summaryrefslogtreecommitdiffstats
path: root/pki/base/kra/src
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/kra/src')
-rw-r--r--pki/base/kra/src/com/netscape/kra/EnrollmentService.java10
-rw-r--r--pki/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java34
-rw-r--r--pki/base/kra/src/com/netscape/kra/NetkeyKeygenService.java149
-rw-r--r--pki/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java191
4 files changed, 254 insertions, 130 deletions
diff --git a/pki/base/kra/src/com/netscape/kra/EnrollmentService.java b/pki/base/kra/src/com/netscape/kra/EnrollmentService.java
index c1aed4725..307f01518 100644
--- a/pki/base/kra/src/com/netscape/kra/EnrollmentService.java
+++ b/pki/base/kra/src/com/netscape/kra/EnrollmentService.java
@@ -92,12 +92,12 @@ public class EnrollmentService implements IService {
LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST =
"LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4";
private final static String
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED =
- "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED_3";
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED =
+ "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED_3";
private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST =
"LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_4";
- private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED =
- "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED_4";
+ private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED =
+ "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED_4";
/**
* Constructs request processor.
* <P>
@@ -455,7 +455,7 @@ public class EnrollmentService implements IService {
// store a message in the signed audit log file
auditPublicKey = auditPublicKey(rec);
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED,
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,
auditSubjectID,
ILogger.SUCCESS,
auditPublicKey);
diff --git a/pki/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java b/pki/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java
index ce2a03b20..fd5537c31 100644
--- a/pki/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java
+++ b/pki/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java
@@ -120,16 +120,16 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove
LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST =
"LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4";
private final static String
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED =
- "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED_3";
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED =
+ "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED_3";
private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST =
"LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_4";
private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_ASYNC =
"LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_ASYNC_4";
- private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED =
- "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED_4";
- private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED_ASYNC =
- "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED_ASYNC_4";
+ private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED =
+ "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED_4";
+ private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED_ASYNC =
+ "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED_ASYNC_4";
/**
* Constructs an escrow authority.
@@ -695,7 +695,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove
* <li>signed.audit LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST used
* whenever a user private key archive request is made (this is when the
* DRM receives the request)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED used
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED used
* whenever a user private key archive request is processed (this is when
* the DRM processes the request)
* </ul>
@@ -765,7 +765,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED,
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,
auditSubjectID,
ILogger.SUCCESS,
auditPublicKey);
@@ -774,7 +774,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED,
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,
auditSubjectID,
ILogger.FAILURE,
auditPublicKey);
@@ -944,7 +944,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove
* <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST used whenever
* a user private key recovery request is made (this is when the DRM
* receives the request)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED used whenever
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED used whenever
* a user private key recovery request is processed (this is when the DRM
* processes the request)
* </ul>
@@ -1036,7 +1036,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED,
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED,
auditSubjectID,
ILogger.SUCCESS,
auditRecoveryID,
@@ -1050,7 +1050,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove
} else {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED,
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED,
auditSubjectID,
ILogger.FAILURE,
auditRecoveryID,
@@ -1063,7 +1063,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED,
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED,
auditSubjectID,
ILogger.FAILURE,
auditRecoveryID,
@@ -1084,7 +1084,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove
* <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST used whenever
* a user private key recovery request is made (this is when the DRM
* receives the request)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED used whenever
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED used whenever
* a user private key recovery request is processed (this is when the DRM
* processes the request)
* </ul>
@@ -1133,7 +1133,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED_ASYNC,
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,
auditSubjectID,
ILogger.SUCCESS,
auditRecoveryID,
@@ -1147,7 +1147,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove
} else {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED_ASYNC,
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,
auditSubjectID,
ILogger.FAILURE,
auditRecoveryID,
@@ -1160,7 +1160,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED_ASYNC,
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,
auditSubjectID,
ILogger.FAILURE,
auditRecoveryID,
diff --git a/pki/base/kra/src/com/netscape/kra/NetkeyKeygenService.java b/pki/base/kra/src/com/netscape/kra/NetkeyKeygenService.java
index 4f41eac7d..694e91ab3 100644
--- a/pki/base/kra/src/com/netscape/kra/NetkeyKeygenService.java
+++ b/pki/base/kra/src/com/netscape/kra/NetkeyKeygenService.java
@@ -97,15 +97,24 @@ public class NetkeyKeygenService implements IService {
LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST =
"LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4";
private final static String
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED =
- "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED_3";
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED =
+ "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED_3";
// these need to be defined in LogMessages_en.properties later when we do this
private final static String
- LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST =
- "LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_3";
+ LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST =
+ "LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_3";
private final static String
- LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_PROCESSED =
- "LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_PROCESSED_3";
+ LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS =
+ "LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS_4";
+ private final static String
+ LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE =
+ "LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE_3";
+ private final static String
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS =
+ "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4";
+ private final static String
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE =
+ "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4";
private IKeyRecoveryAuthority mKRA = null;
private ITransportKeyUnit mTransportUnit = null;
private IStorageKeyUnit mStorageUnit = null;
@@ -350,20 +359,20 @@ public class NetkeyKeygenService implements IService {
int keysize = Integer.parseInt(rKeysize);
auditSubjectID=rCUID+":"+rUserid;
- SessionContext sContext = SessionContext.getContext();
- String agentId="";
- if (sContext != null) {
+ SessionContext sContext = SessionContext.getContext();
+ String agentId="";
+ if (sContext != null) {
agentId =
(String) sContext.get(SessionContext.USER_ID);
- }
+ }
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST,
- auditSubjectID,
- ILogger.SUCCESS,
- agentId);
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST,
+ agentId,
+ ILogger.SUCCESS,
+ auditSubjectID);
- audit(auditMessage);
+ audit(auditMessage);
String rWrappedDesKeyString = request.getExtDataInString(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY);
@@ -384,7 +393,7 @@ public class NetkeyKeygenService implements IService {
(wrapped_des_key.length > 0)) {
// unwrap the DES key
- sk= (PK11SymKey) mTransportUnit.unwrap_sym(wrapped_des_key);
+ sk= (PK11SymKey) mTransportUnit.unwrap_sym(wrapped_des_key);
/* XXX could be done in HSM*/
KeyPair keypair = null;
@@ -399,41 +408,51 @@ public class NetkeyKeygenService implements IService {
request.setExtData(IRequest.RESULT, Integer.valueOf(4));
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_PROCESSED,
- auditSubjectID,
+ LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,
+ agentId,
ILogger.FAILURE,
- agentId);
+ auditSubjectID);
audit(auditMessage);
return false;
- } else {
- CMS.debug("NetkeyKeygenService: finished generate key pair for " +rCUID+":"+rUserid);
- CMS.debug("NetkeyKeygenService: server-side key generated at keysize "+keysize);
+ }
+ CMS.debug("NetkeyKeygenService: finished generate key pair for " +rCUID+":"+rUserid);
+
+ try {
+ publicKeyData = keypair.getPublic().getEncoded();
+ if (publicKeyData == null) {
+ request.setExtData(IRequest.RESULT, Integer.valueOf(4));
+ CMS.debug("NetkeyKeygenService: failed getting publickey encoded");
+ return false;
+ } else {
+ //CMS.debug("NetkeyKeygenService: public key binary length ="+ publicKeyData.length);
+ PubKey = base64Encode(publicKeyData);
+
+ //CMS.debug("NetkeyKeygenService: public key length =" + PubKey.length());
+ request.setExtData("public_key", PubKey);
+ }
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_PROCESSED,
+ LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,
+ agentId,
+ ILogger.SUCCESS,
auditSubjectID,
- ILogger.SUCCESS,
- agentId);
+ PubKey);
audit(auditMessage);
- }
-
- //...extract the private key handle (not privatekeydata)
- java.security.PrivateKey privKey =
- keypair.getPrivate();
+ //...extract the private key handle (not privatekeydata)
+ java.security.PrivateKey privKey =
+ keypair.getPrivate();
- if (privKey == null) {
- request.setExtData(IRequest.RESULT, Integer.valueOf(4));
- CMS.debug("NetkeyKeygenService: failed getting private key");
- return false;
- } else {
- CMS.debug("NetkeyKeygenService: got private key");
- }
-
- try {
+ if (privKey == null) {
+ request.setExtData(IRequest.RESULT, Integer.valueOf(4));
+ CMS.debug("NetkeyKeygenService: failed getting private key");
+ return false;
+ } else {
+ CMS.debug("NetkeyKeygenService: got private key");
+ }
if (sk == null) {
CMS.debug("NetkeyKeygenService: no DES key");
@@ -472,22 +491,25 @@ public class NetkeyKeygenService implements IService {
if (wrappedPrivKeyString == null) {
request.setExtData(IRequest.RESULT, Integer.valueOf(4));
CMS.debug("NetkeyKeygenService: failed generating wrapped private key");
- return false;
- } else {
- request.setExtData("wrappedUserPrivate", wrappedPrivKeyString);
- }
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
+ agentId,
+ ILogger.FAILURE,
+ auditSubjectID,
+ PubKey);
- publicKeyData = keypair.getPublic().getEncoded();
- if (publicKeyData == null) {
- request.setExtData(IRequest.RESULT, Integer.valueOf(4));
- CMS.debug("NetkeyKeygenService: failed getting publickey encoded");
+ audit(auditMessage);
return false;
} else {
- //CMS.debug("NetkeyKeygenService: public key binary length ="+ publicKeyData.length);
- PubKey = base64Encode(publicKeyData);
+ request.setExtData("wrappedUserPrivate", wrappedPrivKeyString);
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
+ agentId,
+ ILogger.SUCCESS,
+ auditSubjectID,
+ PubKey);
- //CMS.debug("NetkeyKeygenService: public key length =" + PubKey.length());
- request.setExtData("public_key", PubKey);
+ audit(auditMessage);
}
iv_s = /*base64Encode(iv);*/com.netscape.cmsutil.util.Utils.SpecialEncode(iv);
@@ -506,6 +528,14 @@ public class NetkeyKeygenService implements IService {
//
// mKRA.log(ILogger.LL_INFO, "KRA encrypts internal private");
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+ agentId,
+ ILogger.SUCCESS,
+ auditSubjectID,
+ auditArchiveID);
+
+ audit(auditMessage);
CMS.debug("KRA encrypts private key to put on internal ldap db");
byte privateKeyData[] =
mStorageUnit.wrap((org.mozilla.jss.crypto.PrivateKey) privKey);
@@ -556,8 +586,8 @@ public class NetkeyKeygenService implements IService {
CMS.debug("NetkeyKeygenService: key archived for "+rCUID+":"+rUserid);
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED,
- auditSubjectID,
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,
+ agentId,
ILogger.SUCCESS,
PubKey);
@@ -566,12 +596,11 @@ public class NetkeyKeygenService implements IService {
} //if archive
request.setExtData(IRequest.RESULT, Integer.valueOf(1));
- } catch (Exception e) {
- CMS.debug("NetKeyKeygenService: " + e.toString());
- Debug.printStackTrace(e);
- request.setExtData(IRequest.RESULT, Integer.valueOf(4));
-
- }
+ } catch (Exception e) {
+ CMS.debug("NetKeyKeygenService: " + e.toString());
+ Debug.printStackTrace(e);
+ request.setExtData(IRequest.RESULT, Integer.valueOf(4));
+ }
} else
request.setExtData(IRequest.RESULT, Integer.valueOf(2));
diff --git a/pki/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java b/pki/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java
index daafb8b7f..77752cffa 100644
--- a/pki/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java
+++ b/pki/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java
@@ -90,8 +90,8 @@ public class TokenKeyRecoveryService implements IService {
"LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_4";
private final static String
- LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED =
- "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED_4";
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED =
+ "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED_4";
private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
/**
@@ -243,7 +243,7 @@ public class TokenKeyRecoveryService implements IService {
wrapped_des_key = null;
- PK11SymKey sk= null;
+ PK11SymKey sk= null;
String rCUID = request.getExtDataInString(IRequest.NETKEY_ATTR_CUID);
String rUserid = request.getExtDataInString(IRequest.NETKEY_ATTR_USERID);
@@ -260,40 +260,72 @@ public class TokenKeyRecoveryService implements IService {
// unwrap the des key
sk = (PK11SymKey) mTransportUnit.unwrap_encrypt_sym(wrapped_des_key);
- if (sk == null) {
- CMS.debug("TokenKeyRecoveryService: no des key");
- request.setExtData(IRequest.RESULT, Integer.valueOf(4));
- } else {
- CMS.debug("TokenKeyRecoveryService: received des key");
- }
+ if (sk == null) {
+ CMS.debug("TokenKeyRecoveryService: no des key");
+ request.setExtData(IRequest.RESULT, Integer.valueOf(4));
+ } else {
+ CMS.debug("TokenKeyRecoveryService: received des key");
+ }
} else {
- CMS.debug("TokenKeyRecoveryService: not receive des key");
+ CMS.debug("TokenKeyRecoveryService: not receive des key");
request.setExtData(IRequest.RESULT, Integer.valueOf(4));
- return false;
- }
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRecoveryID,
+ agentId);
+
+ audit(auditMessage);
+ return false;
+ }
// retrieve based on Certificate
- String cert_s = request.getExtDataInString(ATTR_USER_CERT);
- if (cert_s == null) {
- CMS.debug("TokenKeyRecoveryService: not receive cert");
+ String cert_s = request.getExtDataInString(ATTR_USER_CERT);
+ if (cert_s == null) {
+ CMS.debug("TokenKeyRecoveryService: not receive cert");
request.setExtData(IRequest.RESULT, Integer.valueOf(3));
- return false;
- }
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRecoveryID,
+ agentId);
- String cert = normalizeCertStr(cert_s);
- java.security.cert.X509Certificate x509cert = null;
- try {
- x509cert= (java.security.cert.X509Certificate) Cert.mapCert(cert);
- if (x509cert == null) {
- CMS.debug("cert mapping failed");
- request.setExtData(IRequest.RESULT, Integer.valueOf(5));
- return false;
- }
- } catch (IOException e) {
- CMS.debug("TokenKeyRecoveryService: mapCert failed");
+ audit(auditMessage);
+ return false;
+ }
+
+ String cert = normalizeCertStr(cert_s);
+ java.security.cert.X509Certificate x509cert = null;
+ try {
+ x509cert= (java.security.cert.X509Certificate) Cert.mapCert(cert);
+ if (x509cert == null) {
+ CMS.debug("cert mapping failed");
+ request.setExtData(IRequest.RESULT, Integer.valueOf(5));
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRecoveryID,
+ agentId);
+
+ audit(auditMessage);
+ return false;
+ }
+ } catch (IOException e) {
+ CMS.debug("TokenKeyRecoveryService: mapCert failed");
request.setExtData(IRequest.RESULT, Integer.valueOf(6));
- return false;
- }
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRecoveryID,
+ agentId);
+
+ audit(auditMessage);
+ return false;
+ }
try {
/*
@@ -301,12 +333,11 @@ public class TokenKeyRecoveryService implements IService {
CryptoManager.getInstance().getInternalKeyStorageToken();
*/
CryptoToken token = mStorageUnit.getToken();
- CMS.debug("NetkeyKeygenService: got token slot:"+token.getName());
+ CMS.debug("TokenKeyRecoveryService: got token slot:"+token.getName());
IVParameterSpec algParam = new IVParameterSpec(iv);
Cipher cipher = token.getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD);
-
KeyRecord keyRecord = null;
CMS.debug( "KRA reading key record");
try {
@@ -316,11 +347,27 @@ public class TokenKeyRecoveryService implements IService {
else {
CMS.debug("key record not found");
request.setExtData(IRequest.RESULT, Integer.valueOf(8));
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRecoveryID,
+ agentId);
+
+ audit(auditMessage);
return false;
}
}catch (Exception e) {
com.netscape.cmscore.util.Debug.printStackTrace(e);
request.setExtData(IRequest.RESULT, Integer.valueOf(9));
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRecoveryID,
+ agentId);
+
+ audit(auditMessage);
return false;
}
@@ -342,6 +389,14 @@ public class TokenKeyRecoveryService implements IService {
if (inputPubData.length != pubData.length) {
mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_PUBLIC_KEY_LEN"));
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRecoveryID,
+ agentId);
+
+ audit(auditMessage);
throw new EKRAException(
CMS.getUserMessage("CMS_KRA_PUBLIC_KEY_NOT_MATCHED"));
}
@@ -349,6 +404,14 @@ public class TokenKeyRecoveryService implements IService {
for (int i = 0; i < pubData.length; i++) {
if (pubData[i] != inputPubData[i]) {
mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_PUBLIC_KEY_LEN"));
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRecoveryID,
+ agentId);
+
+ audit(auditMessage);
throw new EKRAException(
CMS.getUserMessage("CMS_KRA_PUBLIC_KEY_NOT_MATCHED"));
}
@@ -359,10 +422,18 @@ public class TokenKeyRecoveryService implements IService {
privateKeyData = recoverKey(params, keyRecord);
if (privateKeyData == null) {
request.setExtData(IRequest.RESULT, Integer.valueOf(4));
- CMS.debug("NetkeyKeygenService: failed getting private key");
+ CMS.debug("TokenKeyRecoveryService: failed getting private key");
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRecoveryID,
+ agentId);
+
+ audit(auditMessage);
return false;
}
- CMS.debug("NetkeyKeygenService: got private key...about to verify");
+ CMS.debug("TokenKeyRecoveryService: got private key...about to verify");
/* LunaSA returns data with padding which we need to remove */
ByteArrayInputStream dis = new ByteArrayInputStream(privateKeyData);
@@ -378,10 +449,18 @@ public class TokenKeyRecoveryService implements IService {
if (verifyKeyPair(pubData, privateKeyData) == false) {
mKRA.log(ILogger.LL_FAILURE,
CMS.getLogMessage("CMSCORE_KRA_PUBLIC_NOT_FOUND"));
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRecoveryID,
+ agentId);
+
+ audit(auditMessage);
throw new EKRAException(
CMS.getUserMessage("CMS_KRA_INVALID_PUBLIC_KEY"));
} else {
- CMS.debug("NetkeyKeygenService: private key verified with public key");
+ CMS.debug("TokenKeyRecoveryService: private key verified with public key");
}
//encrypt and put in private key
@@ -392,14 +471,22 @@ public class TokenKeyRecoveryService implements IService {
com.netscape.cmsutil.util.Utils.SpecialEncode(wrapped);
if (wrappedPrivKeyString == null) {
request.setExtData(IRequest.RESULT, Integer.valueOf(4));
- CMS.debug("NetkeyKeygenService: failed generating wrapped private key");
+ CMS.debug("TokenKeyRecoveryService: failed generating wrapped private key");
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRecoveryID,
+ agentId);
+
+ audit(auditMessage);
return false;
} else {
- CMS.debug("NetkeyKeygenService: got private key data wrapped");
+ CMS.debug("TokenKeyRecoveryService: got private key data wrapped");
request.setExtData("wrappedUserPrivate",
wrappedPrivKeyString);
request.setExtData(IRequest.RESULT, Integer.valueOf(1));
- CMS.debug( "NetkeyKeygenService: key for " +rCUID+":"+rUserid +" recovered");
+ CMS.debug( "TokenKeyRecoveryService: key for " +rCUID+":"+rUserid +" recovered");
}
//convert and put in the public key
@@ -416,23 +503,31 @@ public class TokenKeyRecoveryService implements IService {
if (b64PKey == null) {
request.setExtData(IRequest.RESULT, Integer.valueOf(4));
- CMS.debug("NetkeyKeygenService: failed getting publickey encoded");
+ CMS.debug("TokenKeyRecoveryService: failed getting publickey encoded");
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRecoveryID,
+ agentId);
+
+ audit(auditMessage);
return false;
} else {
- CMS.debug("NetkeyKeygenService: got publicKeyData b64 = "+
+ CMS.debug("TokenKeyRecoveryService: got publicKeyData b64 = "+
b64PKey);
}
request.setExtData("public_key", b64PKey);
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRecoveryID,
- agentId);
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditRecoveryID,
+ agentId);
- audit(auditMessage);
+ audit(auditMessage);
- return true;
+ return true;
} catch (Exception e) {
CMS.debug("TokenKeyRecoveryService: " + e.toString());
generated by cgit (git 2.34.1) at 2024-06-26 02:49:18 +0000