diff options
author | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
commit | 32150d3ee32f8ac27118af7c792794b538c78a2f (patch) | |
tree | 52dd96f664a6fa51be25b28b6f10adc5f2c9f660 /pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java | |
parent | f05d58a46795553beb8881039cc922974b40db34 (diff) | |
download | pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.gz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.xz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.zip |
Formatting
Formatted project according to eclipse project settings
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java | 203 |
1 files changed, 93 insertions, 110 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java index fa454bd6..0c67eaf1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java @@ -39,16 +39,14 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; - /** - * TokenKeyRecoveryServlet - * handles "key recovery service" requests from the + * TokenKeyRecoveryServlet handles "key recovery service" requests from the * netkey TPS - * + * * @author Christina Fu (cfu) * @version $Revision$, $Date$ */ -//XXX add auditing later +// XXX add auditing later public class TokenKeyRecoveryServlet extends CMSServlet { /** @@ -65,7 +63,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { /** * Constructs TokenKeyRecovery servlet. - * + * */ public TokenKeyRecoveryServlet() { super(); @@ -77,27 +75,26 @@ public class TokenKeyRecoveryServlet extends CMSServlet { String authority = config.getInitParameter(PROP_AUTHORITY); if (authority != null) - mAuthority = (IAuthority) - CMS.getSubsystem(authority); - + mAuthority = (IAuthority) CMS.getSubsystem(authority); + mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } - /** + /** * Process the HTTP request. - * + * * @param s The URL to decode */ - protected String URLdecode(String s) { + protected String URLdecode(String s) { if (s == null) return null; ByteArrayOutputStream out = new ByteArrayOutputStream(s.length()); @@ -117,39 +114,30 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } } // end for return out.toString(); - } + } /* - * processTokenKeyRecovery - * handles netkey key recovery requests - * input params are: - * CUID - the CUID of the old token where the keys/certs were initially for - * userid - the userid that belongs to both the old token and the new token - * drm_trans_desKey - the des key generated for the NEW token - * wrapped with DRM transport key - * cert - the user cert corresponding to the key to be recovered - * - * operations: - * 1. unwrap des key with transport key, then url decode it - * 2. retrieve user private key - * 3. wrap user priv key with des key - * 4. send the following to RA: - * * des key wrapped(user priv key) - * (note: RA should have kek-wrapped des key from TKS) - * * recovery blob (used for recovery) - * - * output params are: - * status=value0 - * publicKey=value1 - * desKey-wrapped-userPrivateKey=value2 + * processTokenKeyRecovery handles netkey key recovery requests input params + * are: CUID - the CUID of the old token where the keys/certs were initially + * for userid - the userid that belongs to both the old token and the new + * token drm_trans_desKey - the des key generated for the NEW token wrapped + * with DRM transport key cert - the user cert corresponding to the key to + * be recovered + * + * operations: 1. unwrap des key with transport key, then url decode it 2. + * retrieve user private key 3. wrap user priv key with des key 4. send the + * following to RA: * des key wrapped(user priv key) (note: RA should have + * kek-wrapped des key from TKS) * recovery blob (used for recovery) + * + * output params are: status=value0 publicKey=value1 + * desKey-wrapped-userPrivateKey=value2 */ private void processTokenKeyRecovery(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException - { + HttpServletResponse resp) throws EBaseException { IRequestQueue queue = mAuthority.getRequestQueue(); IRequest thisreq = null; - - // IConfigStore sconfig = CMS.getConfigStore(); + + // IConfigStore sconfig = CMS.getConfigStore(); boolean missingParam = false; String status = "0"; @@ -158,7 +146,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { String rCUID = req.getParameter("CUID"); String rUserid = req.getParameter("userid"); String rdesKeyString = req.getParameter("drm_trans_desKey"); - String rCert = req.getParameter("cert"); + String rCert = req.getParameter("cert"); if ((rCUID == null) || (rCUID.equals(""))) { CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: CUID"); @@ -170,8 +158,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { missingParam = true; } - if ((rdesKeyString == null) || - (rdesKeyString.equals(""))) { + if ((rdesKeyString == null) || (rdesKeyString.equals(""))) { CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: DRM-transportKey-wrapped des key"); missingParam = true; } @@ -186,24 +173,26 @@ public class TokenKeyRecoveryServlet extends CMSServlet { if (!missingParam) { thisreq = queue.newRequest(IRequest.NETKEY_KEYRECOVERY_REQUEST); - thisreq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_NETKEY_RA); + thisreq.setExtData(IRequest.REQUESTOR_TYPE, + IRequest.REQUESTOR_NETKEY_RA); thisreq.setExtData(IRequest.NETKEY_ATTR_CUID, rCUID); thisreq.setExtData(IRequest.NETKEY_ATTR_USERID, rUserid); - thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString); + thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, + rdesKeyString); thisreq.setExtData(IRequest.NETKEY_ATTR_USER_CERT, rCert); - //XXX auto process for netkey - queue.processRequest( thisreq ); - // IService svc = (IService) new TokenKeyRecoveryService(kra); - // svc.serviceRequest(thisreq); + // XXX auto process for netkey + queue.processRequest(thisreq); + // IService svc = (IService) new TokenKeyRecoveryService(kra); + // svc.serviceRequest(thisreq); Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); if (result != null) { - // sighs! tps thinks 0 is good, and drm thinks 1 is good - if (result.intValue() == 1) - status ="0"; - else - status = result.toString(); + // sighs! tps thinks 0 is good, and drm thinks 1 is good + if (result.intValue() == 1) + status = "0"; + else + status = result.toString(); } else status = "7"; @@ -218,25 +207,25 @@ public class TokenKeyRecoveryServlet extends CMSServlet { String wrappedPrivKeyString = ""; String publicKeyString = ""; String ivString = ""; - /* if is RECOVERY_PROTOTYPE - String recoveryBlobString = ""; - - IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord"); - byte publicKey_b[] = kr.getPublicKeyData(); - - BigInteger serialNo = kr.getSerialNumber(); - - String serialNumberString = - com.netscape.cmsutil.util.Utils.SpecialEncode(serialNo.toByteArray()); - - recoveryBlobString = (String) - thisreq.get("recoveryBlob"); - */ - - if( thisreq == null ) { - CMS.debug( "TokenKeyRecoveryServlet::processTokenKeyRecovery() - " - + "thisreq is null!" ); - throw new EBaseException( "thisreq is null" ); + /* + * if is RECOVERY_PROTOTYPE String recoveryBlobString = ""; + * + * IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord"); byte + * publicKey_b[] = kr.getPublicKeyData(); + * + * BigInteger serialNo = kr.getSerialNumber(); + * + * String serialNumberString = + * com.netscape.cmsutil.util.Utils.SpecialEncode + * (serialNo.toByteArray()); + * + * recoveryBlobString = (String) thisreq.get("recoveryBlob"); + */ + + if (thisreq == null) { + CMS.debug("TokenKeyRecoveryServlet::processTokenKeyRecovery() - " + + "thisreq is null!"); + throw new EBaseException("thisreq is null"); } publicKeyString = thisreq.getExtDataInString("public_key"); @@ -244,11 +233,10 @@ public class TokenKeyRecoveryServlet extends CMSServlet { ivString = thisreq.getExtDataInString("iv_s"); /* - if (selectedToken == null) - status = "4"; - */ - if (!status.equals("0")) - value = "status="+status; + * if (selectedToken == null) status = "4"; + */ + if (!status.equals("0")) + value = "status=" + status; else { StringBuffer sb = new StringBuffer(); sb.append("status=0&"); @@ -259,13 +247,14 @@ public class TokenKeyRecoveryServlet extends CMSServlet { sb.append("&iv_param="); sb.append(ivString); value = sb.toString(); - + } - CMS.debug("ProcessTokenKeyRecovery:outputString.encode " +value); + CMS.debug("ProcessTokenKeyRecovery:outputString.encode " + value); - try{ + try { resp.setContentLength(value.length()); - CMS.debug("TokenKeyRecoveryServlet:outputString.length " +value.length()); + CMS.debug("TokenKeyRecoveryServlet:outputString.length " + + value.length()); OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -275,19 +264,13 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } } - - /* - * For TokenKeyRecovery - * - * input: - * CUID=value0 - * trans-wrapped-desKey=value1 - * - * output: - * status=value0 - * publicKey=value1 - * desKey-wrapped-userPrivateKey=value2 - * proofOfArchival=value3 + /* + * For TokenKeyRecovery + * + * input: CUID=value0 trans-wrapped-desKey=value1 + * + * output: status=value0 publicKey=value1 + * desKey-wrapped-userPrivateKey=value2 proofOfArchival=value3 */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -298,14 +281,14 @@ public class TokenKeyRecoveryServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "submit"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "submit"); } catch (Exception e) { } if (authzToken == null) { - try{ + try { resp.setContentType("text/html"); String value = "unauthorized="; CMS.debug("TokenKeyRecoveryServlet: Unauthorized"); @@ -315,7 +298,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { ooss.write(value.getBytes()); ooss.flush(); mRenderResult = false; - }catch (Exception e) { + } catch (Exception e) { CMS.debug("TokenKeyRecoveryServlet: " + e.toString()); } @@ -324,28 +307,28 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } // begin Netkey serverSideKeyGen and archival - CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called"); - processTokenKeyRecovery(req, resp); - return; + CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called"); + processTokenKeyRecovery(req, resp); + return; // end Netkey functions } - /** XXX remember to check peer SSL cert and get RA id later - * + /** + * XXX remember to check peer SSL cert and get RA id later + * * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - super.service(req, resp); + super.service(req, resp); - } } |