diff options
Diffstat (limited to 'pki/base/kra/src/com/netscape/kra/EnrollmentService.java')
-rw-r--r-- | pki/base/kra/src/com/netscape/kra/EnrollmentService.java | 117 |
1 files changed, 2 insertions, 115 deletions
diff --git a/pki/base/kra/src/com/netscape/kra/EnrollmentService.java b/pki/base/kra/src/com/netscape/kra/EnrollmentService.java index b9df360b0..c2705e1e4 100644 --- a/pki/base/kra/src/com/netscape/kra/EnrollmentService.java +++ b/pki/base/kra/src/com/netscape/kra/EnrollmentService.java @@ -35,25 +35,15 @@ import netscape.security.x509.CertificateX509Key; import netscape.security.x509.X509CertInfo; import netscape.security.x509.X509Key; -import org.mozilla.jss.asn1.ANY; import org.mozilla.jss.asn1.ASN1Util; import org.mozilla.jss.asn1.ASN1Value; -import org.mozilla.jss.asn1.BIT_STRING; import org.mozilla.jss.asn1.InvalidBERException; import org.mozilla.jss.asn1.OBJECT_IDENTIFIER; -import org.mozilla.jss.asn1.OCTET_STRING; import org.mozilla.jss.asn1.SEQUENCE; -import org.mozilla.jss.asn1.SET; -import org.mozilla.jss.pkix.cms.EncryptedContentInfo; -import org.mozilla.jss.pkix.cms.EnvelopedData; -import org.mozilla.jss.pkix.cms.RecipientInfo; import org.mozilla.jss.pkix.crmf.CertReqMsg; import org.mozilla.jss.pkix.crmf.CertRequest; -import org.mozilla.jss.pkix.crmf.EncryptedKey; -import org.mozilla.jss.pkix.crmf.EncryptedValue; import org.mozilla.jss.pkix.crmf.PKIArchiveOptions; import org.mozilla.jss.pkix.primitive.AVA; -import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.AuthToken; @@ -73,6 +63,7 @@ import com.netscape.certsrv.security.ITransportKeyUnit; import com.netscape.certsrv.util.IStatsSubsystem; import com.netscape.cmscore.crmf.CRMFParser; import com.netscape.cmscore.crmf.PKIArchiveOptionsContainer; +import com.netscape.kra.ArchiveOptions; import com.netscape.cmscore.dbs.KeyRecord; /** @@ -553,7 +544,7 @@ public class EnrollmentService implements IService { */ public static PKIArchiveOptionsContainer[] getPKIArchiveOptions(String crmfBlob) throws EBaseException { - Vector options = new Vector(); + Vector<Object> options = new Vector<Object>(); if (CMS.debugOn()) CMS.debug("EnrollmentService::getPKIArchiveOptions> crmfBlob=" + crmfBlob); @@ -876,107 +867,3 @@ public class EnrollmentService implements IService { msg); } } - -/** - * Parsed and Flattened structure of PKIArchiveOptions. - */ -class ArchiveOptions { - private String mSymmAlgOID = null; - private byte mSymmAlgParams[] = null; - private byte mEncSymmKey[] = null; - private byte mEncValue[] = null; - - public ArchiveOptions(PKIArchiveOptions opts) throws EBaseException { - try { - EncryptedKey key = opts.getEncryptedKey(); - ANY enveloped_val = null; - EncryptedValue val = null; - AlgorithmIdentifier symmAlg = null; - - if (key.getType() == org.mozilla.jss.pkix.crmf.EncryptedKey.ENVELOPED_DATA) { - CMS.debug("EnrollService: ArchiveOptions() EncryptedKey type= ENVELOPED_DATA"); - // this is the new RFC4211 EncryptedKey that should - // have EnvelopedData to replace the deprecated EncryptedValue - enveloped_val = key.getEnvelopedData(); - byte[] env_b = enveloped_val.getEncoded(); - EnvelopedData.Template env_template = new EnvelopedData.Template(); - EnvelopedData env_data = - (EnvelopedData) env_template.decode(new ByteArrayInputStream(env_b)); - EncryptedContentInfo eCI = env_data.getEncryptedContentInfo(); - symmAlg = eCI.getContentEncryptionAlgorithm(); - mSymmAlgOID = symmAlg.getOID().toString(); - mSymmAlgParams = - ((OCTET_STRING) ((ANY) symmAlg.getParameters()).decodeWith(OCTET_STRING.getTemplate())) - .toByteArray(); - - SET recipients = env_data.getRecipientInfos(); - if (recipients.size() <= 0) { - CMS.debug("EnrollService: ArchiveOptions() - missing recipient information "); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", - "[PKIArchiveOptions] missing recipient information ")); - } - //check recpient - later - //we only handle one recipient here anyways. so, either the key - //can be decrypted or it can't. No risk here. - RecipientInfo ri = (RecipientInfo) recipients.elementAt(0); - OCTET_STRING key_o = ri.getEncryptedKey(); - mEncSymmKey = key_o.toByteArray(); - - OCTET_STRING oString = eCI.getEncryptedContent(); - BIT_STRING encVal = new BIT_STRING(oString.toByteArray(), 0); - mEncValue = encVal.getBits(); - CMS.debug("EnrollService: ArchiveOptions() EncryptedKey type= ENVELOPED_DATA done"); - } else if (key.getType() == org.mozilla.jss.pkix.crmf.EncryptedKey.ENCRYPTED_VALUE) { - CMS.debug("EnrollService: ArchiveOptions() EncryptedKey type= ENCRYPTED_VALUE"); - // this is deprecated: EncryptedValue - val = key.getEncryptedValue(); - symmAlg = val.getSymmAlg(); - mSymmAlgOID = symmAlg.getOID().toString(); - mSymmAlgParams = - ((OCTET_STRING) ((ANY) symmAlg.getParameters()).decodeWith(OCTET_STRING.getTemplate())) - .toByteArray(); - BIT_STRING encSymmKey = val.getEncSymmKey(); - - mEncSymmKey = encSymmKey.getBits(); - BIT_STRING encVal = val.getEncValue(); - - mEncValue = encVal.getBits(); - CMS.debug("EnrollService: ArchiveOptions() EncryptedKey type= ENCRYPTED_VALUE done"); - } else { - CMS.debug("EnrollService: ArchiveOptions() invalid EncryptedKey type"); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "[PKIArchiveOptions] type " - + key.getType())); - } - - } catch (InvalidBERException e) { - CMS.debug("EnrollService: ArchiveOptions(): " + e.toString()); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", - "[PKIArchiveOptions]" + e.toString())); - } catch (IOException e) { - CMS.debug("EnrollService: ArchiveOptions(): " + e.toString()); - throw new EBaseException("ArchiveOptions() exception caught: " + - e.toString()); - } catch (Exception e) { - CMS.debug("EnrollService: ArchiveOptions(): " + e.toString()); - throw new EBaseException("ArchiveOptions() exception caught: " + - e.toString()); - } - - } - - public String getSymmAlgOID() { - return mSymmAlgOID; - } - - public byte[] getSymmAlgParams() { - return mSymmAlgParams; - } - - public byte[] getEncSymmKey() { - return mEncSymmKey; - } - - public byte[] getEncValue() { - return mEncValue; - } -} |