From 62d4b2b3934507b1ddf699bcea4a6295565bb008 Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Mon, 24 Feb 2014 15:31:12 -0500
Subject: Add ability to archive without sending pkiArchiveOptions object.

With this patch, you can now either send a pkiArchiveOptions object
or the exploded parameters.  This reduces the processing required on
the client side.
---
 .../com/netscape/cms/servlet/key/KeyRequestDAO.java    | 18 +++++++++++++++++-
 .../cms/servlet/request/KeyRequestService.java         | 17 ++++++++++++++---
 2 files changed, 31 insertions(+), 4 deletions(-)

(limited to 'base/server/cms/src/com/netscape')

diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
index d84bbd013..93e0018c4 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
@@ -63,6 +63,11 @@ import com.netscape.cms.servlet.request.KeyRequestService;
 public class KeyRequestDAO extends CMSRequestDAO {
 
     private static String REQUEST_ARCHIVE_OPTIONS = IEnrollProfile.REQUEST_ARCHIVE_OPTIONS;
+    private static String REQUEST_SECURITY_DATA = IEnrollProfile.REQUEST_SECURITY_DATA;
+    private static String REQUEST_SESSION_KEY = IEnrollProfile.REQUEST_SESSION_KEY;
+    private static String REQUEST_ALGORITHM_OID = IEnrollProfile.REQUEST_ALGORITHM_OID;
+    private static String REQUEST_ALGORITHM_PARAMS = IEnrollProfile.REQUEST_ALGORITHM_PARAMS;
+
     public static final String ATTR_SERIALNO = "serialNumber";
 
     private IKeyRepository repo;
@@ -140,6 +145,10 @@ public class KeyRequestDAO extends CMSRequestDAO {
     public KeyRequestResponse submitRequest(KeyArchivalRequest data, UriInfo uriInfo) throws EBaseException {
         String clientKeyId = data.getClientKeyId();
         String wrappedSecurityData = data.getWrappedPrivateData();
+        String transWrappedSessionKey = data.getTransWrappedSessionKey();
+        String algorithmOID = data.getAlgorithmOID();
+        String symkeyParams = data.getSymmetricAlgorithmParams();
+        String pkiArchiveOptions = data.getPKIArchiveOptions();
         String dataType = data.getDataType();
         String keyAlgorithm = data.getKeyAlgorithm();
         int keyStrength = data.getKeySize();
@@ -152,7 +161,14 @@ public class KeyRequestDAO extends CMSRequestDAO {
 
         IRequest request = queue.newRequest(IRequest.SECURITY_DATA_ENROLLMENT_REQUEST);
 
-        request.setExtData(REQUEST_ARCHIVE_OPTIONS, wrappedSecurityData);
+        if (pkiArchiveOptions != null) {
+            request.setExtData(REQUEST_ARCHIVE_OPTIONS, pkiArchiveOptions);
+        } else {
+            request.setExtData(REQUEST_SECURITY_DATA, wrappedSecurityData);
+            request.setExtData(REQUEST_SESSION_KEY, transWrappedSessionKey);
+            request.setExtData(REQUEST_ALGORITHM_PARAMS, symkeyParams);
+            request.setExtData(REQUEST_ALGORITHM_OID, algorithmOID);
+        }
         request.setExtData(IRequest.SECURITY_DATA_CLIENT_KEY_ID, clientKeyId);
         request.setExtData(IRequest.SECURITY_DATA_TYPE, dataType);
         request.setExtData(IRequest.SECURITY_DATA_STRENGTH,
diff --git a/base/server/cms/src/com/netscape/cms/servlet/request/KeyRequestService.java b/base/server/cms/src/com/netscape/cms/servlet/request/KeyRequestService.java
index dd27c2ac7..e2253b6e8 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/request/KeyRequestService.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/request/KeyRequestService.java
@@ -162,12 +162,23 @@ public class KeyRequestService extends PKIService implements KeyRequestResource
         // auth and authz
         // Catch this before internal server processing has to deal with it
 
-        if (data == null || data.getClientKeyId() == null
-                || data.getWrappedPrivateData() == null
-                || data.getDataType() == null) {
+        if (data == null || data.getClientKeyId() == null || data.getDataType() == null) {
             throw new BadRequestException("Invalid key archival request.");
         }
 
+        if (data.getWrappedPrivateData() != null) {
+            if (data.getTransWrappedSessionKey() == null ||
+                data.getAlgorithmOID() == null ||
+                data.getSymmetricAlgorithmParams() == null) {
+                throw new BadRequestException(
+                        "Invalid key archival request.  " +
+                        "Missing wrapped session key, algoriithmOIS or symmetric key parameters");
+            }
+        } else if (data.getPKIArchiveOptions() == null) {
+            throw new BadRequestException(
+                    "Invalid key archival request.  No data to archive");
+        }
+
         if (data.getDataType().equals(KeyRequestResource.SYMMETRIC_KEY_TYPE)) {
             if ((data.getKeyAlgorithm() == null) ||
                 (! SYMKEY_TYPES.containsKey(data.getKeyAlgorithm()))) {
-- 
cgit