public class KeyClient extends Client
Modifier and Type | Field and Description |
---|---|
KeyResource |
keyClient |
KeyRequestResource |
keyRequestClient |
Constructor and Description |
---|
KeyClient(PKIClient client,
java.lang.String subsystem) |
Modifier and Type | Method and Description |
---|---|
void |
approveRequest(RequestId id)
Approve a secret recovery request
|
KeyRequestResponse |
archiveEncryptedData(java.lang.String clientKeyId,
java.lang.String dataType,
java.lang.String keyAlgorithm,
int keySize,
java.lang.String algorithmOID,
byte[] nonceData,
byte[] encryptedData,
byte[] transWrappedSessionKey)
Archive a secret (symmetric key or passphrase) on the DRM.
|
KeyRequestResponse |
archivePassphrase(java.lang.String clientKeyId,
java.lang.String passphrase)
Archive a passphrase on the DRM.
|
KeyRequestResponse |
archivePKIOptions(java.lang.String clientKeyId,
java.lang.String dataType,
java.lang.String keyAlgorithm,
int keySize,
byte[] pkiArchiveOptions)
Archive a secret (symmetric key or passphrase) on the DRM using a PKIArchiveOptions data format.
|
KeyRequestResponse |
archiveSymmetricKey(java.lang.String clientKeyId,
org.mozilla.jss.crypto.SymmetricKey secret,
java.lang.String keyAlgorithm,
int keySize)
Archive a symmetric key on the DRM.
|
void |
cancelRequest(RequestId id)
Cancel a secret recovery request
|
KeyRequestResponse |
generateAsymmetricKey(java.lang.String clientKeyId,
java.lang.String keyAlgorithm,
int keySize,
java.util.List<java.lang.String> usages,
byte[] transWrappedSessionKey)
Generate and archive an asymmetric keys in the DRM
|
KeyRequestResponse |
generateSymmetricKey(java.lang.String clientKeyId,
java.lang.String keyAlgorithm,
int keySize,
java.util.List<java.lang.String> usages,
java.lang.String transWrappedSessionKey)
Generate and archive a symmetric key in the DRM.
|
KeyInfo |
getActiveKeyInfo(java.lang.String clientKeyID)
Get the info in the KeyRecord for the active secret in the DRM.
|
CryptoProvider |
getCrypto() |
KeyInfo |
getKeyInfo(KeyId id)
Get the info in the KeyRecord for a specific secret in the DRM.
|
KeyRequestInfo |
getRequestInfo(RequestId id)
Return a KeyRequestInfo object for a specific request.
|
void |
init() |
KeyInfoCollection |
listKeys(java.lang.String clientKeyID,
java.lang.String status,
java.lang.Integer maxSize,
java.lang.Integer maxTime,
java.lang.Integer start,
java.lang.Integer size)
List/Search archived secrets in the DRM.
|
KeyRequestInfoCollection |
listRequests(java.lang.String requestState,
java.lang.String requestType)
Search key requests in the DRM based on the state/type of the requests.
|
KeyRequestInfoCollection |
listRequests(java.lang.String requestState,
java.lang.String requestType,
java.lang.String clientKeyID,
RequestId start,
java.lang.Integer pageSize,
java.lang.Integer maxResults,
java.lang.Integer maxTime)
List/Search key requests in the DRM
|
void |
modifyKeyStatus(KeyId id,
java.lang.String status)
Modify the status of a key
|
KeyRequestResponse |
recoverKey(KeyId keyId,
byte[] sessionWrappedPassphrase,
byte[] transWrappedSessionKey,
byte[] nonceData,
java.lang.String b64Certificate)
Create a request to recover a secret.
|
void |
rejectRequest(RequestId id)
Reject a secret recovery request
|
Key |
retrieveKey(KeyId keyId)
Retrieve a secret (passphrase or symmetric key) from the DRM.
|
Key |
retrieveKey(KeyId keyId,
byte[] transWrappedSessionKey)
Retrieve a secret (passphrase or symmetric key) from the DRM.
|
Key |
retrieveKeyByPassphrase(KeyId keyId,
java.lang.String passphrase)
The secret is secured in transit by wrapping the secret with the passphrase using
PBE encryption.
|
Key |
retrieveKeyByPKCS12(KeyId keyId,
java.lang.String certificate,
java.lang.String passphrase)
Retrieve an asymmetric private key and return it as PKCS12 data.
|
Key |
retrieveKeyData(KeyRecoveryRequest data)
Retrieve a secret from the DRM.
|
Key |
retrieveKeyUsingWrappedPassphrase(KeyId keyId,
byte[] transWrappedSessionKey,
byte[] sessionWrappedPassphrase,
byte[] nonceData)
This method generates a key recovery request, approves it, and retrieves
the secret referred to by keyId.
|
void |
setCrypto(CryptoProvider crypto) |
void |
setTransportCert(java.lang.String transportCert)
Set the value of the transport cert.
|
addClient, createProxy, getClient, getName, getSubsystem, removeClient
public KeyResource keyClient
public KeyRequestResource keyRequestClient
public KeyClient(PKIClient client, java.lang.String subsystem) throws java.lang.Exception
java.lang.Exception
public void init() throws java.net.URISyntaxException
java.net.URISyntaxException
public CryptoProvider getCrypto()
public void setCrypto(CryptoProvider crypto)
public void setTransportCert(java.lang.String transportCert)
transportCert
- public KeyInfoCollection listKeys(java.lang.String clientKeyID, java.lang.String status, java.lang.Integer maxSize, java.lang.Integer maxTime, java.lang.Integer start, java.lang.Integer size)
clientKeyID
- -- Client Key Identifierstatus
- -- Status of the keys to be listedmaxSize
- -- Maximum number of keys to be fetchedmaxTime
- -- Maximum time for the operation to takestart
- -- Start index of listsize
- -- Size of the list to be returned.public KeyRequestInfoCollection listRequests(java.lang.String requestState, java.lang.String requestType)
requestState
- -- State of the requests to be queried.requestType
- -- Type of the requests to be queried.public KeyRequestInfoCollection listRequests(java.lang.String requestState, java.lang.String requestType, java.lang.String clientKeyID, RequestId start, java.lang.Integer pageSize, java.lang.Integer maxResults, java.lang.Integer maxTime)
requestState
- -- State of the requests to be queried.requestType
- -- Type of the requests to be queried.clientKeyID
- -- Client Key Identifierstart
- -- Start index of listpageSize
- -- Size of the list to be returned.maxResults
- -- Maximum number of requests to be fetchedmaxTime
- -- Maximum time for the operation to takepublic KeyRequestInfo getRequestInfo(RequestId id)
id
- -- A Request Id objectpublic KeyInfo getKeyInfo(KeyId id)
id
- -- key id for secretpublic KeyInfo getActiveKeyInfo(java.lang.String clientKeyID)
clientKeyID
- -- Client Key Identifierpublic void modifyKeyStatus(KeyId id, java.lang.String status)
id
- -- key id for secretstatus
- -- Status to be set for the keypublic void approveRequest(RequestId id)
id
- -- Id of the requestpublic void rejectRequest(RequestId id)
id
- -- Id of the requestpublic void cancelRequest(RequestId id)
id
- -- Id of the requestpublic KeyRequestResponse recoverKey(KeyId keyId, byte[] sessionWrappedPassphrase, byte[] transWrappedSessionKey, byte[] nonceData, java.lang.String b64Certificate)
keyId
- -- key id for secretsessionWrappedPassphrase
- -- A passphrase wrapped by a session keytransWrappedSessionKey
- -- The session key, used to wrap the passphrase, wrapped by the DRM transport cert.nonceData
- -- IV parameter used while encrypting the passphrase using the session key.b64Certificate
- -- A certificate in encoded using Base64public Key retrieveKeyData(KeyRecoveryRequest data)
data
- -- a KeyRecoveryRequest containing the keyId of the
secret being retrieved, the request_id of the approved recovery
request and a wrapping mechanism.public Key retrieveKey(KeyId keyId) throws java.lang.Exception
keyId
- -- key id for secretjava.lang.Exception
- - Exceptions of type NoSuchAlgorithmException, IllegalStateException, TokenException,
CertificateEncodingException, InvalidKeyException, InvalidAlgorithmParameterException,
BadPaddingException, IllegalBlockSizeExceptionpublic Key retrieveKey(KeyId keyId, byte[] transWrappedSessionKey) throws java.lang.Exception
keyId
- -- key id for secrettransWrappedSessionKey
- -- session key wrapped by the transport cert.java.lang.Exception
- - Exceptions of type NoSuchAlgorithmException, IllegalStateException, TokenException,
CertificateEncodingException, InvalidKeyException, InvalidAlgorithmParameterException,
BadPaddingException, IllegalBlockSizeExceptionpublic Key retrieveKeyByPassphrase(KeyId keyId, java.lang.String passphrase) throws java.lang.Exception
keyId
- -- key id of secret.passphrase
- -- passphrase used to wrap the secret in the response.java.lang.Exception
- - Exceptions of type NoSuchAlgorithmException, IllegalStateException, TokenException,
CertificateEncodingException, InvalidKeyException, InvalidAlgorithmParameterException,
BadPaddingException, IllegalBlockSizeExceptionpublic Key retrieveKeyUsingWrappedPassphrase(KeyId keyId, byte[] transWrappedSessionKey, byte[] sessionWrappedPassphrase, byte[] nonceData) throws java.lang.Exception
keyId
- -- key id for secrettransWrappedSessionKey
- -- Session key wrapped with the transport certsessionWrappedPassphrase
- -- Passphrase wrapped with the session keynonceData
- -- nonce data used for encryption.java.lang.Exception
- - Exceptions of type NoSuchAlgorithmException, IllegalStateException, TokenException,
CertificateEncodingException, InvalidKeyException, InvalidAlgorithmParameterException,
BadPaddingException, IllegalBlockSizeExceptionpublic Key retrieveKeyByPKCS12(KeyId keyId, java.lang.String certificate, java.lang.String passphrase)
keyId
- -- key id for secretcertificate
- -- the certificate associated with the private keypassphrase
- -- A passphrase for the pkcs12 file.public KeyRequestResponse archivePassphrase(java.lang.String clientKeyId, java.lang.String passphrase) throws java.lang.Exception
clientKeyId
- -- Client Key Identfierpassphrase
- -- Secret passphrase to be archivedjava.lang.Exception
- - Exceptions of type NoSuchAlgorithmException, IllegalStateException, TokenException,
IOException, CertificateEncodingException, InvalidKeyException, InvalidAlgorithmParameterException,
BadPaddingException, IllegalBlockSizeExceptionpublic KeyRequestResponse archiveSymmetricKey(java.lang.String clientKeyId, org.mozilla.jss.crypto.SymmetricKey secret, java.lang.String keyAlgorithm, int keySize) throws java.lang.Exception
clientKeyId
- -- Client Key IdentifierkeyAlgorithm
- -- Algorithm used by the symmetric keykeySize
- -- Strength of the symmetric key (secret)java.lang.Exception
- - Exceptions of type NoSuchAlgorithmException, IllegalStateException, TokenException,
IOException, CertificateEncodingException, InvalidKeyException, InvalidAlgorithmParameterException,
BadPaddingException, IllegalBlockSizeExceptionpublic KeyRequestResponse archiveEncryptedData(java.lang.String clientKeyId, java.lang.String dataType, java.lang.String keyAlgorithm, int keySize, java.lang.String algorithmOID, byte[] nonceData, byte[] encryptedData, byte[] transWrappedSessionKey)
clientKeyId
- -- Client Key IdentifierdataType
- -- Type of secret being archivedkeyAlgorithm
- -- Algorithm used - if the secret is a symmetric keykeySize
- -- Strength of the symmetric key (secret)algorithmOID
- -- OID of the algorithm used for the symmetric key wrapsymAlgParams
- -- storing the value of Utils.base64encode(nonceData)encryptedData
- -- which is the secret wrapped by a session
key (168 bit 3DES symmetric key)transWrappedSessionKey
- -- session key wrapped by the transport cert.public KeyRequestResponse archivePKIOptions(java.lang.String clientKeyId, java.lang.String dataType, java.lang.String keyAlgorithm, int keySize, byte[] pkiArchiveOptions)
clientKeyId
- -- Client Key IdentifierdataType
- -- Type of secret bring archivedkeyAlgorithm
- -- Algorithm used if the secret is a symmetric keykeySize
- -- Strength of the symmetric keypkiArchiveOptions
- -- is the data to be archived wrapped in a
PKIArchiveOptions structurejava.lang.Exception
public KeyRequestResponse generateSymmetricKey(java.lang.String clientKeyId, java.lang.String keyAlgorithm, int keySize, java.util.List<java.lang.String> usages, java.lang.String transWrappedSessionKey)
clientKeyId
- -- Client Key IdentifierkeyAlgorithm
- -- Algorithm to be used to generate the keykeySize
- -- Strength of the keysusages
- -- Usages of the generated key.public KeyRequestResponse generateAsymmetricKey(java.lang.String clientKeyId, java.lang.String keyAlgorithm, int keySize, java.util.List<java.lang.String> usages, byte[] transWrappedSessionKey)
clientKeyId
- -- Client Key IdentifierkeyAlgorithm
- -- Algorithm to be used to generate the asymmetric keyskeySize
- -- Strength of the keysusages
- transWrappedSessionKey
-