1 files changed, 154 insertions, 0 deletions

diff --git a/pki/base/kra/src/com/netscape/kra/ArchiveOptions.java b/pki/base/kra/src/com/netscape/kra/ArchiveOptions.java
new file mode 100644
index 000000000..c4650f17e
--- /dev/null
+++ b/pki/base/kra/src/com/netscape/kra/ArchiveOptions.java
@@ -0,0 +1,154 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.kra;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+import org.mozilla.jss.asn1.ANY;
+import org.mozilla.jss.asn1.BIT_STRING;
+import org.mozilla.jss.asn1.InvalidBERException;
+import org.mozilla.jss.asn1.OCTET_STRING;
+import org.mozilla.jss.asn1.SET;
+import org.mozilla.jss.pkix.cms.EncryptedContentInfo;
+import org.mozilla.jss.pkix.cms.EnvelopedData;
+import org.mozilla.jss.pkix.cms.RecipientInfo;
+import org.mozilla.jss.pkix.crmf.EncryptedKey;
+import org.mozilla.jss.pkix.crmf.EncryptedValue;
+import org.mozilla.jss.pkix.crmf.PKIArchiveOptions;
+import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier;
+
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
+
+class ArchiveOptions {
+    private String mSymmAlgOID = null;
+    private byte mSymmAlgParams[] = null;
+    private byte mEncSymmKey[] = null;
+    private byte mEncValue[] = null;
+
+    public ArchiveOptions(PKIArchiveOptions opts) throws EBaseException {
+        try {
+            EncryptedKey key = opts.getEncryptedKey();
+            ANY enveloped_val = null;
+            EncryptedValue val = null;
+            AlgorithmIdentifier symmAlg = null;
+
+            if (key.getType() == org.mozilla.jss.pkix.crmf.EncryptedKey.ENVELOPED_DATA) {
+                CMS.debug("EnrollService: ArchiveOptions() EncryptedKey type= ENVELOPED_DATA");
+                // this is the new RFC4211 EncryptedKey that should
+                // have EnvelopedData to replace the deprecated EncryptedValue
+                enveloped_val = key.getEnvelopedData();
+                byte[] env_b = enveloped_val.getEncoded();
+                EnvelopedData.Template env_template = new EnvelopedData.Template();
+                EnvelopedData env_data =
+                        (EnvelopedData) env_template.decode(new ByteArrayInputStream(env_b));
+                EncryptedContentInfo eCI = env_data.getEncryptedContentInfo();
+                symmAlg = eCI.getContentEncryptionAlgorithm();
+                mSymmAlgOID = symmAlg.getOID().toString();
+                mSymmAlgParams =
+                        ((OCTET_STRING) ((ANY) symmAlg.getParameters()).decodeWith(OCTET_STRING.getTemplate()))
+                                .toByteArray();
+
+                SET recipients = env_data.getRecipientInfos();
+                if (recipients.size() <= 0) {
+                    CMS.debug("EnrollService: ArchiveOptions() - missing recipient information ");
+                    throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE",
+                            "[PKIArchiveOptions] missing recipient information "));
+                }
+                //check recpient - later
+                //we only handle one recipient here anyways.  so, either the key
+                //can be decrypted or it can't. No risk here.
+                RecipientInfo ri = (RecipientInfo) recipients.elementAt(0);
+                OCTET_STRING key_o = ri.getEncryptedKey();
+                mEncSymmKey = key_o.toByteArray();
+
+                OCTET_STRING oString = eCI.getEncryptedContent();
+                BIT_STRING encVal = new BIT_STRING(oString.toByteArray(), 0);
+                mEncValue = encVal.getBits();
+                CMS.debug("EnrollService: ArchiveOptions() EncryptedKey type= ENVELOPED_DATA done");
+            } else if (key.getType() == org.mozilla.jss.pkix.crmf.EncryptedKey.ENCRYPTED_VALUE) {
+                CMS.debug("EnrollService: ArchiveOptions() EncryptedKey type= ENCRYPTED_VALUE");
+                // this is deprecated: EncryptedValue
+                val = key.getEncryptedValue();
+                symmAlg = val.getSymmAlg();
+                mSymmAlgOID = symmAlg.getOID().toString();
+                mSymmAlgParams =
+                        ((OCTET_STRING) ((ANY) symmAlg.getParameters()).decodeWith(OCTET_STRING.getTemplate()))
+                                .toByteArray();
+                BIT_STRING encSymmKey = val.getEncSymmKey();
+
+                mEncSymmKey = encSymmKey.getBits();
+                BIT_STRING encVal = val.getEncValue();
+
+                mEncValue = encVal.getBits();
+                CMS.debug("EnrollService: ArchiveOptions() EncryptedKey type= ENCRYPTED_VALUE done");
+            } else {
+                CMS.debug("EnrollService: ArchiveOptions() invalid EncryptedKey type");
+                throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "[PKIArchiveOptions] type "
+                        + key.getType()));
+            }
+
+        } catch (InvalidBERException e) {
+            CMS.debug("EnrollService: ArchiveOptions(): " + e.toString());
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE",
+                    "[PKIArchiveOptions]" + e.toString()));
+        } catch (IOException e) {
+            CMS.debug("EnrollService: ArchiveOptions(): " + e.toString());
+            throw new EBaseException("ArchiveOptions() exception caught: " +
+                    e.toString());
+        } catch (Exception e) {
+            CMS.debug("EnrollService: ArchiveOptions(): " + e.toString());
+            throw new EBaseException("ArchiveOptions() exception caught: " +
+                    e.toString());
+        }
+
+    }
+
+    static public ArchiveOptions toArchiveOptions(byte options[]) throws
+                                      EBaseException {
+        ByteArrayInputStream bis = new ByteArrayInputStream(options);
+        PKIArchiveOptions archOpts = null;
+
+        try {
+            archOpts = (PKIArchiveOptions)
+                    (new PKIArchiveOptions.Template()).decode(bis);
+        } catch (Exception e) {
+            throw new EBaseException("Failed to decode input PKIArchiveOptions.");
+        }
+
+        return new ArchiveOptions(archOpts);
+
+    }
+
+    public String getSymmAlgOID() {
+        return mSymmAlgOID;
+    }
+
+    public byte[] getSymmAlgParams() {
+        return mSymmAlgParams;
+    }
+
+    public byte[] getEncSymmKey() {
+        return mEncSymmKey;
+    }
+
+    public byte[] getEncValue() {
+        return mEncValue;
+    }
+}