diff options
author | Jack Magne <jmagne@dhcp-16-213.sjc.redhat.com> | 2014-04-23 12:00:42 -0700 |
---|---|---|
committer | Jack Magne <jmagne@dhcp-16-213.sjc.redhat.com> | 2014-04-28 15:07:10 -0700 |
commit | 4a6f2615144371873c1ad9b84e4b47f28d65213e (patch) | |
tree | a2c539506dbcdea6bf9b3498c8faf88476750d14 | |
parent | 8a6935ba8587ece5e5fcf8b65448c1b57d5ac463 (diff) | |
download | pki-4a6f2615144371873c1ad9b84e4b47f28d65213e.tar.gz pki-4a6f2615144371873c1ad9b84e4b47f28d65213e.tar.xz pki-4a6f2615144371873c1ad9b84e4b47f28d65213e.zip |
Secure Channel final steps.
This patch allows the current secure channel functionality to work with
both tpsclient and esc. In order to get esc to work the following changes
were needed.
1. It turns out the server has been been forcing chunked encoding format upon the
outgoing data. Turns out that the system already knows how to do this so we were
getting double chunk size values and getting twice the amount of CRLF chars.
2. There was a minor error where I was not attempting to select the card manager
applet but the coolkey applet, which does not exist yet.
3 files changed, 16 insertions, 19 deletions
diff --git a/base/common/src/org/dogtagpki/tps/TPSConnection.java b/base/common/src/org/dogtagpki/tps/TPSConnection.java index 64f8cb906..d93827775 100644 --- a/base/common/src/org/dogtagpki/tps/TPSConnection.java +++ b/base/common/src/org/dogtagpki/tps/TPSConnection.java @@ -90,28 +90,15 @@ public class TPSConnection { String s = message.encode(); CMS.debug("TPSMessage.write: Writing: " + s); - - if (chunked) { - // send message length + EOL - out.print(Integer.toHexString(s.length())); - out.print("\r\n"); - } - // send message out.print(s); - /* - * - * Right now, tpsclient is counting the final crlf as part of the message and ruining the MAC calculations - * For now do this and figure out later how to handle this for both tpsclient and esc. - * - if (chunked) { - // send EOL - out.print("\r\n"); - } + // We don't have to send any specific chunk format here + // The output stream detects chunked encoding and sends + // the correct output to the other end. - */ out.flush(); } + } diff --git a/base/tps-tomcat/src/org/dogtagpki/server/tps/TPSServlet.java b/base/tps-tomcat/src/org/dogtagpki/server/tps/TPSServlet.java index d56fc7e67..383bd4959 100644 --- a/base/tps-tomcat/src/org/dogtagpki/server/tps/TPSServlet.java +++ b/base/tps-tomcat/src/org/dogtagpki/server/tps/TPSServlet.java @@ -36,7 +36,14 @@ public class TPSServlet extends HttpServlet { public void service(HttpServletRequest request, HttpServletResponse response) throws IOException { - CMS.debug("Hello from tps.service " + request); + String encoding = request.getHeader("Transfer-Encoding"); + + CMS.debug("Encoding: " + encoding); + + if (encoding.equals("chunked") == false) { + throw new IOException("TPSServlet.service: incorrect encoding! "); + } + response.setHeader("Transfer-Encoding", "chunked"); TPSConnection con = new TPSConnection( diff --git a/base/tps-tomcat/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps-tomcat/src/org/dogtagpki/server/tps/processor/TPSProcessor.java index 24571e234..68bd49742 100644 --- a/base/tps-tomcat/src/org/dogtagpki/server/tps/processor/TPSProcessor.java +++ b/base/tps-tomcat/src/org/dogtagpki/server/tps/processor/TPSProcessor.java @@ -451,6 +451,7 @@ public class TPSProcessor { boolean appletUpgraded = false; String NetKeyAID = null; String NetKeyPAID = null; + String CardMgrAID = null; IConfigStore configStore = CMS.getConfigStore(); @@ -461,6 +462,7 @@ public class TPSProcessor { TPSEngine.CFG_DEF_NETKEY_INSTANCE_AID); CMS.debug("In TPS_Processor.upgradeApplet. CardManagerAID: " + " NetKeyAID: " + NetKeyAID); NetKeyPAID = configStore.getString(TPSEngine.CFG_APPLET_NETKEY_FILE_AID, TPSEngine.CFG_DEF_NETKEY_FILE_AID); + CardMgrAID = configStore.getString(TPSEngine.CFG_APPLET_CARDMGR_INSTANCE_AID,TPSEngine.CFG_DEF_CARDMGR_INSTANCE_AID); } catch (EBaseException e1) { CMS.debug("TPS_Processor.upgradeApplet: Internal Error obtaining mandatory config values. Error: " + e1); @@ -470,6 +472,7 @@ public class TPSProcessor { TPSBuffer netkeyAIDBuff = new TPSBuffer(NetKeyAID); TPSBuffer netkeyPAIDBuff = new TPSBuffer(NetKeyPAID); + TPSBuffer cardMgrAIDBuff = new TPSBuffer(CardMgrAID); //Not all of these used yet, but will be //ToDo @@ -495,7 +498,7 @@ public class TPSProcessor { appletData = getAppletFileData(appletFilePath); - APDUResponse select = selectApplet((byte) 0x04, (byte) 0x00, netkeyAIDBuff); + APDUResponse select = selectApplet((byte) 0x04, (byte) 0x00, cardMgrAIDBuff); if (!select.checkResult()) { throw new TPSException("TPSProcessor.format: Can't selelect the card manager!"); |