public class KeyClient extends Client
Modifier and Type | Field and Description |
---|---|
KeyResource |
keyClient |
KeyRequestResource |
keyRequestClient |
KRAInfoResource |
kraInfoClient |
static org.slf4j.Logger |
logger |
Constructor and Description |
---|
KeyClient(PKIClient client,
java.lang.String subsystem) |
Modifier and Type | Method and Description |
---|---|
void |
approveRequest(RequestId id)
Approve a secret recovery request
|
KeyRequestResponse |
archiveEncryptedData(java.lang.String clientKeyId,
java.lang.String dataType,
java.lang.String keyAlgorithm,
java.lang.Integer keySize,
java.lang.String algorithmOID,
byte[] nonceData,
byte[] encryptedData,
byte[] transWrappedSessionKey)
Deprecated.
|
KeyRequestResponse |
archiveEncryptedData(java.lang.String clientKeyId,
java.lang.String dataType,
java.lang.String keyAlgorithm,
java.lang.Integer keySize,
java.lang.String algorithmOID,
byte[] nonceData,
byte[] encryptedData,
byte[] transWrappedSessionKey,
java.lang.String realm)
Archive a secret (symmetric key or passphrase) on the DRM.
|
KeyRequestResponse |
archivePKIOptions(java.lang.String clientKeyId,
java.lang.String dataType,
java.lang.String keyAlgorithm,
int keySize,
byte[] pkiArchiveOptions)
Deprecated.
|
KeyRequestResponse |
archivePKIOptions(java.lang.String clientKeyId,
java.lang.String dataType,
java.lang.String keyAlgorithm,
int keySize,
byte[] pkiArchiveOptions,
java.lang.String realm)
Archive a secret (symmetric key or passphrase) on the DRM using a PKIArchiveOptions data format.
|
KeyRequestResponse |
archiveSecret(java.lang.String clientKeyId,
byte[] secret) |
KeyRequestResponse |
archiveSecret(java.lang.String clientKeyId,
byte[] secret,
java.lang.String realm)
Archive a secret on the KRA.
|
KeyRequestResponse |
archiveSymmetricKey(java.lang.String clientKeyId,
org.mozilla.jss.crypto.SymmetricKey secret,
java.lang.String keyAlgorithm,
java.lang.Integer keySize)
Deprecated.
|
KeyRequestResponse |
archiveSymmetricKey(java.lang.String clientKeyId,
org.mozilla.jss.crypto.SymmetricKey secret,
java.lang.String keyAlgorithm,
java.lang.Integer keySize,
java.lang.String realm)
Archive a symmetric key on the DRM.
|
void |
cancelRequest(RequestId id)
Cancel a secret recovery request
|
KeyRequestResponse |
generateAsymmetricKey(java.lang.String clientKeyId,
java.lang.String keyAlgorithm,
int keySize,
java.util.List<java.lang.String> usages,
byte[] transWrappedSessionKey)
Deprecated.
|
KeyRequestResponse |
generateAsymmetricKey(java.lang.String clientKeyId,
java.lang.String keyAlgorithm,
int keySize,
java.util.List<java.lang.String> usages,
byte[] transWrappedSessionKey,
java.lang.String realm)
Generate and archive an asymmetric keys in the DRM
|
org.mozilla.jss.crypto.SymmetricKey |
generateSessionKey() |
KeyRequestResponse |
generateSymmetricKey(java.lang.String clientKeyId,
java.lang.String keyAlgorithm,
int keySize,
java.util.List<java.lang.String> usages,
java.lang.String transWrappedSessionKey)
Deprecated.
|
KeyRequestResponse |
generateSymmetricKey(java.lang.String clientKeyId,
java.lang.String keyAlgorithm,
int keySize,
java.util.List<java.lang.String> usages,
java.lang.String transWrappedSessionKey,
java.lang.String realm)
Generate and archive a symmetric key in the DRM.
|
KeyInfo |
getActiveKeyInfo(java.lang.String clientKeyID)
Get the info in the KeyRecord for the active secret in the DRM.
|
CryptoProvider |
getCrypto() |
KeyInfo |
getKeyInfo(KeyId id)
Get the info in the KeyRecord for a specific secret in the DRM.
|
KeyRequestInfo |
getRequestInfo(RequestId id)
Return a KeyRequestInfo object for a specific request.
|
java.lang.String |
getWrapAlgorithmName() |
void |
init() |
KeyInfoCollection |
listKeys(java.lang.String clientKeyID,
java.lang.String status,
java.lang.Integer maxSize,
java.lang.Integer maxTime,
java.lang.Integer start,
java.lang.Integer size) |
KeyInfoCollection |
listKeys(java.lang.String clientKeyID,
java.lang.String status,
java.lang.Integer maxSize,
java.lang.Integer maxTime,
java.lang.Integer start,
java.lang.Integer size,
java.lang.String realm)
List/Search archived secrets in the DRM.
|
KeyRequestInfoCollection |
listRequests(java.lang.String requestState,
java.lang.String requestType) |
KeyRequestInfoCollection |
listRequests(java.lang.String requestState,
java.lang.String requestType,
java.lang.String realm)
Search key requests in the DRM based on the state/type of the requests.
|
KeyRequestInfoCollection |
listRequests(java.lang.String requestState,
java.lang.String requestType,
java.lang.String clientKeyID,
RequestId start,
java.lang.Integer pageSize,
java.lang.Integer maxResults,
java.lang.Integer maxTime,
java.lang.String realm)
List/Search key requests in the DRM
|
void |
modifyKeyStatus(KeyId id,
java.lang.String status)
Modify the status of a key
|
void |
processKeyData(Key data,
org.mozilla.jss.crypto.SymmetricKey sessionKey) |
KeyRequestResponse |
recoverKey(KeyId keyId,
byte[] sessionWrappedPassphrase,
byte[] transWrappedSessionKey,
byte[] nonceData,
java.lang.String b64Certificate)
Create a request to recover a secret.
|
void |
rejectRequest(RequestId id)
Reject a secret recovery request
|
KeyData |
retrieveKey(KeyId keyId,
byte[] transWrappedSessionKey)
Retrieve a secret (passphrase or symmetric key) from the DRM.
|
KeyData |
retrieveKey(KeyId keyId,
org.mozilla.jss.crypto.SymmetricKey sessionKey)
Retrieve a secret (passphrase or symmetric key) from the DRM.
|
KeyData |
retrieveKeyByPassphrase(KeyId keyId,
java.lang.String passphrase)
The secret is secured in transit by wrapping the secret with the passphrase using
PBE encryption.
|
KeyData |
retrieveKeyByPKCS12(KeyId keyId,
java.lang.String certificate,
java.lang.String passphrase)
Retrieve an asymmetric private key and return it as PKCS12 data.
|
KeyData |
retrieveKeyByRequest(RequestId requestId,
org.mozilla.jss.crypto.SymmetricKey sessionKey) |
Key |
retrieveKeyByRequestWithPassphrase(RequestId requestId,
java.lang.String passphrase) |
KeyData |
retrieveKeyData(KeyRecoveryRequest data)
Retrieve a secret from the DRM.
|
KeyData |
retrieveKeyUsingWrappedPassphrase(KeyId keyId,
byte[] transWrappedSessionKey,
byte[] sessionWrappedPassphrase,
byte[] nonceData)
This method generates a key recovery request, approves it, and retrieves
the secret referred to by keyId.
|
void |
setCrypto(CryptoProvider crypto) |
void |
setTransportCert(org.mozilla.jss.crypto.X509Certificate transportCert) |
addClient, createProxy, get, get, get, get, getClient, getName, getSubsystem, post, post, post, post, removeClient
public static org.slf4j.Logger logger
public KeyResource keyClient
public KeyRequestResource keyRequestClient
public KRAInfoResource kraInfoClient
public KeyClient(PKIClient client, java.lang.String subsystem) throws java.lang.Exception
java.lang.Exception
public void init() throws java.lang.Exception
java.lang.Exception
public CryptoProvider getCrypto()
public void setCrypto(CryptoProvider crypto)
public void setTransportCert(org.mozilla.jss.crypto.X509Certificate transportCert) throws java.lang.Exception
java.lang.Exception
public KeyInfoCollection listKeys(java.lang.String clientKeyID, java.lang.String status, java.lang.Integer maxSize, java.lang.Integer maxTime, java.lang.Integer start, java.lang.Integer size, java.lang.String realm) throws java.lang.Exception
clientKeyID
- -- Client Key Identifierstatus
- -- Status of the keys to be listedmaxSize
- -- Maximum number of keys to be fetchedmaxTime
- -- Maximum time for the operation to takestart
- -- Start index of listsize
- -- Size of the list to be returned.realm
- - authz realmjava.lang.Exception
public KeyInfoCollection listKeys(java.lang.String clientKeyID, java.lang.String status, java.lang.Integer maxSize, java.lang.Integer maxTime, java.lang.Integer start, java.lang.Integer size) throws java.lang.Exception
java.lang.Exception
public KeyRequestInfoCollection listRequests(java.lang.String requestState, java.lang.String requestType, java.lang.String realm) throws java.lang.Exception
requestState
- -- State of the requests to be queried.requestType
- -- Type of the requests to be queried.realm
- -- Authz Realmjava.lang.Exception
public KeyRequestInfoCollection listRequests(java.lang.String requestState, java.lang.String requestType) throws java.lang.Exception
java.lang.Exception
public KeyRequestInfoCollection listRequests(java.lang.String requestState, java.lang.String requestType, java.lang.String clientKeyID, RequestId start, java.lang.Integer pageSize, java.lang.Integer maxResults, java.lang.Integer maxTime, java.lang.String realm) throws java.lang.Exception
requestState
- -- State of the requests to be queried.requestType
- -- Type of the requests to be queried.clientKeyID
- -- Client Key Identifierstart
- -- Start index of listpageSize
- -- Size of the list to be returned.maxResults
- -- Maximum number of requests to be fetchedmaxTime
- -- Maximum time for the operation to takerealm
- -- Authz Realmjava.lang.Exception
public KeyRequestInfo getRequestInfo(RequestId id) throws java.lang.Exception
id
- -- A Request Id objectjava.lang.Exception
public KeyInfo getKeyInfo(KeyId id) throws java.lang.Exception
id
- -- key id for secretjava.lang.Exception
public KeyInfo getActiveKeyInfo(java.lang.String clientKeyID) throws java.lang.Exception
clientKeyID
- -- Client Key Identifierjava.lang.Exception
public void modifyKeyStatus(KeyId id, java.lang.String status) throws java.lang.Exception
id
- -- key id for secretstatus
- -- Status to be set for the keyjava.lang.Exception
public void approveRequest(RequestId id) throws java.lang.Exception
id
- -- Id of the requestjava.lang.Exception
public void rejectRequest(RequestId id) throws java.lang.Exception
id
- -- Id of the requestjava.lang.Exception
public void cancelRequest(RequestId id) throws java.lang.Exception
id
- -- Id of the requestjava.lang.Exception
public KeyRequestResponse recoverKey(KeyId keyId, byte[] sessionWrappedPassphrase, byte[] transWrappedSessionKey, byte[] nonceData, java.lang.String b64Certificate) throws java.lang.Exception
keyId
- -- key id for secretsessionWrappedPassphrase
- -- A passphrase wrapped by a session keytransWrappedSessionKey
- -- The session key, used to wrap the passphrase, wrapped by the DRM transport cert.nonceData
- -- IV parameter used while encrypting the passphrase using the session key.b64Certificate
- -- A certificate in encoded using Base64java.lang.Exception
public KeyData retrieveKeyData(KeyRecoveryRequest data) throws java.lang.Exception
data
- -- a KeyRecoveryRequest containing the keyId of the
secret being retrieved, the request_id of the approved recovery
request and a wrapping mechanism.java.lang.Exception
public org.mozilla.jss.crypto.SymmetricKey generateSessionKey() throws java.lang.Exception
java.lang.Exception
public KeyData retrieveKey(KeyId keyId, org.mozilla.jss.crypto.SymmetricKey sessionKey) throws java.lang.Exception
keyId
- -- key id for secretjava.lang.Exception
- - Exceptions of type NoSuchAlgorithmException, IllegalStateException, TokenException,
CertificateEncodingException, InvalidKeyException, InvalidAlgorithmParameterException,
BadPaddingException, IllegalBlockSizeExceptionpublic void processKeyData(Key data, org.mozilla.jss.crypto.SymmetricKey sessionKey) throws java.lang.Exception
java.lang.Exception
public KeyData retrieveKeyByRequest(RequestId requestId, org.mozilla.jss.crypto.SymmetricKey sessionKey) throws java.lang.Exception
java.lang.Exception
public KeyData retrieveKey(KeyId keyId, byte[] transWrappedSessionKey) throws java.lang.Exception
keyId
- -- key id for secrettransWrappedSessionKey
- -- session key wrapped by the transport cert.java.lang.Exception
- - Exceptions of type NoSuchAlgorithmException, IllegalStateException, TokenException,
CertificateEncodingException, InvalidKeyException, InvalidAlgorithmParameterException,
BadPaddingException, IllegalBlockSizeExceptionpublic KeyData retrieveKeyByPassphrase(KeyId keyId, java.lang.String passphrase) throws java.lang.Exception
keyId
- -- key id of secret.passphrase
- -- passphrase used to wrap the secret in the response.java.lang.Exception
- - Exceptions of type NoSuchAlgorithmException, IllegalStateException, TokenException,
CertificateEncodingException, InvalidKeyException, InvalidAlgorithmParameterException,
BadPaddingException, IllegalBlockSizeExceptionpublic Key retrieveKeyByRequestWithPassphrase(RequestId requestId, java.lang.String passphrase) throws java.lang.Exception
java.lang.Exception
public KeyData retrieveKeyUsingWrappedPassphrase(KeyId keyId, byte[] transWrappedSessionKey, byte[] sessionWrappedPassphrase, byte[] nonceData) throws java.lang.Exception
keyId
- -- key id for secrettransWrappedSessionKey
- -- Session key wrapped with the transport certsessionWrappedPassphrase
- -- Passphrase wrapped with the session keynonceData
- -- nonce data used for encryption.java.lang.Exception
- - Exceptions of type NoSuchAlgorithmException, IllegalStateException, TokenException,
CertificateEncodingException, InvalidKeyException, InvalidAlgorithmParameterException,
BadPaddingException, IllegalBlockSizeExceptionpublic KeyData retrieveKeyByPKCS12(KeyId keyId, java.lang.String certificate, java.lang.String passphrase) throws java.lang.Exception
keyId
- -- key id for secretcertificate
- -- the certificate associated with the private keypassphrase
- -- A passphrase for the pkcs12 file.java.lang.Exception
public KeyRequestResponse archiveSecret(java.lang.String clientKeyId, byte[] secret, java.lang.String realm) throws java.lang.Exception
clientKeyId
- -- Client Key Identfiersecret
- -- Secret to be archivedrealm
- -- authorization realmjava.lang.Exception
- - Exceptions of type NoSuchAlgorithmException, IllegalStateException, TokenException,
IOException, CertificateEncodingException, InvalidKeyException, InvalidAlgorithmParameterException,
BadPaddingException, IllegalBlockSizeExceptionpublic KeyRequestResponse archiveSecret(java.lang.String clientKeyId, byte[] secret) throws java.lang.Exception
java.lang.Exception
public java.lang.String getWrapAlgorithmName()
public KeyRequestResponse archiveSymmetricKey(java.lang.String clientKeyId, org.mozilla.jss.crypto.SymmetricKey secret, java.lang.String keyAlgorithm, java.lang.Integer keySize, java.lang.String realm) throws java.lang.Exception
clientKeyId
- -- Client Key IdentifierkeyAlgorithm
- -- Algorithm used by the symmetric keykeySize
- -- Strength of the symmetric key (secret)realm
- -- authorization realmjava.lang.Exception
- - Exceptions of type NoSuchAlgorithmException, IllegalStateException, TokenException,
IOException, CertificateEncodingException, InvalidKeyException, InvalidAlgorithmParameterException,
BadPaddingException, IllegalBlockSizeException@Deprecated public KeyRequestResponse archiveSymmetricKey(java.lang.String clientKeyId, org.mozilla.jss.crypto.SymmetricKey secret, java.lang.String keyAlgorithm, java.lang.Integer keySize) throws java.lang.Exception
java.lang.Exception
public KeyRequestResponse archiveEncryptedData(java.lang.String clientKeyId, java.lang.String dataType, java.lang.String keyAlgorithm, java.lang.Integer keySize, java.lang.String algorithmOID, byte[] nonceData, byte[] encryptedData, byte[] transWrappedSessionKey, java.lang.String realm) throws java.lang.Exception
clientKeyId
- -- Client Key IdentifierdataType
- -- Type of secret being archivedkeyAlgorithm
- -- Algorithm used - if the secret is a symmetric keykeySize
- -- Strength of the symmetric key (secret)algorithmOID
- -- OID of the algorithm used for the symmetric key wrapnonceData
- -- nonce dataencryptedData
- -- which is the secret wrapped by a session
key (168 bit 3DES symmetric key)transWrappedSessionKey
- -- session key wrapped by the transport cert.realm
- -- authorization realmjava.lang.Exception
@Deprecated public KeyRequestResponse archiveEncryptedData(java.lang.String clientKeyId, java.lang.String dataType, java.lang.String keyAlgorithm, java.lang.Integer keySize, java.lang.String algorithmOID, byte[] nonceData, byte[] encryptedData, byte[] transWrappedSessionKey) throws java.lang.Exception
java.lang.Exception
public KeyRequestResponse archivePKIOptions(java.lang.String clientKeyId, java.lang.String dataType, java.lang.String keyAlgorithm, int keySize, byte[] pkiArchiveOptions, java.lang.String realm) throws java.lang.Exception
clientKeyId
- -- Client Key IdentifierdataType
- -- Type of secret bring archivedkeyAlgorithm
- -- Algorithm used if the secret is a symmetric keykeySize
- -- Strength of the symmetric keypkiArchiveOptions
- -- is the data to be archived wrapped in a
PKIArchiveOptions structurerealm
- -- authorization realmjava.lang.Exception
@Deprecated public KeyRequestResponse archivePKIOptions(java.lang.String clientKeyId, java.lang.String dataType, java.lang.String keyAlgorithm, int keySize, byte[] pkiArchiveOptions) throws java.lang.Exception
java.lang.Exception
public KeyRequestResponse generateSymmetricKey(java.lang.String clientKeyId, java.lang.String keyAlgorithm, int keySize, java.util.List<java.lang.String> usages, java.lang.String transWrappedSessionKey, java.lang.String realm) throws java.lang.Exception
clientKeyId
- -- Client Key IdentifierkeyAlgorithm
- -- Algorithm to be used to generate the keykeySize
- -- Strength of the keysusages
- -- Usages of the generated key.transWrappedSessionKey
- - client generated session key wrapped by
KRA transport keyrealm
- -- authorization realmjava.lang.Exception
@Deprecated public KeyRequestResponse generateSymmetricKey(java.lang.String clientKeyId, java.lang.String keyAlgorithm, int keySize, java.util.List<java.lang.String> usages, java.lang.String transWrappedSessionKey) throws java.lang.Exception
java.lang.Exception
public KeyRequestResponse generateAsymmetricKey(java.lang.String clientKeyId, java.lang.String keyAlgorithm, int keySize, java.util.List<java.lang.String> usages, byte[] transWrappedSessionKey, java.lang.String realm) throws java.lang.Exception
clientKeyId
- -- Client Key IdentifierkeyAlgorithm
- -- Algorithm to be used to generate the asymmetric keyskeySize
- -- Strength of the keysusages
- -- key usagestransWrappedSessionKey
- -- client generated session key wrapped by the
KRA transport keyrealm
- -- authorization realmjava.lang.Exception
@Deprecated public KeyRequestResponse generateAsymmetricKey(java.lang.String clientKeyId, java.lang.String keyAlgorithm, int keySize, java.util.List<java.lang.String> usages, byte[] transWrappedSessionKey) throws java.lang.Exception
java.lang.Exception