1package OpenXPKI::Server::Workflow::Validator::KeyGenerationParams;
2
3use strict;
4use warnings;
5use base qw( OpenXPKI::Server::Workflow::Validator );
6use Data::Dumper;
7use OpenXPKI::Debug;
8use OpenXPKI::Server::Context qw( CTX );
9use Workflow::Exception qw( validation_error configuration_error );
10
11sub _preset_args {
12    return [ qw(cert_profile key_alg key_gen_params enc_alg) ];
13}
14
15sub _validate {
16
17    ##! 1: 'start'
18    my ( $self, $wf, $cert_profile, $key_alg, $key_gen_params, $enc_alg ) = @_;
19
20    if (!$key_alg) {
21        ##! 8: 'skip - no algorithm'
22        return 1;
23    }
24
25    # might be serialized
26    if (!ref $key_gen_params) {
27        $key_gen_params = OpenXPKI::Serialization::Simple->new()->deserialize( $key_gen_params );
28    }
29
30    my $key_params = {};
31
32    if ($key_alg eq 'rsa') {
33        $key_params = { key_length =>  $key_gen_params->{KEY_LENGTH} };
34    } elsif ($key_alg eq 'dsa') {
35        $key_params = { key_length =>  $key_gen_params->{KEY_LENGTH} };
36    } elsif ($key_alg eq 'ec') {
37        $key_params = { key_length =>  '_any', curve_name => $key_gen_params->{CURVE_NAME} };
38        # not yet defined
39    } else {
40        validation_error('I18N_OPENXPKI_UI_VALIDATOR_KEY_PARAM_ALGO_NOT_SUPPORTED');
41    }
42
43    ##! 16: "Alg: $key_alg"
44    ##! 16: 'Params ' . Dumper $key_params
45
46    # get the list of allowed algorithms from the config
47    my $algs = CTX('api2')->get_key_algs( profile => $cert_profile, showall => 1 );
48
49    ##! 32: 'Alg expected ' . Dumper $algs
50
51    if (!grep(/\A$key_alg\z/, @{$algs})) {
52        ##! 8: "KeyParam validation failed on algo $key_alg"
53        CTX('log')->application()->error("KeyParam validation failed on algo $key_alg");
54
55        validation_error('I18N_OPENXPKI_UI_VALIDATOR_KEY_PARAM_ALGO_NOT_ALLOWED');
56    }
57
58    my $params = CTX('api2')->get_key_params( profile => $cert_profile, alg => $key_alg, showall => 1 );
59
60    ##! 32: 'Params expected ' . Dumper $params
61
62    foreach my $param (keys %{$params}) {
63        my $val = $key_params->{$param} || '';
64
65        if ($val eq '_any') { next; }
66
67        my @expect = @{$params->{$param}};
68        ##! 32: "Validate param $param, $val, " . Dumper \@expect
69        if (!grep(/$val/, @expect)) {
70            ##! 32: 'Failed on ' . $val
71            CTX('log')->application()->error("KeyParam validation failed on $param with value $val");
72
73            validation_error("I18N_OPENXPKI_UI_VALIDATOR_KEY_PARAM_PARAM_NOT_ALLOWED ($param)");
74        }
75    }
76
77    my $enc_algs = CTX('api2')->get_key_enc( profile => $cert_profile, showall => 1 );
78    if ($enc_alg && !grep(/\A$enc_alg\z/, @{$enc_algs})) {
79        ##! 32: 'Failed on ' . $enc_alg
80        CTX('log')->application()->error("KeyParam validation failed on enc_alg with value $enc_alg");
81
82        validation_error("I18N_OPENXPKI_UI_VALIDATOR_KEY_PARAM_PARAM_NOT_ALLOWED (enc_alg)");
83    }
84
85
86    ##! 1: 'Validation succeeded'
87    CTX('log')->application()->debug("KeyParam validation succeeded");
88
89
90    return 1;
91}
92
931;
94
95__END__
96
97=head1 NAME
98
99OpenXPKI::Server::Workflow::Validator::KeyGenerationParams
100
101=head1 Description
102
103Check if the key specification passed fits the requirements of the profile.
104
105=head1 Configuration
106
107  global_validate_key_param:
108      class: OpenXPKI::Server::Workflow::Validator::KeyGenerationParams
109      arg:
110       - $cert_profile
111       - $key_alg
112       - $key_gen_params
113       - $enc_alg
114
115=head2 Arguments
116
117=over
118
119=item cert_profile
120
121Name of the certificate profile
122
123=item key_alg
124
125The selected key algorithm
126
127=item key_gen_params
128
129Hash holding the key generation params, must fit the list given in the
130profile definition.
131
132=item enc_alg
133
134The encryption algorithm, can be emtpy.
135
136=back
137