summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java1343
1 files changed, 659 insertions, 684 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java
index 1f6efa85..7d30d3ae 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java
@@ -52,14 +52,11 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.symkey.SessionKey;
-
-
/**
- * A class representings an administration servlet for Token Key
- * Service Authority. This servlet is responsible to serve
- * tks administrative operation such as configuration
- * parameter updates.
- *
+ * A class representings an administration servlet for Token Key Service
+ * Authority. This servlet is responsible to serve tks administrative operation
+ * such as configuration parameter updates.
+ *
* @version $Revision$, $Date$
*/
public class TokenServlet extends CMSServlet {
@@ -68,66 +65,40 @@ public class TokenServlet extends CMSServlet {
*/
private static final long serialVersionUID = 8687436109695172791L;
protected static final String PROP_ENABLED = "enabled";
- protected static final String TRANSPORT_KEY_NAME ="sharedSecret";
+ protected static final String TRANSPORT_KEY_NAME = "sharedSecret";
private final static String INFO = "TokenServlet";
public static int ERROR = 1;
private ITKSAuthority mTKS = null;
private String mSelectedToken = null;
private String mNewSelectedToken = null;
String mKeyNickName = null;
- String mNewKeyNickName = null;
- private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM =
- "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3";
+ String mNewKeyNickName = null;
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM = "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3";
IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":");
- private final static String
- LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST =
- "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3";
-
- private final static String
- LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS =
- "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8";
+ private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST = "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3";
- private final static String
- LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE =
- "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9";
+ private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8";
- private final static String
- LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST =
- "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5";
+ private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9";
- private final static String
- LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS =
- "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6";
+ private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST = "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5";
- private final static String
- LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE =
- "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7";
+ private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6";
+ private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7";
- private final static String
- LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST =
- "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4";
+ private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST = "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4";
- private final static String
- LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS =
- "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7";
+ private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7";
- private final static String
- LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE =
- "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8";
+ private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8";
- private final static String
- LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST =
- "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_2";
+ private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST = "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_2";
- private final static String
- LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS =
- "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS_3";
+ private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS_3";
- private final static String
- LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE =
- "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE_4";
+ private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE_4";
/**
* Constructs tks servlet.
@@ -137,14 +108,13 @@ public class TokenServlet extends CMSServlet {
}
- public static String trim(String a)
- {
- StringBuffer newa = new StringBuffer();
+ public static String trim(String a) {
+ StringBuffer newa = new StringBuffer();
StringTokenizer tokens = new StringTokenizer(a, "\n");
- while (tokens.hasMoreTokens()) {
- newa.append(tokens.nextToken());
- }
- return newa.toString();
+ while (tokens.hasMoreTokens()) {
+ newa.append(tokens.nextToken());
+ }
+ return newa.toString();
}
public void init(ServletConfig config) throws ServletException {
@@ -153,18 +123,19 @@ public class TokenServlet extends CMSServlet {
/**
* Returns serlvet information.
- *
+ *
* @return name of this servlet
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
- /**
- * Process the HTTP request.
- *
+
+ /**
+ * Process the HTTP request.
+ *
* @param s The URL to decode.
*/
- protected String URLdecode(String s) {
+ protected String URLdecode(String s) {
if (s == null)
return null;
ByteArrayOutputStream out = new ByteArrayOutputStream(s.length());
@@ -184,62 +155,63 @@ public class TokenServlet extends CMSServlet {
}
} // end for
return out.toString();
- }
+ }
- private void setDefaultSlotAndKeyName(HttpServletRequest req)
- {
- try {
+ private void setDefaultSlotAndKeyName(HttpServletRequest req) {
+ try {
- String keySet = req.getParameter("keySet");
- if (keySet == null || keySet.equals("")) {
- keySet = "defKeySet";
- }
- CMS.debug("keySet selected: " + keySet);
+ String keySet = req.getParameter("keySet");
+ if (keySet == null || keySet.equals("")) {
+ keySet = "defKeySet";
+ }
+ CMS.debug("keySet selected: " + keySet);
+
+ mNewSelectedToken = null;
+
+ mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot");
+ String masterKeyPrefix = CMS.getConfigStore().getString(
+ "tks.master_key_prefix", null);
+ String temp = req.getParameter("KeyInfo"); // #xx#xx
+ String keyInfoMap = "tks." + keySet + ".mk_mappings." + temp;
+ String mappingValue = CMS.getConfigStore().getString(keyInfoMap,
+ null);
+ if (mappingValue != null) {
+ StringTokenizer st = new StringTokenizer(mappingValue, ":");
+ int tokenNumber = 0;
+ while (st.hasMoreTokens()) {
- mNewSelectedToken = null;
-
- mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot");
- String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null);
- String temp = req.getParameter("KeyInfo"); //#xx#xx
- String keyInfoMap = "tks." + keySet + ".mk_mappings." + temp;
- String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
- if(mappingValue!=null)
- {
- StringTokenizer st = new StringTokenizer(mappingValue, ":");
- int tokenNumber=0;
- while (st.hasMoreTokens()) {
-
- String currentToken= st.nextToken();
- if(tokenNumber==0)
- mSelectedToken = currentToken;
- else if(tokenNumber==1)
- mKeyNickName = currentToken;
- tokenNumber++;
-
- }
+ String currentToken = st.nextToken();
+ if (tokenNumber == 0)
+ mSelectedToken = currentToken;
+ else if (tokenNumber == 1)
+ mKeyNickName = currentToken;
+ tokenNumber++;
+
+ }
}
- if(req.getParameter("newKeyInfo")!=null) // for diversification
+ if (req.getParameter("newKeyInfo") != null) // for diversification
{
- temp = req.getParameter("newKeyInfo"); //#xx#xx
- String newKeyInfoMap = "tks." + keySet + ".mk_mappings." + temp;
- String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null);
- if(newMappingValue!=null)
- {
- StringTokenizer st = new StringTokenizer(newMappingValue, ":");
- int tokenNumber=0;
- while (st.hasMoreTokens()) {
- String currentToken= st.nextToken();
- if(tokenNumber==0)
- mNewSelectedToken = currentToken;
- else if(tokenNumber==1)
- mNewKeyNickName = currentToken;
- tokenNumber++;
-
- }
+ temp = req.getParameter("newKeyInfo"); // #xx#xx
+ String newKeyInfoMap = "tks." + keySet + ".mk_mappings." + temp;
+ String newMappingValue = CMS.getConfigStore().getString(
+ newKeyInfoMap, null);
+ if (newMappingValue != null) {
+ StringTokenizer st = new StringTokenizer(newMappingValue,
+ ":");
+ int tokenNumber = 0;
+ while (st.hasMoreTokens()) {
+ String currentToken = st.nextToken();
+ if (tokenNumber == 0)
+ mNewSelectedToken = currentToken;
+ else if (tokenNumber == 1)
+ mNewKeyNickName = currentToken;
+ tokenNumber++;
+
+ }
}
- }
+ }
- SessionKey.SetDefaultPrefix(masterKeyPrefix);
+ SessionKey.SetDefaultPrefix(masterKeyPrefix);
} catch (Exception e) {
e.printStackTrace();
@@ -249,9 +221,8 @@ public class TokenServlet extends CMSServlet {
}
private void processComputeSessionKey(HttpServletRequest req,
- HttpServletResponse resp) throws EBaseException
- {
- byte[] card_challenge ,host_challenge,keyInfo, xCUID, CUID, session_key;
+ HttpServletResponse resp) throws EBaseException {
+ byte[] card_challenge, host_challenge, keyInfo, xCUID, CUID, session_key;
byte[] card_crypto, host_cryptogram, input_card_crypto;
byte[] xcard_challenge, xhost_challenge;
byte[] enc_session_key, xkeyInfo;
@@ -259,18 +230,18 @@ public class TokenServlet extends CMSServlet {
String errorMsg = "";
String badParams = "";
String transportKeyName = "";
-
- String rCUID = req.getParameter("CUID");
+
+ String rCUID = req.getParameter("CUID");
String keySet = req.getParameter("keySet");
if (keySet == null || keySet.equals("")) {
- keySet = "defKeySet";
+ keySet = "defKeySet";
}
CMS.debug("keySet selected: " + keySet);
boolean serversideKeygen = false;
byte[] drm_trans_wrapped_desKey = null;
- PK11SymKey desKey = null;
- // PK11SymKey kek_session_key;
+ PK11SymKey desKey = null;
+ // PK11SymKey kek_session_key;
PK11SymKey kek_key;
IConfigStore sconfig = CMS.getConfigStore();
@@ -280,52 +251,53 @@ public class TokenServlet extends CMSServlet {
card_crypto = null;
host_cryptogram = null;
enc_session_key = null;
- // kek_session_key = null;
+ // kek_session_key = null;
SessionContext sContext = SessionContext.getContext();
- String agentId="";
+ String agentId = "";
if (sContext != null) {
- agentId =
- (String) sContext.get(SessionContext.USER_ID);
+ agentId = (String) sContext.get(SessionContext.USER_ID);
}
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST,
- rCUID,
- ILogger.SUCCESS,
- agentId);
+ LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST, rCUID,
+ ILogger.SUCCESS, agentId);
audit(auditMessage);
String kek_wrapped_desKeyString = null;
- String keycheck_s = null;
+ String keycheck_s = null;
CMS.debug("processComputeSessionKey:");
- String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true");
- if (!useSoftToken_s.equalsIgnoreCase("true"))
- useSoftToken_s = "false";
+ String useSoftToken_s = CMS.getConfigStore().getString(
+ "tks.useSoftToken", "true");
+ if (!useSoftToken_s.equalsIgnoreCase("true"))
+ useSoftToken_s = "false";
- String rServersideKeygen = (String) req.getParameter("serversideKeygen");
+ String rServersideKeygen = (String) req
+ .getParameter("serversideKeygen");
if (rServersideKeygen.equals("true")) {
- CMS.debug("TokenServlet: serversideKeygen requested");
- serversideKeygen = true;
+ CMS.debug("TokenServlet: serversideKeygen requested");
+ serversideKeygen = true;
} else {
- CMS.debug("TokenServlet: serversideKeygen not requested");
+ CMS.debug("TokenServlet: serversideKeygen not requested");
}
try {
- isCryptoValidate = sconfig.getBoolean("cardcryptogram.validate.enable", true);
+ isCryptoValidate = sconfig.getBoolean(
+ "cardcryptogram.validate.enable", true);
} catch (EBaseException eee) {
}
try {
- transportKeyName = sconfig.getString("tks.tksSharedSymKeyName",TRANSPORT_KEY_NAME);
+ transportKeyName = sconfig.getString("tks.tksSharedSymKeyName",
+ TRANSPORT_KEY_NAME);
} catch (EBaseException e) {
}
- CMS.debug("TokenServlet: ComputeSessionKey(): tksSharedSymKeyName: " + transportKeyName);
-
+ CMS.debug("TokenServlet: ComputeSessionKey(): tksSharedSymKeyName: "
+ + transportKeyName);
String rcard_challenge = req.getParameter("card_challenge");
String rhost_challenge = req.getParameter("host_challenge");
@@ -355,7 +327,6 @@ public class TokenServlet extends CMSServlet {
missingParam = true;
}
-
String selectedToken = null;
String keyNickName = null;
boolean sameCardCrypto = true;
@@ -364,48 +335,51 @@ public class TokenServlet extends CMSServlet {
xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
if (xCUID == null || xCUID.length != 10) {
- badParams += " CUID length,";
- CMS.debug("TokenServlet: Invalid CUID length");
- missingParam = true;
+ badParams += " CUID length,";
+ CMS.debug("TokenServlet: Invalid CUID length");
+ missingParam = true;
}
xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
if (xkeyInfo == null || xkeyInfo.length != 2) {
- badParams += " KeyInfo length,";
- CMS.debug("TokenServlet: Invalid key info length.");
- missingParam = true;
+ badParams += " KeyInfo length,";
+ CMS.debug("TokenServlet: Invalid key info length.");
+ missingParam = true;
}
- xcard_challenge =
- com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge);
+ xcard_challenge = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(rcard_challenge);
if (xcard_challenge == null || xcard_challenge.length != 8) {
- badParams += " card_challenge length,";
- CMS.debug("TokenServlet: Invalid card challenge length.");
- missingParam = true;
+ badParams += " card_challenge length,";
+ CMS.debug("TokenServlet: Invalid card challenge length.");
+ missingParam = true;
}
-
- xhost_challenge = com.netscape.cmsutil.util.Utils.SpecialDecode(rhost_challenge);
+
+ xhost_challenge = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(rhost_challenge);
if (xhost_challenge == null || xhost_challenge.length != 8) {
- badParams += " host_challenge length,";
- CMS.debug("TokenServlet: Invalid host challenge length");
- missingParam = true;
+ badParams += " host_challenge length,";
+ CMS.debug("TokenServlet: Invalid host challenge length");
+ missingParam = true;
}
-
+
}
CUID = null;
if (!missingParam) {
- card_challenge =
- com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge);
-
- host_challenge = com.netscape.cmsutil.util.Utils.SpecialDecode(rhost_challenge);
+ card_challenge = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(rcard_challenge);
+
+ host_challenge = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(rhost_challenge);
keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
- CUID =com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+ CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
- String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; //#xx#xx
- String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
+ String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; // #xx#xx
+ String mappingValue = CMS.getConfigStore().getString(keyInfoMap,
+ null);
if (mappingValue == null) {
- selectedToken =
- CMS.getConfigStore().getString("tks.defaultSlot", "internal");
+ selectedToken = CMS.getConfigStore().getString(
+ "tks.defaultSlot", "internal");
keyNickName = rKeyInfo;
} else {
StringTokenizer st = new StringTokenizer(mappingValue, ":");
@@ -419,175 +393,198 @@ public class TokenServlet extends CMSServlet {
try {
- byte macKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".mac_key"));
- CMS.debug("TokenServlet about to try ComputeSessionKey selectedToken=" + selectedToken + " keyNickName=" + keyNickName);
- session_key = SessionKey.ComputeSessionKey(
- selectedToken,keyNickName,card_challenge,
- host_challenge,keyInfo,CUID, macKeyArray, useSoftToken_s, keySet, transportKeyName );
-
- if(session_key == null)
- {
+ byte macKeyArray[] = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(sconfig.getString("tks." + keySet
+ + ".mac_key"));
+ CMS.debug("TokenServlet about to try ComputeSessionKey selectedToken="
+ + selectedToken + " keyNickName=" + keyNickName);
+ session_key = SessionKey.ComputeSessionKey(selectedToken,
+ keyNickName, card_challenge, host_challenge,
+ keyInfo, CUID, macKeyArray, useSoftToken_s, keySet,
+ transportKeyName);
+
+ if (session_key == null) {
CMS.debug("TokenServlet:Tried ComputeSessionKey, got NULL ");
- throw new Exception("Can't compute session key!");
+ throw new Exception("Can't compute session key!");
- }
+ }
- byte encKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key"));
+ byte encKeyArray[] = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(sconfig.getString("tks." + keySet
+ + ".auth_key"));
enc_session_key = SessionKey.ComputeEncSessionKey(
- selectedToken,keyNickName,card_challenge,
- host_challenge,keyInfo,CUID, encKeyArray, useSoftToken_s, keySet);
+ selectedToken, keyNickName, card_challenge,
+ host_challenge, keyInfo, CUID, encKeyArray,
+ useSoftToken_s, keySet);
- if(enc_session_key == null)
- {
+ if (enc_session_key == null) {
CMS.debug("TokenServlet:Tried ComputeEncSessionKey, got NULL ");
- throw new Exception("Can't compute enc session key!");
-
+ throw new Exception("Can't compute enc session key!");
+
}
if (serversideKeygen == true) {
/**
- * 0. generate des key
- * 1. encrypt des key with kek key
- * 2. encrypt des key with DRM transport key
- * These two wrapped items are to be sent back to
- * TPS. 2nd item is to DRM
+ * 0. generate des key 1. encrypt des key with kek key
+ * 2. encrypt des key with DRM transport key These two
+ * wrapped items are to be sent back to TPS. 2nd item is
+ * to DRM
**/
CMS.debug("TokenServlet: calling ComputeKekKey");
- byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
-
-
- kek_key = SessionKey.ComputeKekKey(
- selectedToken,keyNickName,card_challenge,
- host_challenge,keyInfo,CUID, kekKeyArray, useSoftToken_s,keySet);
+ byte kekKeyArray[] = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(sconfig.getString("tks."
+ + keySet + ".kek_key"));
+ kek_key = SessionKey.ComputeKekKey(selectedToken,
+ keyNickName, card_challenge, host_challenge,
+ keyInfo, CUID, kekKeyArray, useSoftToken_s,
+ keySet);
CMS.debug("TokenServlet: called ComputeKekKey");
- if(kek_key == null)
- {
+ if (kek_key == null) {
CMS.debug("TokenServlet:Tried ComputeKekKey, got NULL ");
- throw new Exception("Can't compute kek key!");
-
+ throw new Exception("Can't compute kek key!");
+
}
// now use kek key to wrap kek session key..
- CMS.debug("computeSessionKey:kek key len ="+
- kek_key.getLength());
-
- // (1) generate DES key
- /* applet does not support DES3
- org.mozilla.jss.crypto.KeyGenerator kg =
- internalToken.getKeyGenerator(KeyGenAlgorithm.DES3);
- desKey = kg.generate();*/
-
- /*
- * XXX GenerateSymkey firt generates a 16 byte DES2 key.
- * It then pads it into a 24 byte key with last
- * 8 bytes copied from the 1st 8 bytes. Effectively
- * making it a 24 byte DES2 key. We need this for
- * wrapping private keys on DRM.
- */
- /*generate it on whichever token the master key is at*/
- if (useSoftToken_s.equals("true")) {
- CMS.debug("TokenServlet: key encryption key generated on internal");
-//cfu audit here? sym key gen
- desKey = SessionKey.GenerateSymkey("internal");
-//cfu audit here? sym key gen done
+ CMS.debug("computeSessionKey:kek key len ="
+ + kek_key.getLength());
+
+ // (1) generate DES key
+ /*
+ * applet does not support DES3
+ * org.mozilla.jss.crypto.KeyGenerator kg =
+ * internalToken.getKeyGenerator(KeyGenAlgorithm.DES3);
+ * desKey = kg.generate();
+ */
+
+ /*
+ * XXX GenerateSymkey firt generates a 16 byte DES2 key.
+ * It then pads it into a 24 byte key with last 8 bytes
+ * copied from the 1st 8 bytes. Effectively making it a
+ * 24 byte DES2 key. We need this for wrapping private
+ * keys on DRM.
+ */
+ /* generate it on whichever token the master key is at */
+ if (useSoftToken_s.equals("true")) {
+ CMS.debug("TokenServlet: key encryption key generated on internal");
+ // cfu audit here? sym key gen
+ desKey = SessionKey.GenerateSymkey("internal");
+ // cfu audit here? sym key gen done
+ } else {
+ CMS.debug("TokenServlet: key encryption key generated on "
+ + selectedToken);
+ desKey = SessionKey.GenerateSymkey(selectedToken);
+ }
+ if (desKey != null)
+ CMS.debug("TokenServlet: key encryption key generated for "
+ + rCUID);
+ else {
+ CMS.debug("TokenServlet: key encryption key generation failed for "
+ + rCUID);
+ throw new Exception(
+ "can't generate key encryption key");
+ }
+
+ /*
+ * XXX ECBencrypt actually takes the 24 byte DES2 key
+ * and discard the last 8 bytes before it encrypts. This
+ * is done so that the applet can digest it
+ */
+ byte[] encDesKey = SessionKey.ECBencrypt(kek_key,
+ desKey);
+ /*
+ * CMS.debug("computeSessionKey:encrypted desKey size = "
+ * +encDesKey.length); CMS.debug(encDesKey);
+ */
+
+ kek_wrapped_desKeyString = com.netscape.cmsutil.util.Utils
+ .SpecialEncode(encDesKey);
+
+ // get keycheck
+ byte[] keycheck = SessionKey.ComputeKeyCheck(desKey);
+ /*
+ * CMS.debug("computeSessionKey:keycheck size = "+keycheck
+ * .length); CMS.debug(keycheck);
+ */
+ keycheck_s = com.netscape.cmsutil.util.Utils
+ .SpecialEncode(keycheck);
+
+ // XXX use DRM transport cert to wrap desKey
+ String drmTransNickname = CMS.getConfigStore()
+ .getString("tks.drm_transport_cert_nickname",
+ "");
+
+ if ((drmTransNickname == null)
+ || (drmTransNickname == "")) {
+ CMS.debug("TokenServlet:did not find DRM transport certificate nickname");
+ throw new Exception(
+ "can't find DRM transport certificate nickname");
} else {
- CMS.debug("TokenServlet: key encryption key generated on " + selectedToken);
- desKey = SessionKey.GenerateSymkey(selectedToken);
+ CMS.debug("TokenServlet:drmtransport_cert_nickname="
+ + drmTransNickname);
}
- if (desKey != null)
- CMS.debug("TokenServlet: key encryption key generated for "+rCUID);
- else {
- CMS.debug("TokenServlet: key encryption key generation failed for "+rCUID);
- throw new Exception ("can't generate key encryption key");
- }
-
- /*
- * XXX ECBencrypt actually takes the 24 byte DES2 key
- * and discard the last 8 bytes before it encrypts.
- * This is done so that the applet can digest it
- */
- byte[] encDesKey =
- SessionKey.ECBencrypt( kek_key,
- desKey);
- /*
- CMS.debug("computeSessionKey:encrypted desKey size = "+encDesKey.length);
- CMS.debug(encDesKey);
- */
-
- kek_wrapped_desKeyString =
- com.netscape.cmsutil.util.Utils.SpecialEncode(encDesKey);
-
- // get keycheck
- byte[] keycheck =
- SessionKey.ComputeKeyCheck(desKey);
- /*
- CMS.debug("computeSessionKey:keycheck size = "+keycheck.length);
- CMS.debug(keycheck);
- */
- keycheck_s =
- com.netscape.cmsutil.util.Utils.SpecialEncode(keycheck);
-
- //XXX use DRM transport cert to wrap desKey
- String drmTransNickname = CMS.getConfigStore().getString("tks.drm_transport_cert_nickname", "");
-
- if ((drmTransNickname == null) || (drmTransNickname == "")) {
- CMS.debug("TokenServlet:did not find DRM transport certificate nickname");
- throw new Exception("can't find DRM transport certificate nickname");
- } else {
- CMS.debug("TokenServlet:drmtransport_cert_nickname="+drmTransNickname);
- }
X509Certificate drmTransCert = null;
- drmTransCert = CryptoManager.getInstance().findCertByNickname(drmTransNickname);
+ drmTransCert = CryptoManager.getInstance()
+ .findCertByNickname(drmTransNickname);
// wrap kek session key with DRM transport public key
- CryptoToken token = null;
- if (useSoftToken_s.equals("true")) {
- //token = CryptoManager.getInstance().getTokenByName(selectedToken);
- token = CryptoManager.getInstance().getInternalCryptoToken();
+ CryptoToken token = null;
+ if (useSoftToken_s.equals("true")) {
+ // token =
+ // CryptoManager.getInstance().getTokenByName(selectedToken);
+ token = CryptoManager.getInstance()
+ .getInternalCryptoToken();
} else {
- token = CryptoManager.getInstance().getTokenByName(selectedToken);
+ token = CryptoManager.getInstance().getTokenByName(
+ selectedToken);
}
PublicKey pubKey = drmTransCert.getPublicKey();
String pubKeyAlgo = pubKey.getAlgorithm();
CMS.debug("Transport Cert Key Algorithm: " + pubKeyAlgo);
KeyWrapper keyWrapper = null;
- //For wrapping symmetric keys don't need IV, use ECB
+ // For wrapping symmetric keys don't need IV, use ECB
if (pubKeyAlgo.equals("EC")) {
- keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.AES_ECB);
+ keyWrapper = token
+ .getKeyWrapper(KeyWrapAlgorithm.AES_ECB);
keyWrapper.initWrap(pubKey, null);
} else {
- keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.RSA);
+ keyWrapper = token
+ .getKeyWrapper(KeyWrapAlgorithm.RSA);
keyWrapper.initWrap(pubKey, null);
}
- CMS.debug("desKey token " + desKey.getOwningToken().getName() + " token: " + token.getName() );
+ CMS.debug("desKey token "
+ + desKey.getOwningToken().getName()
+ + " token: " + token.getName());
drm_trans_wrapped_desKey = keyWrapper.wrap(desKey);
- CMS.debug("computeSessionKey:desKey wrapped with drm transportation key.");
+ CMS.debug("computeSessionKey:desKey wrapped with drm transportation key.");
} // if (serversideKeygen == true)
- byte authKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key"));
+ byte authKeyArray[] = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(sconfig.getString("tks." + keySet
+ + ".auth_key"));
host_cryptogram = SessionKey.ComputeCryptogram(
- selectedToken,keyNickName,card_challenge,
- host_challenge,keyInfo,CUID,0, authKeyArray, useSoftToken_s, keySet);
+ selectedToken, keyNickName, card_challenge,
+ host_challenge, keyInfo, CUID, 0, authKeyArray,
+ useSoftToken_s, keySet);
- if(host_cryptogram == null)
- {
+ if (host_cryptogram == null) {
CMS.debug("TokenServlet:Tried ComputeCryptogram, got NULL ");
- throw new Exception("Can't compute host cryptogram!");
+ throw new Exception("Can't compute host cryptogram!");
}
- card_crypto = SessionKey.ComputeCryptogram(
- selectedToken,keyNickName,card_challenge,
- host_challenge,keyInfo,CUID,1, authKeyArray, useSoftToken_s, keySet);
+ card_crypto = SessionKey.ComputeCryptogram(selectedToken,
+ keyNickName, card_challenge, host_challenge,
+ keyInfo, CUID, 1, authKeyArray, useSoftToken_s,
+ keySet);
- if(card_crypto == null)
- {
+ if (card_crypto == null) {
CMS.debug("TokenServlet:Tried ComputeCryptogram, got NULL ");
- throw new Exception("Can't compute card cryptogram!");
+ throw new Exception("Can't compute card cryptogram!");
}
@@ -596,10 +593,10 @@ public class TokenServlet extends CMSServlet {
CMS.debug("TokenServlet: ComputeCryptogram(): missing card cryptogram");
throw new Exception("Missing card cryptogram");
}
- input_card_crypto =
- com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_cryptogram);
+ input_card_crypto = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(rcard_cryptogram);
if (card_crypto.length == input_card_crypto.length) {
- for (int i=0; i<card_crypto.length; i++) {
+ for (int i = 0; i < card_crypto.length; i++) {
if (card_crypto[i] != input_card_crypto[i]) {
sameCardCrypto = false;
break;
@@ -611,17 +608,20 @@ public class TokenServlet extends CMSServlet {
}
}
- CMS.getLogger().log(ILogger.EV_AUDIT,
+ CMS.getLogger().log(
+ ILogger.EV_AUDIT,
ILogger.S_TKS,
- ILogger.LL_INFO,"processComputeSessionKey for CUID=" +
- trim(pp.toHexString(CUID)));
- } catch (Exception e) {
+ ILogger.LL_INFO,
+ "processComputeSessionKey for CUID="
+ + trim(pp.toHexString(CUID)));
+ } catch (Exception e) {
CMS.debug(e);
- CMS.debug("TokenServlet Computing Session Key: " + e.toString());
+ CMS.debug("TokenServlet Computing Session Key: "
+ + e.toString());
if (isCryptoValidate)
sameCardCrypto = false;
}
- }
+ }
} // ! missingParam
String value = "";
@@ -634,34 +634,33 @@ public class TokenServlet extends CMSServlet {
String cryptogram = "";
String status = "0";
if (session_key != null && session_key.length > 0) {
- outputString =
- com.netscape.cmsutil.util.Utils.SpecialEncode(session_key);
- } else {
-
+ outputString = com.netscape.cmsutil.util.Utils
+ .SpecialEncode(session_key);
+ } else {
+
status = "1";
}
if (enc_session_key != null && enc_session_key.length > 0) {
- encSessionKeyString =
- com.netscape.cmsutil.util.Utils.SpecialEncode(enc_session_key);
- } else {
+ encSessionKeyString = com.netscape.cmsutil.util.Utils
+ .SpecialEncode(enc_session_key);
+ } else {
status = "1";
}
-
if (serversideKeygen == true) {
- if ( drm_trans_wrapped_desKey != null && drm_trans_wrapped_desKey.length > 0)
- drm_trans_wrapped_desKeyString =
- com.netscape.cmsutil.util.Utils.SpecialEncode(drm_trans_wrapped_desKey);
- else {
- status = "1";
+ if (drm_trans_wrapped_desKey != null
+ && drm_trans_wrapped_desKey.length > 0)
+ drm_trans_wrapped_desKeyString = com.netscape.cmsutil.util.Utils
+ .SpecialEncode(drm_trans_wrapped_desKey);
+ else {
+ status = "1";
}
- }
+ }
-
if (host_cryptogram != null && host_cryptogram.length > 0) {
- cryptogram =
- com.netscape.cmsutil.util.Utils.SpecialEncode(host_cryptogram);
+ cryptogram = com.netscape.cmsutil.util.Utils
+ .SpecialEncode(host_cryptogram);
} else {
status = "2";
}
@@ -677,32 +676,30 @@ public class TokenServlet extends CMSServlet {
if (missingParam) {
status = "3";
}
-
- if (!status.equals("0")) {
-
-
- if(status.equals("1")) {
- errorMsg = "Problem generating session key info.";
- }
-
- if(status.equals("2")) {
- errorMsg = "Problem creating host_cryptogram.";
- }
-
- if(status.equals("4")) {
- errorMsg = "Problem obtaining token information.";
- }
-
- if(status.equals("3")) {
- if(badParams.endsWith(",")) {
- badParams = badParams.substring(0,badParams.length() -1);
- }
- errorMsg = "Missing input parameters :" + badParams;
- }
-
- value = "status="+status;
- }
- else {
+
+ if (!status.equals("0")) {
+
+ if (status.equals("1")) {
+ errorMsg = "Problem generating session key info.";
+ }
+
+ if (status.equals("2")) {
+ errorMsg = "Problem creating host_cryptogram.";
+ }
+
+ if (status.equals("4")) {
+ errorMsg = "Problem obtaining token information.";
+ }
+
+ if (status.equals("3")) {
+ if (badParams.endsWith(",")) {
+ badParams = badParams.substring(0, badParams.length() - 1);
+ }
+ errorMsg = "Missing input parameters :" + badParams;
+ }
+
+ value = "status=" + status;
+ } else {
if (serversideKeygen == true) {
StringBuffer sb = new StringBuffer();
sb.append("status=0&");
@@ -711,10 +708,10 @@ public class TokenServlet extends CMSServlet {
sb.append("&hostCryptogram=");
sb.append(cryptogram);
sb.append("&encSessionKey=");
- sb.append(encSessionKeyString);
+ sb.append(encSessionKeyString);
sb.append("&kek_wrapped_desKey=");
sb.append(kek_wrapped_desKeyString);
- sb.append("&keycheck=");
+ sb.append("&keycheck=");
sb.append(keycheck_s);
sb.append("&drm_trans_wrapped_desKey=");
sb.append(drm_trans_wrapped_desKeyString);
@@ -724,19 +721,19 @@ public class TokenServlet extends CMSServlet {
sb.append("status=0&");
sb.append("sessionKey=");
sb.append(outputString);
- sb.append("&hostCryptogram=");
- sb.append(cryptogram);
+ sb.append("&hostCryptogram=");
+ sb.append(cryptogram);
sb.append("&encSessionKey=");
sb.append(encSessionKeyString);
value = sb.toString();
}
}
- CMS.debug("TokenServlet:outputString.encode " +value);
+ CMS.debug("TokenServlet:outputString.encode " + value);
- try{
+ try {
resp.setContentLength(value.length());
- CMS.debug("TokenServlet:outputString.length " +value.length());
+ CMS.debug("TokenServlet:outputString.length " + value.length());
OutputStream ooss = resp.getOutputStream();
ooss.write(value.getBytes());
ooss.flush();
@@ -744,78 +741,65 @@ public class TokenServlet extends CMSServlet {
} catch (IOException e) {
CMS.debug("TokenServlet: " + e.toString());
}
-
- if(status.equals("0")) {
-
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS,
- rCUID,
- ILogger.SUCCESS,
- status,
- agentId,
- isCryptoValidate? "true":"false",
- serversideKeygen? "true":"false",
- selectedToken,
- keyNickName);
+
+ if (status.equals("0")) {
+
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS,
+ rCUID, ILogger.SUCCESS, status, agentId,
+ isCryptoValidate ? "true" : "false",
+ serversideKeygen ? "true" : "false", selectedToken,
+ keyNickName);
} else {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,
- rCUID,
- ILogger.FAILURE,
- status,
- agentId,
- isCryptoValidate? "true":"false",
- serversideKeygen? "true":"false",
- selectedToken,
- keyNickName,
- errorMsg);
- }
-
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,
+ rCUID, ILogger.FAILURE, status, agentId,
+ isCryptoValidate ? "true" : "false",
+ serversideKeygen ? "true" : "false", selectedToken,
+ keyNickName, errorMsg);
+ }
+
audit(auditMessage);
}
private void processDiversifyKey(HttpServletRequest req,
- HttpServletResponse resp) throws EBaseException {
- byte[] KeySetData,KeysValues,CUID,xCUID;
- byte[] xkeyInfo,xnewkeyInfo;
+ HttpServletResponse resp) throws EBaseException {
+ byte[] KeySetData, KeysValues, CUID, xCUID;
+ byte[] xkeyInfo, xnewkeyInfo;
boolean missingParam = false;
String errorMsg = "";
String badParams = "";
IConfigStore sconfig = CMS.getConfigStore();
- String rnewKeyInfo = req.getParameter("newKeyInfo");
+ String rnewKeyInfo = req.getParameter("newKeyInfo");
String newMasterKeyName = req.getParameter("newKeyInfo");
String oldMasterKeyName = req.getParameter("KeyInfo");
- String rCUID =req.getParameter("CUID");
- String auditMessage="";
+ String rCUID = req.getParameter("CUID");
+ String auditMessage = "";
String keySet = req.getParameter("keySet");
if (keySet == null || keySet.equals("")) {
- keySet = "defKeySet";
+ keySet = "defKeySet";
}
CMS.debug("keySet selected: " + keySet);
SessionContext sContext = SessionContext.getContext();
- String agentId="";
+ String agentId = "";
if (sContext != null) {
- agentId =
- (String) sContext.get(SessionContext.USER_ID);
+ agentId = (String) sContext.get(SessionContext.USER_ID);
}
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST,
- rCUID,
- ILogger.SUCCESS,
- agentId,
- oldMasterKeyName,
- newMasterKeyName);
+ LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST, rCUID,
+ ILogger.SUCCESS, agentId, oldMasterKeyName, newMasterKeyName);
audit(auditMessage);
-
if ((rCUID == null) || (rCUID.equals(""))) {
badParams += " CUID,";
CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: CUID");
@@ -826,130 +810,144 @@ public class TokenServlet extends CMSServlet {
CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: newKeyInfo");
missingParam = true;
}
- if ((oldMasterKeyName == null) || (oldMasterKeyName.equals(""))){
+ if ((oldMasterKeyName == null) || (oldMasterKeyName.equals(""))) {
badParams += " KeyInfo,";
CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: KeyInfo");
missingParam = true;
}
if (!missingParam) {
- xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(oldMasterKeyName);
- if (xkeyInfo == null || xkeyInfo.length != 2) {
- badParams += " KeyInfo length,";
- CMS.debug("TokenServlet: Invalid key info length");
- missingParam = true;
- }
- xnewkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(newMasterKeyName);
- if (xnewkeyInfo == null || xnewkeyInfo.length != 2) {
- badParams += " NewKeyInfo length,";
- CMS.debug("TokenServlet: Invalid new key info length");
- missingParam = true;
- }
- }
- String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true");
- if (!useSoftToken_s.equalsIgnoreCase("true"))
- useSoftToken_s = "false";
+ xkeyInfo = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(oldMasterKeyName);
+ if (xkeyInfo == null || xkeyInfo.length != 2) {
+ badParams += " KeyInfo length,";
+ CMS.debug("TokenServlet: Invalid key info length");
+ missingParam = true;
+ }
+ xnewkeyInfo = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(newMasterKeyName);
+ if (xnewkeyInfo == null || xnewkeyInfo.length != 2) {
+ badParams += " NewKeyInfo length,";
+ CMS.debug("TokenServlet: Invalid new key info length");
+ missingParam = true;
+ }
+ }
+ String useSoftToken_s = CMS.getConfigStore().getString(
+ "tks.useSoftToken", "true");
+ if (!useSoftToken_s.equalsIgnoreCase("true"))
+ useSoftToken_s = "false";
KeySetData = null;
String outputString = null;
if (!missingParam) {
- xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
- if (xCUID == null || xCUID.length != 10) {
- badParams += " CUID length,";
- CMS.debug("TokenServlet: Invalid CUID length");
- missingParam = true;
- }
- }
+ xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+ if (xCUID == null || xCUID.length != 10) {
+ badParams += " CUID length,";
+ CMS.debug("TokenServlet: Invalid CUID length");
+ missingParam = true;
+ }
+ }
if (!missingParam) {
- CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
-
- if (mKeyNickName!=null)
- oldMasterKeyName = mKeyNickName;
- if (mNewKeyNickName!=null)
- newMasterKeyName = mNewKeyNickName;
-
- String oldKeyInfoMap = "tks." + keySet + ".mk_mappings." + req.getParameter("KeyInfo"); //#xx#xx
- String oldMappingValue = CMS.getConfigStore().getString(oldKeyInfoMap, null);
- String oldSelectedToken = null;
- String oldKeyNickName = null;
- if (oldMappingValue == null) {
- oldSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
- oldKeyNickName = req.getParameter("KeyInfo");
- } else {
- StringTokenizer st = new StringTokenizer(oldMappingValue, ":");
- oldSelectedToken = st.nextToken();
- oldKeyNickName = st.nextToken();
- }
-
- String newKeyInfoMap = "tks.mk_mappings." + rnewKeyInfo; //#xx#xx
- String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null);
- String newSelectedToken = null;
- String newKeyNickName = null;
- if (newMappingValue == null) {
- newSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
- newKeyNickName = rnewKeyInfo;
- } else {
- StringTokenizer st = new StringTokenizer(newMappingValue, ":");
- newSelectedToken = st.nextToken();
- newKeyNickName = st.nextToken();
- }
-
- CMS.debug("process DiversifyKey for oldSelectedToke="+
- oldSelectedToken + " newSelectedToken=" + newSelectedToken +
- " oldKeyNickName=" + oldKeyNickName + " newKeyNickName=" +
- newKeyNickName);
-
- byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
- KeySetData = SessionKey.DiversifyKey(oldSelectedToken,
- newSelectedToken, oldKeyNickName,
- newKeyNickName,rnewKeyInfo,CUID, kekKeyArray, useSoftToken_s, keySet);
-
- if (KeySetData == null || KeySetData.length<=1) {
- CMS.getLogger().log(ILogger.EV_AUDIT,
- ILogger.S_TKS,
- ILogger.LL_INFO,"process DiversifyKey: Missing MasterKey in Slot");
- }
-
- CMS.getLogger().log(ILogger.EV_AUDIT,
- ILogger.S_TKS,
- ILogger.LL_INFO,"process DiversifyKey for CUID ="+ trim(pp.toHexString(CUID))
- + ";from oldMasterKeyName="+oldSelectedToken + ":" + oldKeyNickName
- +";to newMasterKeyName="+newSelectedToken + ":" + newKeyNickName);
-
- resp.setContentType("text/html");
-
- if (KeySetData != null) {
- outputString = new String(KeySetData);
- }
+ CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+
+ if (mKeyNickName != null)
+ oldMasterKeyName = mKeyNickName;
+ if (mNewKeyNickName != null)
+ newMasterKeyName = mNewKeyNickName;
+
+ String oldKeyInfoMap = "tks." + keySet + ".mk_mappings."
+ + req.getParameter("KeyInfo"); // #xx#xx
+ String oldMappingValue = CMS.getConfigStore().getString(
+ oldKeyInfoMap, null);
+ String oldSelectedToken = null;
+ String oldKeyNickName = null;
+ if (oldMappingValue == null) {
+ oldSelectedToken = CMS.getConfigStore().getString(
+ "tks.defaultSlot", "internal");
+ oldKeyNickName = req.getParameter("KeyInfo");
+ } else {
+ StringTokenizer st = new StringTokenizer(oldMappingValue, ":");
+ oldSelectedToken = st.nextToken();
+ oldKeyNickName = st.nextToken();
+ }
+
+ String newKeyInfoMap = "tks.mk_mappings." + rnewKeyInfo; // #xx#xx
+ String newMappingValue = CMS.getConfigStore().getString(
+ newKeyInfoMap, null);
+ String newSelectedToken = null;
+ String newKeyNickName = null;
+ if (newMappingValue == null) {
+ newSelectedToken = CMS.getConfigStore().getString(
+ "tks.defaultSlot", "internal");
+ newKeyNickName = rnewKeyInfo;
+ } else {
+ StringTokenizer st = new StringTokenizer(newMappingValue, ":");
+ newSelectedToken = st.nextToken();
+ newKeyNickName = st.nextToken();
+ }
+
+ CMS.debug("process DiversifyKey for oldSelectedToke="
+ + oldSelectedToken + " newSelectedToken="
+ + newSelectedToken + " oldKeyNickName=" + oldKeyNickName
+ + " newKeyNickName=" + newKeyNickName);
+
+ byte kekKeyArray[] = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(sconfig.getString("tks." + keySet
+ + ".kek_key"));
+ KeySetData = SessionKey.DiversifyKey(oldSelectedToken,
+ newSelectedToken, oldKeyNickName, newKeyNickName,
+ rnewKeyInfo, CUID, kekKeyArray, useSoftToken_s, keySet);
+
+ if (KeySetData == null || KeySetData.length <= 1) {
+ CMS.getLogger().log(ILogger.EV_AUDIT, ILogger.S_TKS,
+ ILogger.LL_INFO,
+ "process DiversifyKey: Missing MasterKey in Slot");
+ }
+
+ CMS.getLogger().log(
+ ILogger.EV_AUDIT,
+ ILogger.S_TKS,
+ ILogger.LL_INFO,
+ "process DiversifyKey for CUID ="
+ + trim(pp.toHexString(CUID))
+ + ";from oldMasterKeyName=" + oldSelectedToken
+ + ":" + oldKeyNickName + ";to newMasterKeyName="
+ + newSelectedToken + ":" + newKeyNickName);
+
+ resp.setContentType("text/html");
+
+ if (KeySetData != null) {
+ outputString = new String(KeySetData);
+ }
} // ! missingParam
- //CMS.debug("TokenServlet:processDiversifyKey " +outputString);
- //String value="keySetData=%00" if the KeySetData=byte[0]=0;
+ // CMS.debug("TokenServlet:processDiversifyKey " +outputString);
+ // String value="keySetData=%00" if the KeySetData=byte[0]=0;
String value = "";
String status = "0";
if (KeySetData != null && KeySetData.length > 1) {
- value = "status=0&"+"keySetData=" +
- com.netscape.cmsutil.util.Utils.SpecialEncode(KeySetData);
- CMS.debug("TokenServlet:process DiversifyKey.encode " +value);
+ value = "status=0&" + "keySetData="
+ + com.netscape.cmsutil.util.Utils.SpecialEncode(KeySetData);
+ CMS.debug("TokenServlet:process DiversifyKey.encode " + value);
} else if (missingParam) {
status = "3";
- if(badParams.endsWith(",")) {
- badParams = badParams.substring(0,badParams.length() -1);
+ if (badParams.endsWith(",")) {
+ badParams = badParams.substring(0, badParams.length() - 1);
}
errorMsg = "Missing input parameters: " + badParams;
value = "status=" + status;
- } else {
+ } else {
errorMsg = "Problem diversifying key data.";
status = "1";
value = "status=" + status;
}
resp.setContentLength(value.length());
- CMS.debug("TokenServlet:outputString.length " +value.length());
+ CMS.debug("TokenServlet:outputString.length " + value.length());
- try{
+ try {
OutputStream ooss = resp.getOutputStream();
ooss.write(value.getBytes());
ooss.flush();
@@ -958,35 +956,28 @@ public class TokenServlet extends CMSServlet {
CMS.debug("TokenServlet:process DiversifyKey: " + e.toString());
}
- if(status.equals("0")) {
+ if (status.equals("0")) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS,
- rCUID,
- ILogger.SUCCESS,
- status,
- agentId,
- oldMasterKeyName,
- newMasterKeyName);
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS,
+ rCUID, ILogger.SUCCESS, status, agentId,
+ oldMasterKeyName, newMasterKeyName);
} else {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,
- rCUID,
- ILogger.FAILURE,
- status,
- agentId,
- oldMasterKeyName,
- newMasterKeyName,
- errorMsg);
- }
-
- audit(auditMessage);
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,
+ rCUID, ILogger.FAILURE, status, agentId,
+ oldMasterKeyName, newMasterKeyName, errorMsg);
+ }
+
+ audit(auditMessage);
}
private void processEncryptData(HttpServletRequest req,
- HttpServletResponse resp) throws EBaseException {
+ HttpServletResponse resp) throws EBaseException {
byte[] keyInfo, CUID, xCUID, encryptedData, xkeyInfo;
boolean missingParam = false;
byte[] data = null;
@@ -1006,15 +997,15 @@ public class TokenServlet extends CMSServlet {
SessionContext sContext = SessionContext.getContext();
- String agentId="";
+ String agentId = "";
if (sContext != null) {
- agentId =
- (String) sContext.get(SessionContext.USER_ID);
+ agentId = (String) sContext.get(SessionContext.USER_ID);
}
CMS.debug("keySet selected: " + keySet);
- String s_isRandom = sconfig.getString("tks.EncryptData.isRandom", "true");
+ String s_isRandom = sconfig.getString("tks.EncryptData.isRandom",
+ "true");
if (s_isRandom.equalsIgnoreCase("false")) {
CMS.debug("TokenServlet: processEncryptData(): Random number not to be generated");
isRandom = false;
@@ -1024,30 +1015,27 @@ public class TokenServlet extends CMSServlet {
}
String auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST,
- rCUID,
- ILogger.SUCCESS,
- agentId,
- s_isRandom);
+ LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST, rCUID,
+ ILogger.SUCCESS, agentId, s_isRandom);
audit(auditMessage);
if (isRandom) {
if ((rdata == null) || (rdata.equals(""))) {
- CMS.debug("TokenServlet: processEncryptData(): no data in request. Generating random number as data");
+ CMS.debug("TokenServlet: processEncryptData(): no data in request. Generating random number as data");
} else {
- CMS.debug("TokenServlet: processEncryptData(): contain data in request, however, random generation on TKS is required. Generating...");
+ CMS.debug("TokenServlet: processEncryptData(): contain data in request, however, random generation on TKS is required. Generating...");
}
try {
- SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
- data = new byte[16];
- random.nextBytes(data);
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ data = new byte[16];
+ random.nextBytes(data);
} catch (Exception e) {
- CMS.debug("TokenServlet: processEncryptData():"+ e.toString());
- badParams += " Random Number,";
- missingParam = true;
+ CMS.debug("TokenServlet: processEncryptData():" + e.toString());
+ badParams += " Random Number,";
+ missingParam = true;
}
- } else if ((!isRandom) && (((rdata == null) || (rdata.equals(""))))){
+ } else if ((!isRandom) && (((rdata == null) || (rdata.equals(""))))) {
CMS.debug("TokenServlet: processEncryptData(): missing request parameter: data.");
badParams += " data,";
missingParam = true;
@@ -1058,75 +1046,84 @@ public class TokenServlet extends CMSServlet {
CMS.debug("TokenServlet: processEncryptData(): missing request parameter: CUID");
missingParam = true;
}
-
+
if ((rKeyInfo == null) || (rKeyInfo.equals(""))) {
badParams += " KeyInfo,";
CMS.debug("TokenServlet: processEncryptData(): missing request parameter: key info");
missingParam = true;
}
-
if (!missingParam) {
- xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
- if (xCUID == null || xCUID.length != 10) {
- badParams += " CUID length,";
- CMS.debug("TokenServlet: Invalid CUID length");
- missingParam = true;
- }
- xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
- if (xkeyInfo == null || xkeyInfo.length != 2) {
- badParams += " KeyInfo length,";
- CMS.debug("TokenServlet: Invalid key info length");
- missingParam = true;
- }
+ xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+ if (xCUID == null || xCUID.length != 10) {
+ badParams += " CUID length,";
+ CMS.debug("TokenServlet: Invalid CUID length");
+ missingParam = true;
+ }
+ xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
+ if (xkeyInfo == null || xkeyInfo.length != 2) {
+ badParams += " KeyInfo length,";
+ CMS.debug("TokenServlet: Invalid key info length");
+ missingParam = true;
+ }
}
- String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken","true");
- if (!useSoftToken_s.equalsIgnoreCase("true"))
- useSoftToken_s = "false";
+ String useSoftToken_s = CMS.getConfigStore().getString(
+ "tks.useSoftToken", "true");
+ if (!useSoftToken_s.equalsIgnoreCase("true"))
+ useSoftToken_s = "false";
String selectedToken = null;
String keyNickName = null;
if (!missingParam) {
- if (!isRandom)
- data = com.netscape.cmsutil.util.Utils.SpecialDecode(rdata);
- keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
- CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
-
- String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo;
- String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
- if (mappingValue == null) {
- selectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
- keyNickName = rKeyInfo;
- } else {
- StringTokenizer st = new StringTokenizer(mappingValue, ":");
- selectedToken = st.nextToken();
- keyNickName = st.nextToken();
- }
-
- byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
- encryptedData = SessionKey.EncryptData(
- selectedToken,keyNickName,data,keyInfo,CUID, kekKeyArray, useSoftToken_s, keySet);
-
- CMS.getLogger().log(ILogger.EV_AUDIT,
- ILogger.S_TKS,
- ILogger.LL_INFO,"process EncryptData for CUID ="+ trim(pp.toHexString(CUID)));
+ if (!isRandom)
+ data = com.netscape.cmsutil.util.Utils.SpecialDecode(rdata);
+ keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
+ CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+
+ String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo;
+ String mappingValue = CMS.getConfigStore().getString(keyInfoMap,
+ null);
+ if (mappingValue == null) {
+ selectedToken = CMS.getConfigStore().getString(
+ "tks.defaultSlot", "internal");
+ keyNickName = rKeyInfo;
+ } else {
+ StringTokenizer st = new StringTokenizer(mappingValue, ":");
+ selectedToken = st.nextToken();
+ keyNickName = st.nextToken();
+ }
+
+ byte kekKeyArray[] = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(sconfig.getString("tks." + keySet
+ + ".kek_key"));
+ encryptedData = SessionKey.EncryptData(selectedToken, keyNickName,
+ data, keyInfo, CUID, kekKeyArray, useSoftToken_s, keySet);
+
+ CMS.getLogger().log(
+ ILogger.EV_AUDIT,
+ ILogger.S_TKS,
+ ILogger.LL_INFO,
+ "process EncryptData for CUID ="
+ + trim(pp.toHexString(CUID)));
} // !missingParam
resp.setContentType("text/html");
-
+
String value = "";
- String status = "0";
- if (encryptedData != null && encryptedData.length > 0) {
- String outputString = new String(encryptedData);
+ String status = "0";
+ if (encryptedData != null && encryptedData.length > 0) {
+ String outputString = new String(encryptedData);
// sending both the pre-encrypted and encrypted data back
- value = "status=0&"+"data="+
- com.netscape.cmsutil.util.Utils.SpecialEncode(data)+
- "&encryptedData=" +
- com.netscape.cmsutil.util.Utils.SpecialEncode(encryptedData);
+ value = "status=0&"
+ + "data="
+ + com.netscape.cmsutil.util.Utils.SpecialEncode(data)
+ + "&encryptedData="
+ + com.netscape.cmsutil.util.Utils
+ .SpecialEncode(encryptedData);
} else if (missingParam) {
- if(badParams.endsWith(",")) {
- badParams = badParams.substring(0,badParams.length() -1);
+ if (badParams.endsWith(",")) {
+ badParams = badParams.substring(0, badParams.length() - 1);
}
errorMsg = "Missing input parameters: " + badParams;
status = "3";
@@ -1137,12 +1134,12 @@ public class TokenServlet extends CMSServlet {
value = "status=" + status;
}
- CMS.debug("TokenServlet:process EncryptData.encode " +value);
+ CMS.debug("TokenServlet:process EncryptData.encode " + value);
try {
resp.setContentLength(value.length());
- CMS.debug("TokenServlet:outputString.lenght " +value.length());
-
+ CMS.debug("TokenServlet:outputString.lenght " + value.length());
+
OutputStream ooss = resp.getOutputStream();
ooss.write(value.getBytes());
ooss.flush();
@@ -1151,54 +1148,39 @@ public class TokenServlet extends CMSServlet {
CMS.debug("TokenServlet: " + e.toString());
}
- if(status.equals("0")) {
+ if (status.equals("0")) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,
- rCUID,
- ILogger.SUCCESS,
- status,
- agentId,
- s_isRandom,
- selectedToken,
- keyNickName);
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,
+ rCUID, ILogger.SUCCESS, status, agentId,
+ s_isRandom, selectedToken, keyNickName);
} else {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,
- rCUID,
- ILogger.FAILURE,
- status,
- agentId,
- s_isRandom,
- selectedToken,
- keyNickName,
- errorMsg);
- }
-
- audit(auditMessage);
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,
+ rCUID, ILogger.FAILURE, status, agentId,
+ s_isRandom, selectedToken, keyNickName, errorMsg);
+ }
+
+ audit(auditMessage);
}
- /*
- * For EncryptData:
- * data=value1
- * CUID=value2 // missing from RA
- * versionID=value3 // missing from RA
- *
- * For ComputeSession:
- * card_challenge=value1
- * host_challenge=value2
-
- * For DiversifyKey:
- * new_master_key_index
- * master_key_index
+ /*
+ * For EncryptData: data=value1 CUID=value2 // missing from RA
+ * versionID=value3 // missing from RA
+ *
+ * For ComputeSession: card_challenge=value1 host_challenge=value2
+ *
+ * For DiversifyKey: new_master_key_index master_key_index
*/
private void processComputeRandomData(HttpServletRequest req,
- HttpServletResponse resp) throws EBaseException {
-
- byte[] randomData = null;
+ HttpServletResponse resp) throws EBaseException {
+
+ byte[] randomData = null;
String status = "0";
String errorMsg = "";
String badParams = "";
@@ -1209,26 +1191,22 @@ public class TokenServlet extends CMSServlet {
SessionContext sContext = SessionContext.getContext();
- String agentId="";
+ String agentId = "";
if (sContext != null) {
- agentId =
- (String) sContext.get(SessionContext.USER_ID);
+ agentId = (String) sContext.get(SessionContext.USER_ID);
}
String sDataSize = req.getParameter("dataNumBytes");
- if(sDataSize == null || sDataSize.equals("")) {
+ if (sDataSize == null || sDataSize.equals("")) {
CMS.debug("TokenServlet::processComputeRandomData missing param dataNumBytes");
badParams += " Random Data size, ";
missingParam = true;
status = "1";
} else {
- try
- {
- dataSize = Integer.parseInt(sDataSize.trim());
- }
- catch (NumberFormatException nfe)
- {
+ try {
+ dataSize = Integer.parseInt(sDataSize.trim());
+ } catch (NumberFormatException nfe) {
CMS.debug("TokenServlet::processComputeRandomData invalid data size input!");
badParams += " Random Data size, ";
missingParam = true;
@@ -1237,42 +1215,43 @@ public class TokenServlet extends CMSServlet {
}
- CMS.debug("TokenServlet::processComputeRandomData data size requested: " + dataSize);
+ CMS.debug("TokenServlet::processComputeRandomData data size requested: "
+ + dataSize);
String auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST,
- ILogger.SUCCESS,
- agentId);
+ LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST,
+ ILogger.SUCCESS, agentId);
audit(auditMessage);
- if(!missingParam) {
+ if (!missingParam) {
try {
- SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
- randomData = new byte[dataSize];
- random.nextBytes(randomData);
- } catch (Exception e) {
- CMS.debug("TokenServlet::processComputeRandomData:"+ e.toString());
- errorMsg = "Can't generate random data!";
- status = "2";
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ randomData = new byte[dataSize];
+ random.nextBytes(randomData);
+ } catch (Exception e) {
+ CMS.debug("TokenServlet::processComputeRandomData:"
+ + e.toString());
+ errorMsg = "Can't generate random data!";
+ status = "2";
}
}
String randomDataOut = "";
- if(status.equals("0")) {
+ if (status.equals("0")) {
if (randomData != null && randomData.length == dataSize) {
- randomDataOut =
- com.netscape.cmsutil.util.Utils.SpecialEncode(randomData);
+ randomDataOut = com.netscape.cmsutil.util.Utils
+ .SpecialEncode(randomData);
} else {
status = "2";
errorMsg = "Can't convert random data!";
}
}
- if(status.equals("1") && missingParam) {
+ if (status.equals("1") && missingParam) {
- if(badParams.endsWith(",")) {
- badParams = badParams.substring(0,badParams.length() -1);
+ if (badParams.endsWith(",")) {
+ badParams = badParams.substring(0, badParams.length() - 1);
}
errorMsg = "Missing input parameters :" + badParams;
}
@@ -1280,15 +1259,16 @@ public class TokenServlet extends CMSServlet {
resp.setContentType("text/html");
String value = "";
- value = "status="+status;
- if(status.equals("0")) {
- value = value + "&DATA="+randomDataOut;
+ value = "status=" + status;
+ if (status.equals("0")) {
+ value = value + "&DATA=" + randomDataOut;
}
-
+
try {
resp.setContentLength(value.length());
- CMS.debug("TokenServler::processComputeRandomData :outputString.length " +value.length());
-
+ CMS.debug("TokenServler::processComputeRandomData :outputString.length "
+ + value.length());
+
OutputStream ooss = resp.getOutputStream();
ooss.write(value.getBytes());
ooss.flush();
@@ -1297,22 +1277,19 @@ public class TokenServlet extends CMSServlet {
CMS.debug("TokenServlet::processComputeRandomData " + e.toString());
}
- if(status.equals("0")) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,
- ILogger.SUCCESS,
- status,
- agentId);
- } else {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,
- ILogger.FAILURE,
- status,
- agentId,
- errorMsg);
- }
-
- audit(auditMessage);
+ if (status.equals("0")) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,
+ ILogger.SUCCESS, status, agentId);
+ } else {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,
+ ILogger.FAILURE, status, agentId, errorMsg);
+ }
+
+ audit(auditMessage);
}
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -1323,14 +1300,14 @@ public class TokenServlet extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "execute");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "execute");
} catch (Exception e) {
}
if (authzToken == null) {
- try{
+ try {
resp.setContentType("text/html");
String value = "unauthorized=";
CMS.debug("TokenServlet: Unauthorized");
@@ -1340,37 +1317,36 @@ public class TokenServlet extends CMSServlet {
ooss.write(value.getBytes());
ooss.flush();
mRenderResult = false;
- }catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("TokenServlet: " + e.toString());
}
- // cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
+ // cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
return;
}
String temp = req.getParameter("card_challenge");
mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot");
setDefaultSlotAndKeyName(req);
- if(temp!=null)
- {
- processComputeSessionKey(req,resp);
- }else if(req.getParameter("data")!=null){
- processEncryptData(req,resp);
- }else if(req.getParameter("newKeyInfo")!=null){
- processDiversifyKey(req,resp);
- }else if(req.getParameter("dataNumBytes") !=null){
- processComputeRandomData(req,resp);
+ if (temp != null) {
+ processComputeSessionKey(req, resp);
+ } else if (req.getParameter("data") != null) {
+ processEncryptData(req, resp);
+ } else if (req.getParameter("newKeyInfo") != null) {
+ processDiversifyKey(req, resp);
+ } else if (req.getParameter("dataNumBytes") != null) {
+ processComputeRandomData(req, resp);
}
}
/**
* Serves HTTP admin request.
- *
+ *
* @param req HTTP request
* @param resp HTTP response
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
String scope = req.getParameter(Constants.OP_SCOPE);
String op = req.getParameter(Constants.OP_TYPE);
@@ -1379,7 +1355,7 @@ public class TokenServlet extends CMSServlet {
/**
* Parses uid0=pwd0,uid1=pwd1,... into AgentCredential.
- *
+ *
* @param s credential string
* @return a list of credentials
*/
@@ -1391,8 +1367,7 @@ public class TokenServlet extends CMSServlet {
String a = st.nextToken();
StringTokenizer st0 = new StringTokenizer(a, "=");
- v.addElement(new Credential(st0.nextToken(),
- st0.nextToken()));
+ v.addElement(new Credential(st0.nextToken(), st0.nextToken()));
}
Credential ac[] = new Credential[v.size()];
generated by cgit (git 2.34.1) at 2024-05-05 12:43:31 +0000