2 files changed, 118 insertions, 10 deletions

diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyDAO.java b/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyDAO.java
index 5fd17a333..fd9d2d2c0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyDAO.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyDAO.java
@@ -20,8 +20,11 @@ package com.netscape.cms.servlet.key.model;
 import java.math.BigInteger;
 import java.util.ArrayList;
 import java.util.Enumeration;
+import java.util.Hashtable;
 import java.util.List;
 
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 import javax.ws.rs.core.UriInfo;
 import com.netscape.certsrv.apps.CMS;
@@ -29,7 +32,12 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.keydb.IKeyRecord;
 import com.netscape.certsrv.dbs.keydb.IKeyRepository;
 import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
+import com.netscape.certsrv.request.IRequest;
+import com.netscape.certsrv.request.IRequestQueue;
+import com.netscape.certsrv.request.RequestId;
+import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cms.servlet.request.model.RecoveryRequestData;
+import com.netscape.kra.SecurityDataRecoveryService;
 
 /**
  * @author alee
@@ -38,11 +46,13 @@ import com.netscape.cms.servlet.request.model.RecoveryRequestData;
 public class KeyDAO {
 
     private IKeyRepository repo;
+    private IKeyRecoveryAuthority kra;
+    private IRequestQueue queue;
     
     public KeyDAO() {
-        IKeyRecoveryAuthority kra = null;
         kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( "kra" );
         repo = kra.getKeyRepository();
+        queue = kra.getRequestQueue();
     }
     /**
      * Returns list of keys meeting specified search filter.
@@ -79,18 +89,100 @@ public class KeyDAO {
     }
     
     public KeyData getKey(String keyId, RecoveryRequestData data) throws EBaseException {
-        KeyData keyData = null;
+        KeyData keyData;
         BigInteger serial = new BigInteger(keyId);
         
-        // get wrapped key
+        String rId = data.getRequestId();
+
+        String transWrappedSessionKey;
+        String sessionWrappedPassphrase;
+
+        IRequest  request = queue.findRequest(new RequestId(rId));
+
+        if (request == null) {
+            return null;
+        }
+
+     // get wrapped key
         IKeyRecord rec = repo.readKeyRecord(serial);
         if (rec == null) {
-            // key does not exist
-            // log the error
             return null;  
         }
-        // TODO unwrap the key and wrap with the credential in RecoveryRequestData
-        // need to figure out how to do this with jmagne 
+
+        Hashtable<String, Object> requestParams = kra.getVolatileRequest(
+                request.getRequestId());
+
+        if(requestParams == null) {
+            throw new EBaseException("Can't obtain Volatile requestParams in KeyDAO.getKey!");
+        }
+
+        String sessWrappedKeyData = (String) requestParams.get(SecurityDataRecoveryService.ATTR_SESS_WRAPPED_DATA);
+        String passWrappedKeyData = (String) requestParams.get(SecurityDataRecoveryService.ATTR_PASS_WRAPPED_DATA);
+        String nonceData = (String) requestParams.get(IRequest.SECURITY_DATA_IV_STRING_OUT);
+
+        if (sessWrappedKeyData != null || passWrappedKeyData != null) {
+            //The recovery process has already placed a valid recovery
+            //package, either session key wrapped or pass wrapped, into the request.
+            //Request already has been processed.
+            keyData = new KeyData();
+
+        } else {
+            // The request has not yet been processed, let's see if the RecoveryRequestData contains
+            // the info now needed to process the recovery request.
+
+            transWrappedSessionKey   = data.getTransWrappedSessionKey();
+            sessionWrappedPassphrase = data.getSessionWrappedPassphrase();
+            nonceData = data.getNonceData();
+
+            if(transWrappedSessionKey == null) {
+                 //There must be at least a transWrappedSessionKey input provided.
+                 //The command AND the request have provided insufficient data, end of the line.
+                 throw new EBaseException("Can't retrieve key, insufficient input data!");
+            }
+
+            if (sessionWrappedPassphrase != null) {
+                requestParams.put(IRequest.SECURITY_DATA_SESS_PASS_PHRASE, sessionWrappedPassphrase);
+            }
+
+            if (transWrappedSessionKey != null) {
+                requestParams.put(IRequest.SECURITY_DATA_TRANS_SESS_KEY, transWrappedSessionKey);
+            }
+
+            if (nonceData != null) {
+                requestParams.put(IRequest.SECURITY_DATA_IV_STRING_IN, nonceData);
+            }
+
+            try {
+                // Has to be in this state or it won't go anywhere.
+                request.setRequestStatus(RequestStatus.BEGIN);
+                queue.processRequest(request);
+            } catch (EBaseException e) {
+                kra.destroyVolatileRequest(request.getRequestId());
+                throw new EBaseException(e.toString());
+            }
+
+            nonceData = null;
+            keyData = new KeyData();
+
+            sessWrappedKeyData = (String) requestParams.get(SecurityDataRecoveryService.ATTR_SESS_WRAPPED_DATA);
+            passWrappedKeyData = (String) requestParams.get(SecurityDataRecoveryService.ATTR_PASS_WRAPPED_DATA);
+            nonceData = (String) requestParams.get(IRequest.SECURITY_DATA_IV_STRING_OUT);
+
+        }
+
+        if (sessWrappedKeyData != null) {
+            keyData.setWrappedPrivateData(sessWrappedKeyData);
+        }
+        if (passWrappedKeyData != null) {
+            keyData.setWrappedPrivateData(passWrappedKeyData);
+        }
+        if (nonceData != null) {
+            keyData.setNonceData(nonceData);
+        }
+
+        kra.destroyVolatileRequest(request.getRequestId());
+
+        queue.markAsServiced(request);
         
         return keyData;
     }
@@ -103,9 +195,6 @@ public class KeyDAO {
         UriBuilder keyBuilder = uriInfo.getBaseUriBuilder();
         keyBuilder.path("/key/" + serial);
         ret.setKeyURL(keyBuilder.build().toString());
-        
-        // clientID = rec.getClientID();
-        // TODO add other fields as needed
         return ret;
     }
     
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyData.java b/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyData.java
index 0e6e80dec..4f303e27d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyData.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/model/KeyData.java
@@ -36,6 +36,9 @@ public class KeyData {
     @XmlElement
     String wrappedPrivateData;
     
+    @XmlElement
+    String nonceData;
+
     public KeyData() {
         // required for JAXB (defaults)
     }
@@ -54,4 +57,20 @@ public class KeyData {
         this.wrappedPrivateData = wrappedPrivateData;
     }
     
+    /**
+     * @return the nonceData
+     */
+
+    public String getNonceData() {
+        return nonceData;
+    }
+
+    /**
+     * @param nonceData the nonceData to set
+     */
+
+    public void setNonceData(String nonceData) {
+        this.nonceData = nonceData;
+    }
+
 }