == null) - status = "4"; - */ - if (!status.equals("0")) - value = "status="+status; + * if (selectedToken == null) status = "4"; + */ + if (!status.equals("0")) + value = "status=" + status; else { StringBuffer sb = new StringBuffer(); sb.append("status=0&"); - sb.append("wrapped_priv_key="); - sb.append(wrappedPrivKeyString); - sb.append("&iv_param="); - sb.append(ivString); + sb.append("wrapped_priv_key="); + sb.append(wrappedPrivKeyString); + sb.append("&iv_param="); + sb.append(ivString); sb.append("&public_key="); - sb.append(publicKeyString); + sb.append(publicKeyString); value = sb.toString(); } - CMS.debug("processServerSideKeyGen:outputString.encode " +value); + CMS.debug("processServerSideKeyGen:outputString.encode " + value); - try{ + try { resp.setContentLength(value.length()); - CMS.debug("GenerateKeyPairServlet:outputString.length " +value.length()); + CMS.debug("GenerateKeyPairServlet:outputString.length " + + value.length()); OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -227,20 +218,14 @@ public class GenerateKeyPairServlet extends CMSServlet { } } - - /* - - * For GenerateKeyPair: - * - * input: - * CUID=value0 - * trans-wrapped-desKey=value1 - * - * output: - * status=value0 - * publicKey=value1 - * desKey-wrapped-userPrivateKey=value2 - * proofOfArchival=value3 + /* + * + * For GenerateKeyPair: + * + * input: CUID=value0 trans-wrapped-desKey=value1 + * + * output: status=value0 publicKey=value1 + * desKey-wrapped-userPrivateKey=value2 proofOfArchival=value3 */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -251,14 +236,14 @@ public class GenerateKeyPairServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "execute"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "execute"); } catch (Exception e) { } if (authzToken == null) { - try{ + try { resp.setContentType("text/html"); String value = "unauthorized="; CMS.debug("GenerateKeyPairServlet: Unauthorized"); @@ -268,7 +253,7 @@ public class GenerateKeyPairServlet extends CMSServlet { ooss.write(value.getBytes()); ooss.flush(); mRenderResult = false; - }catch (Exception e) { + } catch (Exception e) { CMS.debug("GenerateKeyPairServlet: " + e.toString()); } @@ -277,28 +262,28 @@ public class GenerateKeyPairServlet extends CMSServlet { } // begin Netkey serverSideKeyGen and archival - CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called"); - processServerSideKeyGen(req, resp); - return; + CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called"); + processServerSideKeyGen(req, resp); + return; // end Netkey functions } - /** XXX remember tocheck peer SSL cert and get RA id later - * + /** + * XXX remember tocheck peer SSL cert and get RA id later + * * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - super.service(req, resp); + super.service(req, resp); - } } |