mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: 445b7af4 | patch | commit | show whitespace
dugan
05.08.2008 47708ca9aa095601497fa0fb05dfe2f697cc83c6 
Re-add key wrapping  transformation attribute. Issue 2865.
2 files modified
61 ■■■■ changed files
opends/src/admin/defn/org/opends/server/admin/std/CryptoManagerConfiguration.xml 28 ●●●●● patch | view | raw | blame | history
opends/src/server/org/opends/server/crypto/CryptoManagerImpl.java 33 ●●●● patch | view | raw | blame | history 
 opends/src/admin/defn/org/opends/server/admin/std/CryptoManagerConfiguration.xml


@@ -189,6 +189,34 @@


      </ldap:attribute>


    </adm:profile>


  </adm:property>


    <adm:property name="key-wrapping-transformation" multi-valued="false" advanced="false">


    <adm:synopsis>


      The preferred key wrapping transformation for the Directory Server. This value must


      be the same for all server instances in a replication topology.


    </adm:synopsis>


    <adm:requires-admin-action>


      <adm:none>


        <adm:synopsis>


          Changes to this property will take effect immediately but will


          only affect cryptographic operations performed after the


          change.


        </adm:synopsis>


      </adm:none>


    </adm:requires-admin-action>


    <adm:default-behavior>


      <adm:defined>


        <adm:value>RSA/ECB/OAEPWITHSHA-1ANDMGF1PADDING</adm:value>


      </adm:defined>


    </adm:default-behavior>


    <adm:syntax>


      <adm:string />


    </adm:syntax>


    <adm:profile name="ldap">


      <ldap:attribute>


        <ldap:name>ds-cfg-key-wrapping-transformation</ldap:name>


      </ldap:attribute>


    </adm:profile>


  </adm:property>


  <adm:property name="ssl-protocol" multi-valued="true">


    <adm:synopsis>


      Specifies the names of the SSL protocols that will be allowed for




 opends/src/server/org/opends/server/crypto/CryptoManagerImpl.java


@@ -176,11 +176,9 @@


  private final Map<KeyEntryID, MacKeyEntry> macKeyEntryCache


          = new ConcurrentHashMap<KeyEntryID, MacKeyEntry>();




  // The shared secret key wrapping transformation.


  // TODO: Trying OAEPWITHSHA-512ANDMGF1PADDING throws an exception "Key too


  // TODO: small...". https://opends.dev.java.net/issues/show_bug.cgi?id=2474


  private static final String sharedSecretKeyWrappingTransformation


          = "RSA/ECB/OAEPWITHSHA-1ANDMGF1PADDING";




  // The preferred key wrapping transformation


  private String preferredKeyWrappingTransformation;






  // TODO: Move the following configuration to backup or backend configuration.


@@ -386,15 +384,16 @@


        isAcceptable = false;


      }


    }




    // Shared secret key wrapping cipher and validation. Note that this value is


    // not set from a configuration attribute, but it needs to be validated, and


    // validation depends on the MAC cipher produced above for a secret key to


    // wrap.


    if (3 != sharedSecretKeyWrappingTransformation.split("/", 0).length) {


    // Requested secret key wrapping cipher and validation. Validation


    // depends on MAC cipher for secret key.


    String requestedKeyWrappingTransformation


            = cfg.getKeyWrappingTransformation();


    if (! requestedKeyWrappingTransformation.equals(


            this.preferredKeyWrappingTransformation)) {


      if (3 != requestedKeyWrappingTransformation.split("/", 0).length) {


      unacceptableReasons.add(


              ERR_CRYPTOMGR_FULL_KEY_WRAPPING_TRANSFORMATION_REQUIRED.get(


                      sharedSecretKeyWrappingTransformation));


                        requestedKeyWrappingTransformation));


      isAcceptable = false;


    }


    else {


@@ -420,7 +419,7 @@


        final SecretKey macKey = MacKeyEntry.generateKeyEntry(null,


                requestedMACAlgorithm,


                requestedMACAlgorithmKeyLengthBits).getSecretKey();


        encodeSymmetricKeyAttribute(sharedSecretKeyWrappingTransformation,


          encodeSymmetricKeyAttribute(requestedKeyWrappingTransformation,


                keyID, certificate, macKey);


      }


      catch (Exception ex) {


@@ -433,7 +432,7 @@


        isAcceptable = false;


      }


    }




    }


    return isAcceptable;


  }




@@ -453,7 +452,7 @@


    preferredMACAlgorithmKeyLengthBits = cfg.getMacKeyLength();


    preferredCipherTransformation = cfg.getCipherTransformation();


    preferredCipherTransformationKeyLengthBits = cfg.getCipherKeyLength();




    preferredKeyWrappingTransformation = cfg.getKeyWrappingTransformation();


    return new ConfigChangeResult(resultCode, adminActionRequired, messages);


  }




@@ -833,7 +832,7 @@


          final SecretKey secretKey)


          throws CryptoManagerException {


    return encodeSymmetricKeyAttribute(


            sharedSecretKeyWrappingTransformation,


            preferredKeyWrappingTransformation,


         wrappingKeyID,


         wrappingKeyCertificateData,


         secretKey);


@@ -1030,7 +1029,7 @@


    final byte[] wrappingKeyCert =


            certMap.get(requestedInstanceKeyID);


    return encodeSymmetricKeyAttribute(


            sharedSecretKeyWrappingTransformation,


            preferredKeyWrappingTransformation,


         requestedInstanceKeyID, wrappingKeyCert, secretKey);


  }