summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java165
1 files changed, 75 insertions, 90 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
index 2a024c3ad..27b5200b1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
@@ -40,17 +40,14 @@ import com.netscape.certsrv.request.IRequestQueue;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
-
-
/**
- * GenerateKeyPairServlet
- * handles "server-side key pair generation" requests from the
- * netkey RA.
- *
+ * GenerateKeyPairServlet handles "server-side key pair generation" requests
+ * from the netkey RA.
+ *
* @author Christina Fu (cfu)
* @version $Revision$, $Date$
*/
-//XXX add auditing later
+// XXX add auditing later
public class GenerateKeyPairServlet extends CMSServlet {
/**
@@ -68,7 +65,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
/**
* Constructs GenerateKeyPair servlet.
- *
+ *
*/
public GenerateKeyPairServlet() {
super();
@@ -80,37 +77,30 @@ public class GenerateKeyPairServlet extends CMSServlet {
String authority = config.getInitParameter(PROP_AUTHORITY);
if (authority != null)
- mAuthority = (IAuthority)
- CMS.getSubsystem(authority);
-
+ mAuthority = (IAuthority) CMS.getSubsystem(authority);
+
mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
}
/**
* Returns serlvet information.
- *
+ *
* @return name of this servlet
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/*
- * processServerSideKeyGen -
- * handles netkey DRM serverside keygen.
- * netkey operations:
- * 1. generate keypair (archive user priv key)
- * 2. unwrap des key with transport key, then url decode it
- * 3. wrap user priv key with des key
- * 4. send the following to RA:
- * * des key wrapped(user priv key)
- * * user public key
- * (note: RA should have kek-wrapped des key from TKS)
- * * recovery blob (used for recovery)
+ * processServerSideKeyGen - handles netkey DRM serverside keygen. netkey
+ * operations: 1. generate keypair (archive user priv key) 2. unwrap des key
+ * with transport key, then url decode it 3. wrap user priv key with des key
+ * 4. send the following to RA: * des key wrapped(user priv key) * user
+ * public key (note: RA should have kek-wrapped des key from TKS) * recovery
+ * blob (used for recovery)
*/
private void processServerSideKeyGen(HttpServletRequest req,
- HttpServletResponse resp) throws EBaseException
- {
+ HttpServletResponse resp) throws EBaseException {
IRequestQueue queue = mAuthority.getRequestQueue();
IRequest thisreq = null;
@@ -123,8 +113,8 @@ public class GenerateKeyPairServlet extends CMSServlet {
String rCUID = req.getParameter("CUID");
String rUserid = req.getParameter("userid");
String rdesKeyString = req.getParameter("drm_trans_desKey");
- String rArchive = req.getParameter("archive");
- String rKeysize = req.getParameter("keysize");
+ String rArchive = req.getParameter("archive");
+ String rKeysize = req.getParameter("keysize");
if ((rCUID == null) || (rCUID.equals(""))) {
CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: CUID");
@@ -136,19 +126,18 @@ public class GenerateKeyPairServlet extends CMSServlet {
missingParam = true;
}
- if ((rKeysize == null) || (rKeysize.equals(""))) {
- rKeysize = "1024"; // default to 1024
- }
+ if ((rKeysize == null) || (rKeysize.equals(""))) {
+ rKeysize = "1024"; // default to 1024
+ }
- if ((rdesKeyString == null) ||
- (rdesKeyString.equals(""))) {
+ if ((rdesKeyString == null) || (rdesKeyString.equals(""))) {
CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: DRM-transportKey-wrapped DES key");
missingParam = true;
}
if ((rArchive == null) || (rArchive.equals(""))) {
CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing key archival flag 'archive' ,default to true");
- rArchive = "true";
+ rArchive = "true";
}
String selectedToken = null;
@@ -156,21 +145,23 @@ public class GenerateKeyPairServlet extends CMSServlet {
if (!missingParam) {
thisreq = queue.newRequest(IRequest.NETKEY_KEYGEN_REQUEST);
- thisreq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_NETKEY_RA);
+ thisreq.setExtData(IRequest.REQUESTOR_TYPE,
+ IRequest.REQUESTOR_NETKEY_RA);
thisreq.setExtData(IRequest.NETKEY_ATTR_CUID, rCUID);
thisreq.setExtData(IRequest.NETKEY_ATTR_USERID, rUserid);
- thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString);
- thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive);
- thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize);
+ thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY,
+ rdesKeyString);
+ thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive);
+ thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize);
- queue.processRequest( thisreq );
+ queue.processRequest(thisreq);
Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
if (result != null) {
- // sighs! tps thinks 0 is good, and DRM thinks 1 is good
- if (result.intValue() == 1)
- status = "0";
- else
- status = result.toString();
+ // sighs! tps thinks 0 is good, and DRM thinks 1 is good
+ if (result.intValue() == 1)
+ status = "0";
+ else
+ status = result.toString();
} else
status = "7";
@@ -184,40 +175,40 @@ public class GenerateKeyPairServlet extends CMSServlet {
String wrappedPrivKeyString = "";
String publicKeyString = "";
- if( thisreq == null ) {
- CMS.debug( "GenerateKeyPairServlet::processServerSideKeyGen() - "
- + "thisreq is null!" );
- throw new EBaseException( "thisreq is null" );
+ if (thisreq == null) {
+ CMS.debug("GenerateKeyPairServlet::processServerSideKeyGen() - "
+ + "thisreq is null!");
+ throw new EBaseException("thisreq is null");
}
publicKeyString = thisreq.getExtDataInString("public_key");
wrappedPrivKeyString = thisreq.getExtDataInString("wrappedUserPrivate");
- String ivString = thisreq.getExtDataInString("iv_s");
+ String ivString = thisreq.getExtDataInString("iv_s");
/*
- if (selectedToken == null)
- status = "4";
- */
- if (!status.equals("0"))
- value = "status="+status;
+ * if (selectedToken == null) status = "4";
+ */
+ if (!status.equals("0"))
+ value = "status=" + status;
else {
StringBuffer sb = new StringBuffer();
sb.append("status=0&");
- sb.append("wrapped_priv_key=");
- sb.append(wrappedPrivKeyString);
- sb.append("&iv_param=");
- sb.append(ivString);
+ sb.append("wrapped_priv_key=");
+ sb.append(wrappedPrivKeyString);
+ sb.append("&iv_param=");
+ sb.append(ivString);
sb.append("&public_key=");
- sb.append(publicKeyString);
+ sb.append(publicKeyString);
value = sb.toString();
}
- CMS.debug("processServerSideKeyGen:outputString.encode " +value);
+ CMS.debug("processServerSideKeyGen:outputString.encode " + value);
- try{
+ try {
resp.setContentLength(value.length());
- CMS.debug("GenerateKeyPairServlet:outputString.length " +value.length());
+ CMS.debug("GenerateKeyPairServlet:outputString.length "
+ + value.length());
OutputStream ooss = resp.getOutputStream();
ooss.write(value.getBytes());
ooss.flush();
@@ -227,20 +218,14 @@ public class GenerateKeyPairServlet extends CMSServlet {
}
}
-
- /*
-
- * For GenerateKeyPair:
- *
- * input:
- * CUID=value0
- * trans-wrapped-desKey=value1
- *
- * output:
- * status=value0
- * publicKey=value1
- * desKey-wrapped-userPrivateKey=value2
- * proofOfArchival=value3
+ /*
+ *
+ * For GenerateKeyPair:
+ *
+ * input: CUID=value0 trans-wrapped-desKey=value1
+ *
+ * output: status=value0 publicKey=value1
+ * desKey-wrapped-userPrivateKey=value2 proofOfArchival=value3
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -251,14 +236,14 @@ public class GenerateKeyPairServlet extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "execute");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "execute");
} catch (Exception e) {
}
if (authzToken == null) {
- try{
+ try {
resp.setContentType("text/html");
String value = "unauthorized=";
CMS.debug("GenerateKeyPairServlet: Unauthorized");
@@ -268,7 +253,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
ooss.write(value.getBytes());
ooss.flush();
mRenderResult = false;
- }catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("GenerateKeyPairServlet: " + e.toString());
}
@@ -277,28 +262,28 @@ public class GenerateKeyPairServlet extends CMSServlet {
}
// begin Netkey serverSideKeyGen and archival
- CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called");
- processServerSideKeyGen(req, resp);
- return;
+ CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called");
+ processServerSideKeyGen(req, resp);
+ return;
// end Netkey functions
}
- /** XXX remember tocheck peer SSL cert and get RA id later
- *
+ /**
+ * XXX remember tocheck peer SSL cert and get RA id later
+ *
* Serves HTTP admin request.
- *
+ *
* @param req HTTP request
* @param resp HTTP response
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
String scope = req.getParameter(Constants.OP_SCOPE);
String op = req.getParameter(Constants.OP_TYPE);
- super.service(req, resp);
+ super.service(req, resp);
-
}
}
generated by cgit (git 2.34.1) at 2024-07-03 13:11:01 +0000