From 62c9c9f95b09e4014b4459c13266b15b969f62ac Mon Sep 17 00:00:00 2001
From: Dinesh Prasanth M K <dmoluguw@redhat.com>
Date: Thu, 16 Apr 2020 21:14:48 -0400
Subject: [PATCH] Fix Javascript and backend to populate the WebUI for
 ServerSideKeygen

This patch:

- Uses javascript to fill up the web UI request for ServerSide Keygen request profile

- Provides 2 drop down boxes: KeyType and Keysize. KeySize autoupdates based on
  the KeyType selected. Example: RSA -> 1024, 2048,.. ; ECC -> nistp521, nistp256

- The keyType and keySize are read from the profile's attr:
  policyset.userCertSet.3.constraint.params.keyParameters

File wise changes:

- ServerKeygenInput.java sends 2 new fields (keyType and keyRequest) to the request, to be
  displayed on the webUI

- ProfileSelect.template carries the javascript changes. Note that there are 2 new if
  conditions included: "server_side_keygen_key_type" and "server_side_keygen_key_size".
  This ensures that it doesn't meddle with other profile web UIs

- IDescriptor.java and UserMessages.properties carry the appropriate String values to
  be displayed/requested from user.

Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
---
 .../webapps/ca/ee/ca/ProfileSelect.template   | 33 ++++++++---
 .../certsrv/property/IDescriptor.java         |  2 +
 .../def/ServerKeygenUserKeyDefault.java       | 55 ++++++++++++++++---
 .../cms/profile/input/ServerKeygenInput.java  | 14 ++---
 .../cmsbundle/src/UserMessages.properties     |  4 +-
 5 files changed, 83 insertions(+), 25 deletions(-)

diff --git a/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template b/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template
index 350cb9b6ad1..be2caefb2a1 100644
--- a/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template
+++ b/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template
@@ -315,6 +315,10 @@ function keyLengthsCurvesOptions (keyPurpose)
               if (keyPurpose.length == 0 || (keyPurpose.length > 0 && policySetListSet[i].setId.indexOf(keyPurpose) > -1)) {
                 keyType = policySetListSet[i].policySet[j].constraintSet[k].value;
               }
+            } else {
+              if (document.getElementById("keyTypeId").value != "undefined") {
+                keyType = document.getElementById("keyTypeId").value;
+              }
             }
           }
 
@@ -346,6 +350,8 @@ function keyLengthsCurvesOptions (keyPurpose)
                  value != "nistp256" && value != "nistp384" && value != "nistp521" &&
                  value != "ECDSA_P256" && value != "ECDSA_P384" && value != "ECDSA_P521") {
           included = false;
+      } else if (keyType == "EC" && isNumeric(value)) {
+        included = false;
       }
 
       if (included) {
@@ -377,6 +383,18 @@ function keyLengthsCurvesOptions (keyPurpose)
   return options;
 }
 
+function updateKeyLengthsCurvesOptions() {
+  // get the keySize select element via its known id
+  var cSelect = document.getElementById("keySizeId");
+
+  // remove the current options from the select tag
+  var len=cSelect.options.length;
+  while (cSelect.options.length > 0) {
+    cSelect.remove(0);
+  }
+  cSelect.innerHTML = keyLengthsCurvesOptions("");
+}
+
 function isNumeric(sText)
 {
    var validChars = "0123456789";
@@ -753,17 +771,18 @@ for (var m = 0; m < inputPluginListSet.length; m++) {
     } else if (inputListSet[n].inputSyntax == 'server_side_keygen_request_type') {
         // get PKCS#12 password
         document.writeln('<tr>');
-        document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">PKCS #12 Password:</font></td>');
-        document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><input type=password name="serverSideKeygenP12Passwd" value="" AutoComplete=off ></font></td>');
+        document.writeln('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">PKCS #12 Password:</font></td>');
+        document.writeln('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><input type=password name="serverSideKeygenP12Passwd" value="" AutoComplete=off ></font></td>');
         document.writeln('</tr>');
 
         document.writeln('<tr>');
-        document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">PKCS #12 Password again:</font></td>');
-        document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><input type=password name="p12PasswordAgain" value="" AutoComplete=off ></font></td>');
-        document.writeln('<SELECT NAME="keyType">'+getKeyTypesOptionsForKeyGen()+'</SELECT>&nbsp;&nbsp;<SELECT NAME=\"cryptprovider\"></SELECT>');
-        document.writeln('<SELECT NAME="keySize">'+keyLengthsCurvesOptions("")+'</SELECT>&nbsp;&nbsp;<SELECT NAME=\"cryptprovider\"></SELECT>');
+        document.writeln('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">PKCS #12 Password again:</font></td>');
+        document.writeln('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><input type=password name="p12PasswordAgain" value="" AutoComplete=off ></font></td>');
         document.writeln('</tr>');
-
+    } else if (inputListSet[n].inputSyntax == 'server_side_keygen_key_type') {
+      document.writeln('<SELECT NAME="keyType" ID="keyTypeId" onChange=\"updateKeyLengthsCurvesOptions()\">'+getKeyTypesOptionsForKeyGen() + '</SELECT>&nbsp');
+    } else if (inputListSet[n].inputSyntax == 'server_side_keygen_key_size') {
+      document.writeln('<SELECT NAME="keySize" ID="keySizeId">'+keyLengthsCurvesOptions("")+'</SELECT>&nbsp');
     } else if (inputListSet[n].inputSyntax == 'cert_request') {
       document.writeln('<textarea cols=60 rows=10 name=' + inputListSet[n].inputId + '></textarea>');
     } else if (inputListSet[n].inputSyntax == 'cert_request_type') {
diff --git a/base/common/src/com/netscape/certsrv/property/IDescriptor.java b/base/common/src/com/netscape/certsrv/property/IDescriptor.java
index 4de6bb3916f..8eed7aef1fb 100644
--- a/base/common/src/com/netscape/certsrv/property/IDescriptor.java
+++ b/base/common/src/com/netscape/certsrv/property/IDescriptor.java
@@ -47,6 +47,8 @@ public interface IDescriptor {
     public static String CERT_REQUEST_TYPE = "cert_request_type";
     public static String SERVER_SIDE_KEYGEN_REQUEST_TYPE = "server_side_keygen_request_type";
     public static String SERVER_SIDE_KEYGEN_PKCS12 = "server_side_keygen_p12";
+    public static String SERVER_SIDE_KEYGEN_KEY_TYPE = "server_side_keygen_key_type";
+    public static String SERVER_SIDE_KEYGEN_KEY_SIZE = "server_side_keygen_key_size";
     public static String CHOICE = "choice"; // choice of strings
     public static String DN = "dn";
     public static String IP = "ip";
diff --git a/base/server/cms/src/com/netscape/cms/profile/def/ServerKeygenUserKeyDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/ServerKeygenUserKeyDefault.java
index e82ee24b79f..13a8dec744a 100644
--- a/base/server/cms/src/com/netscape/cms/profile/def/ServerKeygenUserKeyDefault.java
+++ b/base/server/cms/src/com/netscape/cms/profile/def/ServerKeygenUserKeyDefault.java
@@ -336,22 +336,61 @@ public void populate(IRequest request, X509CertInfo info)
             request.setExtData("isServerSideKeygen", "true");
             CryptoToken token = cm.getInternalKeyStorageToken();
 
-            String keySizeStr = request.getExtDataInString("keySize");
-            int keySize = 1024;
-            if (keySizeStr != null) {
-                CMS.debug("ServerKeygenUserKeyDefault: populate: keySize in request: " + keySizeStr);
-                keySize = Integer.parseInt(keySizeStr);
+            String keyTypeStr = request.getExtDataInString("keyType");
+            String keyType = "RSA";
+            int keySize = 2048;
+            String curveName = "nistp521";
+
+            // Populate the keyType and keySize/keyCurve
+
+            if (keyTypeStr != null && !keyTypeStr.isEmpty()) {
+                CMS.debug("ServerKeygenUserKeyDefault: populate: keyType in request: " + keyTypeStr);
+                keyType = keyTypeStr;
             } else {
-                CMS.debug("ServerKeygenUserKeyDefault: populate: keySize in request null;  default to 2048");
+                CMS.debug("ServerKeygenUserKeyDefault: populate: keyType in request null; default to RSA");
+            }
+
+            String keySizeCurveStr = request.getExtDataInString("keySize");
+
+            if (keyType.contentEquals("RSA")) {
+                if (keySizeCurveStr != null && !keySizeCurveStr.isEmpty()) {
+                    CMS.debug("ServerKeygenUserKeyDefault: populate: keySize in request: " + keySizeCurveStr);
+                    keySize = Integer.parseInt(keySizeCurveStr);
+                } else {
+                    CMS.debug("ServerKeygenUserKeyDefault: populate: keySize in request null;  default to" + keySize);
+                }
+                // Do things when RSA is selected
+            } else if (keyType.contentEquals("EC")) {
+                // TODO: dmoluguw: Fix the following to generate right Key ECC keys
+
+                if (keySizeCurveStr != null && !keySizeCurveStr.isEmpty()) {
+                    CMS.debug("ServerKeygenUserKeyDefault: populate: keyCurve in request: " + keySizeCurveStr);
+                    curveName = keySizeCurveStr;
+                } else {
+                    CMS.debug("ServerKeygenUserKeyDefault: populate: keySize in request null;  default to" + curveName);
+                }
+                // Do things when EC is selected
+            } else {
+                throw new Exception("Unsupported keyType: " + keyType);
+            }
+            request.setExtData(IRequest.KEY_GEN_ALGORITHM, keyType);
+            if(keyType.contentEquals("RSA")) {
+                request.setExtData(IRequest.KEY_GEN_SIZE, keySize);
+            }
+            else if (keyType.contentEquals("EC")) {
+                // TODO: Check whether IRequest.KEY_GEN_SIZE can accept string value
+                request.setExtData(IRequest.KEY_GEN_SIZE, curveName);
             }
-            request.setExtData(IRequest.KEY_GEN_ALGORITHM, "RSA");
-            request.setExtData(IRequest.KEY_GEN_SIZE, keySize);
 
             /*
              * it is necessary to  put in a static fake key here to prevent
              * issue; The fake key will be replaced later once KRA generates
              * the real keys
              */
+
+            // dmoluguw: TODO: The below values seem to be for development purposes,
+            // and will probably work only with keyType="RSA"
+
             String pubKeyStr = "";
             switch (keySize) {
                 case 1024:
diff --git a/base/server/cms/src/com/netscape/cms/profile/input/ServerKeygenInput.java b/base/server/cms/src/com/netscape/cms/profile/input/ServerKeygenInput.java
index fb460d0fe26..29890f467da 100644
--- a/base/server/cms/src/com/netscape/cms/profile/input/ServerKeygenInput.java
+++ b/base/server/cms/src/com/netscape/cms/profile/input/ServerKeygenInput.java
@@ -39,17 +39,17 @@
 public class ServerKeygenInput extends EnrollInput implements IProfileInput {
 
     public static final String P12PASSWORD = "serverSideKeygenP12Passwd";
-/*
+
     public static final String KEY_TYPE = "keyType";
     public static final String KEY_SIZE = "keySize";
-*/
+
 
     public ServerKeygenInput() {
         addValueName(P12PASSWORD);
-/*
+
         addValueName(KEY_TYPE);
         addValueName(KEY_SIZE);
-*/
+
     }
 
     /**
@@ -99,16 +99,14 @@ public IDescriptor getValueDescriptor(Locale locale, String name) {
             return new Descriptor(IDescriptor.SERVER_SIDE_KEYGEN_REQUEST_TYPE, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_SERVER_KEYGEN_P12PASSWD"));
-/*
         } else if (name.equals(KEY_TYPE)) {
-            return new Descriptor(IDescriptor.STRING, null,
+            return new Descriptor(IDescriptor.SERVER_SIDE_KEYGEN_KEY_TYPE, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_SERVER_KEYGEN_KEY_TYPE"));
         } else if (name.equals(KEY_SIZE)) {
-            return new Descriptor(IDescriptor.STRING, null,
+            return new Descriptor(IDescriptor.SERVER_SIDE_KEYGEN_KEY_SIZE, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_SERVER_KEYGEN_KEY_SIZE"));
-*/
         }
         return null;
     }
diff --git a/base/server/cmsbundle/src/UserMessages.properties b/base/server/cmsbundle/src/UserMessages.properties
index 608d29a2aaf..2c57c59b0a9 100644
--- a/base/server/cmsbundle/src/UserMessages.properties
+++ b/base/server/cmsbundle/src/UserMessages.properties
@@ -1053,8 +1053,8 @@ CMS_PROFILE_INPUT_FILE_SIGNING_TEXT=Text Being Signed
 CMS_PROFILE_INPUT_SERVER_KEYGEN_NAME=Server-Side Key Generation
 CMS_PROFILE_INPUT_SERVER_KEYGEN_TEXT=Server-Side Key Generation
 CMS_PROFILE_SERVER_KEYGEN_P12PASSWD=Server-Side Key Generation P12 Password
-CMS_PROFILE_SERVER_KEYGEN_KEY_TYPE=Server-Side Key Generation KEY TYPE
-CMS_PROFILE_SERVER_KEYGEN_KEY_SIZE=Server-Side Key Generation KEY SIZE
+CMS_PROFILE_SERVER_KEYGEN_KEY_TYPE=Server-Side Key Generation Key Type
+CMS_PROFILE_SERVER_KEYGEN_KEY_SIZE=Server-Side Key Generation Key Size
 CMS_PROFILE_INPUT_SUBJECT_ALT_NAME_EXT_NAME=Subject Alternative Name Extension Information
 CMS_PROFILE_INPUT_SUBJECT_ALT_NAME_EXT_TEXT=Subject Alternative Name Extension Information
 CMS_PROFILE_IMAGE=Image