diff options
author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-08-07 20:06:36 +0000 |
---|---|---|
committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-08-07 20:06:36 +0000 |
commit | 7ee68e3153c8d4ad60a72f1798c7270ae18eb4c4 (patch) | |
tree | f1d320b6cf3aa0eee0b4421ae88a5497a012dada | |
parent | d01e249aeb0cf93ab6e9cc3f5714d35c927eb9dd (diff) | |
download | pki-7ee68e3153c8d4ad60a72f1798c7270ae18eb4c4.tar.gz pki-7ee68e3153c8d4ad60a72f1798c7270ae18eb4c4.tar.xz pki-7ee68e3153c8d4ad60a72f1798c7270ae18eb4c4.zip |
Bugzilla Bug #224688 - Support ECC POP on the server
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@742 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
3 files changed, 41 insertions, 10 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java index 297a6f1c8..064663583 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java @@ -739,7 +739,7 @@ public abstract class EnrollProfile extends BasicProfile archOpts = (PKIArchiveOptions) (new PKIArchiveOptions.Template()).decode(bis); } catch (Exception e) { - CMS.debug("EnrollProfile: getPKIArchiveOptions " + e.toString()); + CMS.debug("EnrollProfile: toPKIArchiveOptions " + e.toString()); } return archOpts; } @@ -1312,7 +1312,7 @@ public abstract class EnrollProfile extends BasicProfile public void verifyPOP(Locale locale, CertReqMsg certReqMsg) throws EProfileException { - CMS.debug("EnrollInput ::verifyPOP"); + CMS.debug("EnrollProfile ::in verifyPOP"); String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1328,7 +1328,18 @@ public abstract class EnrollProfile extends BasicProfile } try { - certReqMsg.verify(); + CryptoManager cm = CryptoManager.getInstance(); + String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", + "Internal Key Storage Token"); + CryptoToken verifyToken = cm.getTokenByName(tokenName); + if (tokenName.equals("Internal Key Storage Token")) { + //use internal token + CMS.debug("POP verification using internal token"); + certReqMsg.verify(); + } else { + CMS.debug("POP verification using token:"+ tokenName); + certReqMsg.verify(verifyToken); + } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -1338,7 +1349,7 @@ public abstract class EnrollProfile extends BasicProfile audit( auditMessage ); } catch (Exception e) { - CMS.debug("Failed POP verify!"); + CMS.debug("Failed POP verify! "+e.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( diff --git a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java index de42cddb3..8924936a0 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java @@ -21,6 +21,8 @@ package com.netscape.cms.profile.input; import java.util.*; import org.mozilla.jss.pkix.crmf.*; +import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.crypto.CryptoToken; import com.netscape.certsrv.base.*; import com.netscape.certsrv.profile.*; import com.netscape.certsrv.request.*; @@ -172,26 +174,41 @@ public abstract class EnrollInput implements IProfileInput { public void verifyPOP(Locale locale, CertReqMsg certReqMsg) throws EProfileException { - CMS.debug("EnrollInput ::verifyPOP"); + CMS.debug("EnrollInput ::in verifyPOP"); String auditMessage = null; String auditSubjectID = auditSubjectID(); if (!certReqMsg.hasPop()) { + CMS.debug("CertReqMsg has not POP, return"); return; } ProofOfPossession pop = certReqMsg.getPop(); ProofOfPossession.Type popType = pop.getType(); if (popType != ProofOfPossession.SIGNATURE) { + CMS.debug("not POP SIGNATURE, return"); return; } try { if (CMS.getConfigStore().getBoolean("cms.skipPOPVerify", false)) { + CMS.debug("skipPOPVerify on, return"); return; } - certReqMsg.verify(); + CMS.debug("POP verification begins:"); + CryptoManager cm = CryptoManager.getInstance(); + String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", + "Internal Key Storage Token"); + CryptoToken verifyToken = cm.getTokenByName(tokenName); + if (tokenName.equals("Internal Key Storage Token")) { + //use internal token + CMS.debug("POP verification using internal token"); + certReqMsg.verify(); + } else { + CMS.debug("POP verification using token:"+ tokenName); + certReqMsg.verify(verifyToken); + } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -201,7 +218,7 @@ public abstract class EnrollInput implements IProfileInput { audit( auditMessage ); } catch (Exception e) { - CMS.debug("Failed POP verify!"); + CMS.debug("Failed POP verify! "+e.toString()); CMS.debug(e); // store a message in the signed audit log file diff --git a/pki/dogtag/common/pki-common.spec b/pki/dogtag/common/pki-common.spec index 7d033f9c1..f086a826c 100644 --- a/pki/dogtag/common/pki-common.spec +++ b/pki/dogtag/common/pki-common.spec @@ -34,7 +34,7 @@ ## Package Header Definitions %define base_name %{base_prefix}-%{base_component} %define base_version 1.2.0 -%define base_release 1 +%define base_release 2 %define base_group System Environment/Base %define base_vendor Red Hat, Inc. %define base_license GPLv2 with exceptions @@ -122,10 +122,10 @@ BuildRoot: %{_builddir}/%{base_name}-root ## Technically, "ant" should not need to be in "BuildRequires" since ## it is the Java equivalent of "make" (and/or "Autotools"). ## -BuildRequires: ant >= 1.6.2, %{base_prefix}-util >= 1.0.0, %{base_flavor}-%{base_name}-ui >= 1.0.0, %{pki_jdk}, jpackage-utils >= 1.6.0, jss >= 4.2.6, ldapjdk >= 4.17, osutil >= 1.0.0, symkey >= 1.0.0, velocity >= 1.4, xalan-j2, xerces-j2 +BuildRequires: ant >= 1.6.2, %{base_prefix}-util >= 1.0.0, %{base_flavor}-%{base_name}-ui >= 1.0.0, %{pki_jdk}, jpackage-utils >= 1.6.0, jss >= 4.2.6-5, ldapjdk >= 4.17, osutil >= 1.0.0, symkey >= 1.0.0, velocity >= 1.4, xalan-j2, xerces-j2 ## Without Requires something, rpmbuild will abort! -Requires: %{base_name}-ui, %{base_prefix}-java-tools >= 1.0.0, %{base_prefix}-setup >= 1.0.0, %{pki_jre}, osutil >= 1.0.0, rhgb >= 0.14.1, symkey >= 1.0.0, tomcatjss >= 1.1.0, velocity >= 1.4 +Requires: %{base_name}-ui, %{base_prefix}-java-tools >= 1.0.0, %{base_prefix}-setup >= 1.0.0, %{pki_jre}, osutil >= 1.0.0, rhgb >= 0.14.1, symkey >= 1.0.0, tomcatjss >= 1.1.0, velocity >= 1.4, jss >= 4.2.6-5 ## This package conflicts with the following packages! @@ -285,6 +285,9 @@ chmod 00755 %{_datadir}/%{base_prefix}/setup/postinstall ############################################################################### %changelog +* Tue Aug 4 2009 Ade Lee <alee@redhat.com> 1.2.0-2 +- Bugzilla Bug #224688 - Support ECC POP on the server + * Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 - Version update to Dogtag 1.2.0. * Fri Jul 10 2009 Ade Lee <alee@redhat.com> 1.1.0-42 |