1package OpenXPKI::Server::Workflow::Validator::KeyGenerationParams; 2 3use strict; 4use warnings; 5use base qw( OpenXPKI::Server::Workflow::Validator ); 6use Data::Dumper; 7use OpenXPKI::Debug; 8use OpenXPKI::Server::Context qw( CTX ); 9use Workflow::Exception qw( validation_error configuration_error ); 10 11sub _preset_args { 12 return [ qw(cert_profile key_alg key_gen_params enc_alg) ]; 13} 14 15sub _validate { 16 17 ##! 1: 'start' 18 my ( $self, $wf, $cert_profile, $key_alg, $key_gen_params, $enc_alg ) = @_; 19 20 if (!$key_alg) { 21 ##! 8: 'skip - no algorithm' 22 return 1; 23 } 24 25 # might be serialized 26 if (!ref $key_gen_params) { 27 $key_gen_params = OpenXPKI::Serialization::Simple->new()->deserialize( $key_gen_params ); 28 } 29 30 my $key_params = {}; 31 32 if ($key_alg eq 'rsa') { 33 $key_params = { key_length => $key_gen_params->{KEY_LENGTH} }; 34 } elsif ($key_alg eq 'dsa') { 35 $key_params = { key_length => $key_gen_params->{KEY_LENGTH} }; 36 } elsif ($key_alg eq 'ec') { 37 $key_params = { key_length => '_any', curve_name => $key_gen_params->{CURVE_NAME} }; 38 # not yet defined 39 } else { 40 validation_error('I18N_OPENXPKI_UI_VALIDATOR_KEY_PARAM_ALGO_NOT_SUPPORTED'); 41 } 42 43 ##! 16: "Alg: $key_alg" 44 ##! 16: 'Params ' . Dumper $key_params 45 46 # get the list of allowed algorithms from the config 47 my $algs = CTX('api2')->get_key_algs( profile => $cert_profile, showall => 1 ); 48 49 ##! 32: 'Alg expected ' . Dumper $algs 50 51 if (!grep(/\A$key_alg\z/, @{$algs})) { 52 ##! 8: "KeyParam validation failed on algo $key_alg" 53 CTX('log')->application()->error("KeyParam validation failed on algo $key_alg"); 54 55 validation_error('I18N_OPENXPKI_UI_VALIDATOR_KEY_PARAM_ALGO_NOT_ALLOWED'); 56 } 57 58 my $params = CTX('api2')->get_key_params( profile => $cert_profile, alg => $key_alg, showall => 1 ); 59 60 ##! 32: 'Params expected ' . Dumper $params 61 62 foreach my $param (keys %{$params}) { 63 my $val = $key_params->{$param} || ''; 64 65 if ($val eq '_any') { next; } 66 67 my @expect = @{$params->{$param}}; 68 ##! 32: "Validate param $param, $val, " . Dumper \@expect 69 if (!grep(/$val/, @expect)) { 70 ##! 32: 'Failed on ' . $val 71 CTX('log')->application()->error("KeyParam validation failed on $param with value $val"); 72 73 validation_error("I18N_OPENXPKI_UI_VALIDATOR_KEY_PARAM_PARAM_NOT_ALLOWED ($param)"); 74 } 75 } 76 77 my $enc_algs = CTX('api2')->get_key_enc( profile => $cert_profile, showall => 1 ); 78 if ($enc_alg && !grep(/\A$enc_alg\z/, @{$enc_algs})) { 79 ##! 32: 'Failed on ' . $enc_alg 80 CTX('log')->application()->error("KeyParam validation failed on enc_alg with value $enc_alg"); 81 82 validation_error("I18N_OPENXPKI_UI_VALIDATOR_KEY_PARAM_PARAM_NOT_ALLOWED (enc_alg)"); 83 } 84 85 86 ##! 1: 'Validation succeeded' 87 CTX('log')->application()->debug("KeyParam validation succeeded"); 88 89 90 return 1; 91} 92 931; 94 95__END__ 96 97=head1 NAME 98 99OpenXPKI::Server::Workflow::Validator::KeyGenerationParams 100 101=head1 Description 102 103Check if the key specification passed fits the requirements of the profile. 104 105=head1 Configuration 106 107 global_validate_key_param: 108 class: OpenXPKI::Server::Workflow::Validator::KeyGenerationParams 109 arg: 110 - $cert_profile 111 - $key_alg 112 - $key_gen_params 113 - $enc_alg 114 115=head2 Arguments 116 117=over 118 119=item cert_profile 120 121Name of the certificate profile 122 123=item key_alg 124 125The selected key algorithm 126 127=item key_gen_params 128 129Hash holding the key generation params, must fit the list given in the 130profile definition. 131 132=item enc_alg 133 134The encryption algorithm, can be emtpy. 135 136=back 137