Add KRA InfoService to v2 API

base/kra/src/main/java/org/dogtagpki/server/kra/rest/v1/KRAApplication.java

@@ -6,7 +6,6 @@
 import javax.ws.rs.ApplicationPath;
 import javax.ws.rs.core.Application;
 
-import org.dogtagpki.server.rest.KRAInfoService;
 import org.dogtagpki.server.rest.v1.ACLInterceptor;
 import org.dogtagpki.server.rest.v1.AccountService;
 import org.dogtagpki.server.rest.v1.AuditService;

base/kra/src/main/java/org/dogtagpki/server/rest/KRAInfoService.java → base/kra/src/main/java/org/dogtagpki/server/kra/rest/v1/KRAInfoService.java

@@ -16,7 +16,7 @@
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
 
-package org.dogtagpki.server.rest;
+package org.dogtagpki.server.kra.rest.v1;
 
 import javax.servlet.http.HttpSession;
 import javax.ws.rs.core.Response;

base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/KRAInfoServlet.java

@@ -0,0 +1,71 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package org.dogtagpki.server.kra.rest.v2;
+
+import java.io.PrintWriter;
+
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.dogtagpki.common.KRAInfo;
+import org.mozilla.jss.netscape.security.util.WrappingParams;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.netscape.certsrv.base.WebAction;
+
+/**
+ * @author Marco Fargetta {@literal <[email protected]>}
+ */
+@WebServlet(
+        name = "kraInfo",
+        urlPatterns = "/v2/info")
+public class KRAInfoServlet extends KRAServlet {
+    private static final long serialVersionUID = 1L;
+    private static final Logger logger = LoggerFactory.getLogger(KRAInfoServlet.class);
+    private static final String ENCRYPT_MECHANISM = "encrypt";
+    private static final String KEYWRAP_MECHANISM = "keywrap";
+
+    @WebAction(method = HttpMethod.GET, paths = {""})
+    public void getInfo(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        HttpSession session = request.getSession();
+        logger.debug("KRAInfoService.getInfo(): session: {}", session.getId());
+        boolean encryptArchival =  config.getBoolean("kra.allowEncDecrypt.archival", false);
+
+        KRAInfo info = new KRAInfo();
+        String encryptArchivalMechanism = encryptArchival ?
+                ENCRYPT_MECHANISM : KEYWRAP_MECHANISM;
+        info.setArchivalMechanism(encryptArchivalMechanism);
+
+        String encryptRecovery = config.getBoolean("kra.allowEncDecrypt.recovery", false) ?
+                ENCRYPT_MECHANISM : KEYWRAP_MECHANISM;
+        info.setRecoveryMechanism(encryptRecovery);
+
+        String encryptAlgorithms;
+        String wrappingParameters;
+        try {
+            WrappingParams params = storageUnit.getWrappingParams(encryptArchival);
+            encryptAlgorithms = params.getPayloadEncryptionAlgorithm().toString();
+            wrappingParameters = params.getPayloadWrapAlgorithm().toString();
+        } catch (Exception e) {
+            // return something that should always work
+            encryptAlgorithms = "AES/CBC/Padding";
+            wrappingParameters = "AES/CBC/Padding";
+        }
+        info.setEncryptAlgorithm(encryptAlgorithms);
+
+        info.setWrapAlgorithm(wrappingParameters);
+
+        String rsaWrap = config.getUseOAEPKeyWrap() ?
+                "RSA_OAEP" : "RSA";
+        info.setRsaPublicKeyWrapAlgorithm(rsaWrap);
+
+        PrintWriter out = response.getWriter();
+        out.println(info.toJSON());
+    }
+}

base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/KRAServlet.java

@@ -6,16 +6,35 @@
 package org.dogtagpki.server.kra.rest.v2;
 
 import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
 
 import org.dogtagpki.server.kra.KRAEngine;
+import org.dogtagpki.server.kra.KRAEngineConfig;
 import org.dogtagpki.server.rest.v2.PKIServlet;
 
+import com.netscape.certsrv.security.IStorageKeyUnit;
+import com.netscape.kra.KeyRecoveryAuthority;
+
 /**
  * @author Marco Fargetta {@literal <[email protected]>}
  */
 public class KRAServlet extends PKIServlet {
     public static final long serialVersionUID = 1L;
 
+    protected KRAEngine engine;
+    protected KRAEngineConfig config;
+    protected IStorageKeyUnit storageUnit;
+
+    @Override
+    public void init() throws ServletException {
+        super.init();
+
+        engine = getKRAEngine();
+        config = engine.getConfig();
+        KeyRecoveryAuthority kra = (KeyRecoveryAuthority) engine.getSubsystem(KeyRecoveryAuthority.ID);
+        storageUnit = kra.getStorageKeyUnit();
+    }
+
     public KRAEngine getKRAEngine() {
         ServletContext servletContext = getServletContext();
         return (KRAEngine) servletContext.getAttribute("engine");

base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/filters/EmptyACL.java

@@ -9,7 +9,7 @@
 
 import org.dogtagpki.server.rest.v2.filters.ACLFilter;
 
-@WebFilter(servletNames = {"kraJobs"})
+@WebFilter(servletNames = {"kraInfo", "kraJobs"})
 public class EmptyACL extends ACLFilter {
 
     private static final long serialVersionUID = 1L;

base/kra/src/main/java/org/dogtagpki/server/kra/rest/v2/filters/EmptyAuthMethod.java

@@ -9,7 +9,7 @@
 
 import org.dogtagpki.server.rest.v2.filters.AuthMethodFilter;
 
-@WebFilter(servletNames = {"kraJobs"})
+@WebFilter(servletNames = {"kraInfo", "kraJobs"})
 public class EmptyAuthMethod extends AuthMethodFilter {
 
     private static final long serialVersionUID = 1L;