Bug1794213 server keygen enroll input output

base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template

@@ -315,6 +315,10 @@ function keyLengthsCurvesOptions (keyPurpose)
               if (keyPurpose.length == 0 || (keyPurpose.length > 0 && policySetListSet[i].setId.indexOf(keyPurpose) > -1)) {
                 keyType = policySetListSet[i].policySet[j].constraintSet[k].value;
               }
+            } else {
+              if (document.getElementById("keyTypeId").value != "undefined") {
+                keyType = document.getElementById("keyTypeId").value;
+              }
             }
           }
 
@@ -346,6 +350,8 @@ function keyLengthsCurvesOptions (keyPurpose)
                  value != "nistp256" && value != "nistp384" && value != "nistp521" &&
                  value != "ECDSA_P256" && value != "ECDSA_P384" && value != "ECDSA_P521") {
           included = false;
+      } else if (keyType == "EC" && isNumeric(value)) {
+        included = false;
       }
 
       if (included) {
@@ -377,6 +383,18 @@ function keyLengthsCurvesOptions (keyPurpose)
   return options;
 }
 
+function updateKeyLengthsCurvesOptions() {
+  // get the keySize select element via its known id 
+  var cSelect = document.getElementById("keySizeId"); 
+
+  // remove the current options from the select tag
+  var len=cSelect.options.length; 
+  while (cSelect.options.length > 0) { 
+    cSelect.remove(0); 
+  }
+  cSelect.innerHTML = keyLengthsCurvesOptions("");
+}
+
 function isNumeric(sText)
 {
    var validChars = "0123456789";
@@ -753,17 +771,18 @@ for (var m = 0; m < inputPluginListSet.length; m++) {
     } else if (inputListSet[n].inputSyntax == 'server_side_keygen_request_type') {
         // get PKCS#12 password
         document.writeln('<tr>');
-        document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">PKCS #12 Password:</font></td>');
-        document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><input type=password name="serverSideKeygenP12Passwd" value="" AutoComplete=off ></font></td>');
+        document.writeln('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">PKCS #12 Password:</font></td>');
+        document.writeln('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><input type=password name="serverSideKeygenP12Passwd" value="" AutoComplete=off ></font></td>');
         document.writeln('</tr>');
 
         document.writeln('<tr>');
-        document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">PKCS #12 Password again:</font></td>');
-        document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><input type=password name="p12PasswordAgain" value="" AutoComplete=off ></font></td>');
-        document.writeln('<SELECT NAME="keyType">'+getKeyTypesOptionsForKeyGen()+'</SELECT>&nbsp;&nbsp;<SELECT NAME=\"cryptprovider\"></SELECT>');
-        document.writeln('<SELECT NAME="keySize">'+keyLengthsCurvesOptions("")+'</SELECT>&nbsp;&nbsp;<SELECT NAME=\"cryptprovider\"></SELECT>');
+        document.writeln('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">PKCS #12 Password again:</font></td>');
+        document.writeln('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><input type=password name="p12PasswordAgain" value="" AutoComplete=off ></font></td>');
         document.writeln('</tr>');
-
+    } else if (inputListSet[n].inputSyntax == 'server_side_keygen_key_type') {
+      document.writeln('<SELECT NAME="keyType" ID="keyTypeId" onChange=\"updateKeyLengthsCurvesOptions()\">'+getKeyTypesOptionsForKeyGen() + '</SELECT>&nbsp');
+    } else if (inputListSet[n].inputSyntax == 'server_side_keygen_key_size') {
+      document.writeln('<SELECT NAME="keySize" ID="keySizeId">'+keyLengthsCurvesOptions("")+'</SELECT>&nbsp');
     } else if (inputListSet[n].inputSyntax == 'cert_request') {
       document.writeln('<textarea cols=60 rows=10 name=' + inputListSet[n].inputId + '></textarea>');
     } else if (inputListSet[n].inputSyntax == 'cert_request_type') {

base/common/src/com/netscape/certsrv/property/IDescriptor.java

@@ -47,6 +47,8 @@ public interface IDescriptor {
     public static String CERT_REQUEST_TYPE = "cert_request_type";
     public static String SERVER_SIDE_KEYGEN_REQUEST_TYPE = "server_side_keygen_request_type";
     public static String SERVER_SIDE_KEYGEN_PKCS12 = "server_side_keygen_p12";
+    public static String SERVER_SIDE_KEYGEN_KEY_TYPE = "server_side_keygen_key_type";
+    public static String SERVER_SIDE_KEYGEN_KEY_SIZE = "server_side_keygen_key_size";
     public static String CHOICE = "choice"; // choice of strings
     public static String DN = "dn";
     public static String IP = "ip";

base/server/cms/src/com/netscape/cms/profile/def/ServerKeygenUserKeyDefault.java

@@ -19,32 +19,31 @@
 
 import java.io.ByteArrayInputStream;
 import java.math.BigInteger;
+import java.security.KeyPair;
+import java.security.PublicKey;
 import java.security.interfaces.DSAParams;
 import java.util.Locale;
 import java.util.Vector;
-import java.security.KeyPair;
-import java.security.PublicKey;
 
-import netscape.security.provider.DSAPublicKey;
-import netscape.security.provider.RSAPublicKey;
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.CertificateX509Key;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509Key;
+import org.mozilla.jss.CryptoManager;
+import org.mozilla.jss.crypto.CryptoToken;
 
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.IEnrollProfile;
 import com.netscape.certsrv.profile.IProfile;
 import com.netscape.certsrv.property.Descriptor;
 import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cmsutil.crypto.CryptoUtil;
 
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.CryptoToken;
+import netscape.security.provider.DSAPublicKey;
+import netscape.security.provider.RSAPublicKey;
+import netscape.security.x509.AlgorithmId;
+import netscape.security.x509.CertificateX509Key;
+import netscape.security.x509.X509CertInfo;
+import netscape.security.x509.X509Key;
 
 /**
  * This class implements an enrollment default policy
@@ -248,16 +247,46 @@ public void populate(IRequest request, X509CertInfo info)
 //            cfu test pubKey
             CryptoManager cm = CryptoManager.getInstance();
             CryptoToken token = cm.getInternalKeyStorageToken();
-            String keySizeStr = request.getExtDataInString("keySize");
-            int keySize = 2048;
-            if (keySizeStr != null) {
-                CMS.debug("ServerKeygenUserKeyDefault: populate: keySize in request: " + keySizeStr);
-                keySize = Integer.parseInt(keySizeStr);
+
+            String keyTypeStr = request.getExtDataInString("keyType");
+            String keyType = "RSA";
+            if (keyTypeStr != null && !keyTypeStr.isEmpty()) {
+                CMS.debug("ServerKeygenUserKeyDefault: populate: keyType in request: " + keyTypeStr);
+                keyType = keyTypeStr;
+            } else {
+                CMS.debug("ServerKeygenUserKeyDefault: populate: keyType in request null; default to RSA");
+            }
+            KeyPair pair = null;
+
+            String keySizeCurveStr = request.getExtDataInString("keySize");
+            if (keyType.contentEquals("RSA")) {
+                int keySize = 2048;
+                if (keySizeCurveStr != null && !keySizeCurveStr.isEmpty()) {
+                    CMS.debug("ServerKeygenUserKeyDefault: populate: keySize in request: " + keySizeCurveStr);
+                    keySize = Integer.parseInt(keySizeCurveStr);
+                } else {
+                    CMS.debug("ServerKeygenUserKeyDefault: populate: keySize in request null;  default to 2048");
+                }
+
+                pair = CryptoUtil.generateRSAKeyPair(token, keySize, true);
+            } else if (keyType.contentEquals("EC")) {
+                // TODO: dmoluguw: Fix the following to generate right Key ECC keys
+
+                String curveName = "nistp521";
+                if (keySizeCurveStr != null && !keySizeCurveStr.isEmpty()) {
+                    CMS.debug("ServerKeygenUserKeyDefault: populate: keyCurve in request: " + keySizeCurveStr);
+                    curveName = keySizeCurveStr;
+                } else {
+                    CMS.debug("ServerKeygenUserKeyDefault: populate: keySize in request null;  default to nistp521");
+                }
+                pair = CryptoUtil.generateECCKeyPair(token, curveName);
+
             } else {
-                CMS.debug("ServerKeygenUserKeyDefault: populate: keySize in request null;  default to 2048");
+                throw new Exception("Unsupported keyType: " + keyType);
             }
-            KeyPair pair = CryptoUtil.generateRSAKeyPair(token, keySize, true);
+
             PublicKey pubKey = pair.getPublic();
+
 //            byte[] certKeyData = request.getExtDataInByteArray(IEnrollProfile.REQUEST_KEY);
             byte[] certKeyData = pubKey.getEncoded();
             if (certKeyData != null) {

base/server/cms/src/com/netscape/cms/profile/input/ServerKeygenInput.java

@@ -18,17 +18,16 @@
 package com.netscape.cms.profile.input;
 
 import java.util.Locale;
-import java.util.Map;
 
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.property.Descriptor;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.profile.IProfile;
 import com.netscape.certsrv.profile.IProfileContext;
 import com.netscape.certsrv.profile.IProfileInput;
+import com.netscape.certsrv.property.Descriptor;
+import com.netscape.certsrv.property.IDescriptor;
+import com.netscape.certsrv.request.IRequest;
 
 /**
  * This class implements input for the Server-Side Keygen Enrollment
@@ -39,17 +38,13 @@
 public class ServerKeygenInput extends EnrollInput implements IProfileInput {
 
     public static final String P12PASSWORD = "serverSideKeygenP12Passwd";
-/*
     public static final String KEY_TYPE = "keyType";
     public static final String KEY_SIZE = "keySize";
-*/
 
     public ServerKeygenInput() {
         addValueName(P12PASSWORD);
-/*
         addValueName(KEY_TYPE);
         addValueName(KEY_SIZE);
-*/
     }
 
     /**
@@ -99,16 +94,14 @@ public IDescriptor getValueDescriptor(Locale locale, String name) {
             return new Descriptor(IDescriptor.SERVER_SIDE_KEYGEN_REQUEST_TYPE, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_SERVER_KEYGEN_P12PASSWD"));
-/*
         } else if (name.equals(KEY_TYPE)) {
-            return new Descriptor(IDescriptor.STRING, null,
+            return new Descriptor(IDescriptor.SERVER_SIDE_KEYGEN_KEY_TYPE, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_SERVER_KEYGEN_KEY_TYPE"));
         } else if (name.equals(KEY_SIZE)) {
-            return new Descriptor(IDescriptor.STRING, null,
+            return new Descriptor(IDescriptor.SERVER_SIDE_KEYGEN_KEY_SIZE, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_SERVER_KEYGEN_KEY_SIZE"));
-*/
         }
         return null;
     }

base/server/cmsbundle/src/UserMessages.properties

@@ -1052,8 +1052,8 @@ CMS_PROFILE_INPUT_FILE_SIGNING_TEXT=Text Being Signed
 CMS_PROFILE_INPUT_SERVER_KEYGEN_NAME=Server-Side Key Generation
 CMS_PROFILE_INPUT_SERVER_KEYGEN_TEXT=Server-Side Key Generation
 CMS_PROFILE_SERVER_KEYGEN_P12PASSWD=Server-Side Key Generation P12 Password
-CMS_PROFILE_SERVER_KEYGEN_KEY_TYPE=Server-Side Key Generation KEY TYPE
-CMS_PROFILE_SERVER_KEYGEN_KEY_SIZE=Server-Side Key Generation KEY SIZE
+CMS_PROFILE_SERVER_KEYGEN_KEY_TYPE=Server-Size Key Generation Key Type
+CMS_PROFILE_SERVER_KEYGEN_KEY_SIZE=Server-Side Key Generation Key Size
 CMS_PROFILE_INPUT_SUBJECT_ALT_NAME_EXT_NAME=Subject Alternative Name Extension Information
 CMS_PROFILE_INPUT_SUBJECT_ALT_NAME_EXT_TEXT=Subject Alternative Name Extension Information
 CMS_PROFILE_IMAGE=Image