From 90f5798079ffe46502552daaddd1b6366eafac62 Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Sat, 16 Apr 2016 11:48:52 -0400 Subject: Added realm for archival and key generation through REST This will allow users to specify the realm when generating or archiving a request. No interface change is needed (yet) because the extra parameter is passed through the request. Part of Ticket #2041 --- .../src/com/netscape/certsrv/key/KeyClient.java | 90 +++++++++++++++++++--- 1 file changed, 79 insertions(+), 11 deletions(-) (limited to 'base/common/src/com/netscape/certsrv/key/KeyClient.java') diff --git a/base/common/src/com/netscape/certsrv/key/KeyClient.java b/base/common/src/com/netscape/certsrv/key/KeyClient.java index ade3765a9..04eb6539f 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyClient.java +++ b/base/common/src/com/netscape/certsrv/key/KeyClient.java @@ -517,12 +517,13 @@ public class KeyClient extends Client { * * @param clientKeyId -- Client Key Identfier * @param passphrase -- Secret passphrase to be archived + * @param realm -- authorization realm * @return A KeyRequestResponse object with information about the request. * @throws Exception - Exceptions of type NoSuchAlgorithmException, IllegalStateException, TokenException, * IOException, CertificateEncodingException, InvalidKeyException, InvalidAlgorithmParameterException, * BadPaddingException, IllegalBlockSizeException */ - public KeyRequestResponse archivePassphrase(String clientKeyId, String passphrase) throws Exception { + public KeyRequestResponse archivePassphrase(String clientKeyId, String passphrase, String realm) throws Exception { // Default algorithm OID for DES_EDE3_CBC String algorithmOID = EncryptionAlgorithm.DES3_CBC.toOID().toString(); @@ -533,7 +534,13 @@ public class KeyClient extends Client { sessionKey, KeyRequestResource.DES3_ALGORITHM); return archiveEncryptedData(clientKeyId, KeyRequestResource.PASS_PHRASE_TYPE, null, 0, algorithmOID, - nonceData, encryptedData, transWrappedSessionKey); + nonceData, encryptedData, transWrappedSessionKey, realm); + } + + /* Old signature for backwards compatibility */ + @Deprecated + public KeyRequestResponse archivePassphrase(String clientKeyId, String passphrase) throws Exception { + return archivePassphrase(clientKeyId, passphrase, null); } /** @@ -546,13 +553,14 @@ public class KeyClient extends Client { * @param clientKeyId -- Client Key Identifier * @param keyAlgorithm -- Algorithm used by the symmetric key * @param keySize -- Strength of the symmetric key (secret) + * @param realm -- authorization realm * @return A KeyRequestResponse object with information about the request. * @throws Exception - Exceptions of type NoSuchAlgorithmException, IllegalStateException, TokenException, * IOException, CertificateEncodingException, InvalidKeyException, InvalidAlgorithmParameterException, * BadPaddingException, IllegalBlockSizeException */ public KeyRequestResponse archiveSymmetricKey(String clientKeyId, SymmetricKey secret, String keyAlgorithm, - int keySize) throws Exception { + int keySize, String realm) throws Exception { // Default algorithm OID for DES_EDE3_CBC String algorithmOID = EncryptionAlgorithm.DES3_CBC.toOID().toString(); @@ -562,7 +570,14 @@ public class KeyClient extends Client { byte[] transWrappedSessionKey = crypto.wrapSessionKeyWithTransportCert(sessionKey, this.transportCert); return archiveEncryptedData(clientKeyId, KeyRequestResource.SYMMETRIC_KEY_TYPE, keyAlgorithm, keySize, - algorithmOID, nonceData, encryptedData, transWrappedSessionKey); + algorithmOID, nonceData, encryptedData, transWrappedSessionKey, realm); + } + + /* old method signature for backwards compatibility */ + @Deprecated + public KeyRequestResponse archiveSymmetricKey(String clientKeyId, SymmetricKey secret, String keyAlgorithm, + int keySize) throws Exception { + return archiveSymmetricKey(clientKeyId, secret, keyAlgorithm,keySize, null); } /** @@ -581,11 +596,12 @@ public class KeyClient extends Client { * @param encryptedData -- which is the secret wrapped by a session * key (168 bit 3DES symmetric key) * @param transWrappedSessionKey -- session key wrapped by the transport cert. + * @param realm -- authorization realm * @return A KeyRequestResponse object with information about the request. */ public KeyRequestResponse archiveEncryptedData(String clientKeyId, String dataType, String keyAlgorithm, - int keySize, - String algorithmOID, byte[] nonceData, byte[] encryptedData, byte[] transWrappedSessionKey) { + int keySize, String algorithmOID, byte[] nonceData, byte[] encryptedData, + byte[] transWrappedSessionKey, String realm) { if (clientKeyId == null || dataType == null) { throw new IllegalArgumentException("Client key id and data type must be specified."); @@ -612,9 +628,22 @@ public class KeyClient extends Client { data.setWrappedPrivateData(req1); data.setTransWrappedSessionKey(Utils.base64encode(transWrappedSessionKey)); + if (realm != null) { + data.setRealm(realm); + } + return submitRequest(data); } + /* old signature for backwards compatibility */ + @Deprecated + public KeyRequestResponse archiveEncryptedData(String clientKeyId, String dataType, String keyAlgorithm, + int keySize, String algorithmOID, byte[] nonceData, byte[] encryptedData, + byte[] transWrappedSessionKey) { + return archiveEncryptedData(clientKeyId, dataType, keyAlgorithm, keySize, algorithmOID, nonceData, + encryptedData, transWrappedSessionKey, null); + } + /** * Archive a secret (symmetric key or passphrase) on the DRM using a PKIArchiveOptions data format. * @@ -624,11 +653,12 @@ public class KeyClient extends Client { * @param keySize -- Strength of the symmetric key * @param pkiArchiveOptions -- is the data to be archived wrapped in a * PKIArchiveOptions structure + * @param realm -- authorization realm * @return A KeyRequestResponse object with information about the request. * @throws Exception */ public KeyRequestResponse archivePKIOptions(String clientKeyId, String dataType, String keyAlgorithm, int keySize, - byte[] pkiArchiveOptions) { + byte[] pkiArchiveOptions, String realm) { if (clientKeyId == null || dataType == null) { throw new IllegalArgumentException("Client key id and data type must be specified."); @@ -653,9 +683,20 @@ public class KeyClient extends Client { String options = Utils.base64encode(pkiArchiveOptions); data.setPKIArchiveOptions(options); + if (realm != null) { + data.setRealm(realm); + } + return submitRequest(data); } + /* old method signature for backwards compatibility */ + @Deprecated + public KeyRequestResponse archivePKIOptions(String clientKeyId, String dataType, String keyAlgorithm, int keySize, + byte[] pkiArchiveOptions) { + return archivePKIOptions(clientKeyId, dataType, keyAlgorithm, keySize, pkiArchiveOptions, null); + } + /** * Generate and archive a symmetric key in the DRM. * @@ -663,11 +704,14 @@ public class KeyClient extends Client { * @param keyAlgorithm -- Algorithm to be used to generate the key * @param keySize -- Strength of the keys * @param usages -- Usages of the generated key. + * @param transWrappedSessionKey - client generated session key wrapped by + * KRA transport key + * @param realm -- authorization realm * @return a KeyRequestResponse which contains a KeyRequestInfo * object that describes the URL for the request and generated key. */ public KeyRequestResponse generateSymmetricKey(String clientKeyId, String keyAlgorithm, int keySize, - List usages, String transWrappedSessionKey) { + List usages, String transWrappedSessionKey, String realm) { if (clientKeyId == null) { throw new IllegalArgumentException("Client Key Identifier must be specified."); } @@ -687,21 +731,34 @@ public class KeyClient extends Client { data.setUsages(usages); data.setTransWrappedSessionKey(transWrappedSessionKey); + if (realm != null) { + data.setRealm(realm); + } + return submitRequest(data); } + /* old method signature for backwards compatibility */ + @Deprecated + public KeyRequestResponse generateSymmetricKey(String clientKeyId, String keyAlgorithm, int keySize, + List usages, String transWrappedSessionKey) { + return generateSymmetricKey(clientKeyId, keyAlgorithm, keySize, usages, transWrappedSessionKey, null); + } + /** * Generate and archive an asymmetric keys in the DRM * * @param clientKeyId -- Client Key Identifier * @param keyAlgorithm -- Algorithm to be used to generate the asymmetric keys * @param keySize -- Strength of the keys - * @param usages - * @param transWrappedSessionKey + * @param usages -- key usages + * @param transWrappedSessionKey -- client generated session key wrapped by the + * KRA transport key + * @param realm -- authorization realm * @return */ public KeyRequestResponse generateAsymmetricKey(String clientKeyId, String keyAlgorithm, int keySize, - List usages, byte[] transWrappedSessionKey) { + List usages, byte[] transWrappedSessionKey, String realm) { if (clientKeyId == null) { throw new IllegalArgumentException("Client Key Identifier must be specified."); @@ -747,6 +804,17 @@ public class KeyClient extends Client { data.setUsages(usages); data.setTransWrappedSessionKey(Utils.base64encode(transWrappedSessionKey)); + if (realm != null) { + data.setRealm(realm); + } + return submitRequest(data); } + + /* old method signature for backwards compatibility */ + @Deprecated + public KeyRequestResponse generateAsymmetricKey(String clientKeyId, String keyAlgorithm, int keySize, + List usages, byte[] transWrappedSessionKey) { + return generateAsymmetricKey(clientKeyId, keyAlgorithm, keySize, usages, transWrappedSessionKey, null); + } } -- cgit