diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/key/model')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/key/model/KeyDAO.java | 109 | ||||
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/key/model/KeyData.java | 19 |
2 files changed, 118 insertions, 10 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyDAO.java b/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyDAO.java index 5fd17a333..fd9d2d2c0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyDAO.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyDAO.java @@ -20,8 +20,11 @@ package com.netscape.cms.servlet.key.model; import java.math.BigInteger; import java.util.ArrayList; import java.util.Enumeration; +import java.util.Hashtable; import java.util.List; +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriInfo; import com.netscape.certsrv.apps.CMS; @@ -29,7 +32,12 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.dbs.keydb.IKeyRecord; import com.netscape.certsrv.dbs.keydb.IKeyRepository; import com.netscape.certsrv.kra.IKeyRecoveryAuthority; +import com.netscape.certsrv.request.IRequest; +import com.netscape.certsrv.request.IRequestQueue; +import com.netscape.certsrv.request.RequestId; +import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.request.model.RecoveryRequestData; +import com.netscape.kra.SecurityDataRecoveryService; /** * @author alee @@ -38,11 +46,13 @@ import com.netscape.cms.servlet.request.model.RecoveryRequestData; public class KeyDAO { private IKeyRepository repo; + private IKeyRecoveryAuthority kra; + private IRequestQueue queue; public KeyDAO() { - IKeyRecoveryAuthority kra = null; kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( "kra" ); repo = kra.getKeyRepository(); + queue = kra.getRequestQueue(); } /** * Returns list of keys meeting specified search filter. @@ -79,18 +89,100 @@ public class KeyDAO { } public KeyData getKey(String keyId, RecoveryRequestData data) throws EBaseException { - KeyData keyData = null; + KeyData keyData; BigInteger serial = new BigInteger(keyId); - // get wrapped key + String rId = data.getRequestId(); + + String transWrappedSessionKey; + String sessionWrappedPassphrase; + + IRequest request = queue.findRequest(new RequestId(rId)); + + if (request == null) { + return null; + } + + // get wrapped key IKeyRecord rec = repo.readKeyRecord(serial); if (rec == null) { - // key does not exist - // log the error return null; } - // TODO unwrap the key and wrap with the credential in RecoveryRequestData - // need to figure out how to do this with jmagne + + Hashtable<String, Object> requestParams = kra.getVolatileRequest( + request.getRequestId()); + + if(requestParams == null) { + throw new EBaseException("Can't obtain Volatile requestParams in KeyDAO.getKey!"); + } + + String sessWrappedKeyData = (String) requestParams.get(SecurityDataRecoveryService.ATTR_SESS_WRAPPED_DATA); + String passWrappedKeyData = (String) requestParams.get(SecurityDataRecoveryService.ATTR_PASS_WRAPPED_DATA); + String nonceData = (String) requestParams.get(IRequest.SECURITY_DATA_IV_STRING_OUT); + + if (sessWrappedKeyData != null || passWrappedKeyData != null) { + //The recovery process has already placed a valid recovery + //package, either session key wrapped or pass wrapped, into the request. + //Request already has been processed. + keyData = new KeyData(); + + } else { + // The request has not yet been processed, let's see if the RecoveryRequestData contains + // the info now needed to process the recovery request. + + transWrappedSessionKey = data.getTransWrappedSessionKey(); + sessionWrappedPassphrase = data.getSessionWrappedPassphrase(); + nonceData = data.getNonceData(); + + if(transWrappedSessionKey == null) { + //There must be at least a transWrappedSessionKey input provided. + //The command AND the request have provided insufficient data, end of the line. + throw new EBaseException("Can't retrieve key, insufficient input data!"); + } + + if (sessionWrappedPassphrase != null) { + requestParams.put(IRequest.SECURITY_DATA_SESS_PASS_PHRASE, sessionWrappedPassphrase); + } + + if (transWrappedSessionKey != null) { + requestParams.put(IRequest.SECURITY_DATA_TRANS_SESS_KEY, transWrappedSessionKey); + } + + if (nonceData != null) { + requestParams.put(IRequest.SECURITY_DATA_IV_STRING_IN, nonceData); + } + + try { + // Has to be in this state or it won't go anywhere. + request.setRequestStatus(RequestStatus.BEGIN); + queue.processRequest(request); + } catch (EBaseException e) { + kra.destroyVolatileRequest(request.getRequestId()); + throw new EBaseException(e.toString()); + } + + nonceData = null; + keyData = new KeyData(); + + sessWrappedKeyData = (String) requestParams.get(SecurityDataRecoveryService.ATTR_SESS_WRAPPED_DATA); + passWrappedKeyData = (String) requestParams.get(SecurityDataRecoveryService.ATTR_PASS_WRAPPED_DATA); + nonceData = (String) requestParams.get(IRequest.SECURITY_DATA_IV_STRING_OUT); + + } + + if (sessWrappedKeyData != null) { + keyData.setWrappedPrivateData(sessWrappedKeyData); + } + if (passWrappedKeyData != null) { + keyData.setWrappedPrivateData(passWrappedKeyData); + } + if (nonceData != null) { + keyData.setNonceData(nonceData); + } + + kra.destroyVolatileRequest(request.getRequestId()); + + queue.markAsServiced(request); return keyData; } @@ -103,9 +195,6 @@ public class KeyDAO { UriBuilder keyBuilder = uriInfo.getBaseUriBuilder(); keyBuilder.path("/key/" + serial); ret.setKeyURL(keyBuilder.build().toString()); - - // clientID = rec.getClientID(); - // TODO add other fields as needed return ret; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyData.java b/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyData.java index 0e6e80dec..4f303e27d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyData.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyData.java @@ -36,6 +36,9 @@ public class KeyData { @XmlElement String wrappedPrivateData; + @XmlElement + String nonceData; + public KeyData() { // required for JAXB (defaults) } @@ -54,4 +57,20 @@ public class KeyData { this.wrappedPrivateData = wrappedPrivateData; } + /** + * @return the nonceData + */ + + public String getNonceData() { + return nonceData; + } + + /** + * @param nonceData the nonceData to set + */ + + public void setNonceData(String nonceData) { + this.nonceData = nonceData; + } + } |