Bugzilla Bug #224688 - Support ECC POP on the server

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@742 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

3 files changed, 41 insertions, 10 deletions

diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java
index 297a6f1c8..064663583 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java
@@ -739,7 +739,7 @@ public abstract class EnrollProfile extends BasicProfile
             archOpts = (PKIArchiveOptions) 
                     (new PKIArchiveOptions.Template()).decode(bis);
         } catch (Exception e) {
-            CMS.debug("EnrollProfile: getPKIArchiveOptions " + e.toString());
+            CMS.debug("EnrollProfile: toPKIArchiveOptions " + e.toString());
         }
         return archOpts;
     }
@@ -1312,7 +1312,7 @@ public abstract class EnrollProfile extends BasicProfile
 
     public void verifyPOP(Locale locale, CertReqMsg certReqMsg)
         throws EProfileException {
-        CMS.debug("EnrollInput ::verifyPOP");
+        CMS.debug("EnrollProfile ::in verifyPOP");
 
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -1328,7 +1328,18 @@ public abstract class EnrollProfile extends BasicProfile
         }
 
         try {
-            certReqMsg.verify();
+            CryptoManager cm = CryptoManager.getInstance();
+            String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token",
+                   "Internal Key Storage Token");
+            CryptoToken verifyToken = cm.getTokenByName(tokenName);
+            if (tokenName.equals("Internal Key Storage Token")) {
+                //use internal token
+                CMS.debug("POP verification using internal token");
+                certReqMsg.verify();
+            } else {
+                CMS.debug("POP verification using token:"+ tokenName);
+                certReqMsg.verify(verifyToken);
+            }
 
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
@@ -1338,7 +1349,7 @@ public abstract class EnrollProfile extends BasicProfile
             audit( auditMessage );
         } catch (Exception e) {
 
-            CMS.debug("Failed POP verify!");
+            CMS.debug("Failed POP verify! "+e.toString());
 
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java
index de42cddb3..8924936a0 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java
@@ -21,6 +21,8 @@ package com.netscape.cms.profile.input;
 import java.util.*;
 
 import org.mozilla.jss.pkix.crmf.*;
+import org.mozilla.jss.CryptoManager;
+import org.mozilla.jss.crypto.CryptoToken;
 import com.netscape.certsrv.base.*;
 import com.netscape.certsrv.profile.*;
 import com.netscape.certsrv.request.*;
@@ -172,26 +174,41 @@ public abstract class EnrollInput implements IProfileInput {
 
     public void verifyPOP(Locale locale, CertReqMsg certReqMsg) 
         throws EProfileException {
-        CMS.debug("EnrollInput ::verifyPOP"); 
+        CMS.debug("EnrollInput ::in verifyPOP"); 
 
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
         if (!certReqMsg.hasPop()) { 
+            CMS.debug("CertReqMsg has not POP, return");
             return; 
         }
         ProofOfPossession pop = certReqMsg.getPop();
         ProofOfPossession.Type popType = pop.getType();
 
         if (popType != ProofOfPossession.SIGNATURE) {
+            CMS.debug("not POP SIGNATURE, return");
             return;
         }
 
         try {
             if (CMS.getConfigStore().getBoolean("cms.skipPOPVerify", false)) {
+              CMS.debug("skipPOPVerify on, return");
               return;
             }
-            certReqMsg.verify();
+            CMS.debug("POP verification begins:");
+            CryptoManager cm = CryptoManager.getInstance();
+            String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token",
+                   "Internal Key Storage Token");
+            CryptoToken verifyToken = cm.getTokenByName(tokenName);
+            if (tokenName.equals("Internal Key Storage Token")) {
+                //use internal token
+                CMS.debug("POP verification using internal token");
+                certReqMsg.verify();
+            } else {
+                CMS.debug("POP verification using token:"+ tokenName);
+                certReqMsg.verify(verifyToken);
+            }
 
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
@@ -201,7 +218,7 @@ public abstract class EnrollInput implements IProfileInput {
             audit( auditMessage );
         } catch (Exception e) {
 
-            CMS.debug("Failed POP verify!");
+            CMS.debug("Failed POP verify! "+e.toString());
             CMS.debug(e);
 
             // store a message in the signed audit log file
diff --git a/pki/dogtag/common/pki-common.spec b/pki/dogtag/common/pki-common.spec
index 7d033f9c1..f086a826c 100644
--- a/pki/dogtag/common/pki-common.spec
+++ b/pki/dogtag/common/pki-common.spec
@@ -34,7 +34,7 @@
 ## Package Header Definitions
 %define base_name         %{base_prefix}-%{base_component}
 %define base_version      1.2.0
-%define base_release      1
+%define base_release      2
 %define base_group        System Environment/Base
 %define base_vendor       Red Hat, Inc.
 %define base_license      GPLv2 with exceptions
@@ -122,10 +122,10 @@ BuildRoot:      %{_builddir}/%{base_name}-root
 ##        Technically, "ant" should not need to be in "BuildRequires" since
 ##        it is the Java equivalent of "make" (and/or "Autotools").
 ##
-BuildRequires:  ant >= 1.6.2, %{base_prefix}-util >= 1.0.0, %{base_flavor}-%{base_name}-ui >= 1.0.0, %{pki_jdk}, jpackage-utils >= 1.6.0, jss >= 4.2.6, ldapjdk >= 4.17, osutil >= 1.0.0, symkey >= 1.0.0, velocity >= 1.4, xalan-j2, xerces-j2
+BuildRequires:  ant >= 1.6.2, %{base_prefix}-util >= 1.0.0, %{base_flavor}-%{base_name}-ui >= 1.0.0, %{pki_jdk}, jpackage-utils >= 1.6.0, jss >= 4.2.6-5, ldapjdk >= 4.17, osutil >= 1.0.0, symkey >= 1.0.0, velocity >= 1.4, xalan-j2, xerces-j2
 
 ## Without Requires something, rpmbuild will abort!
-Requires:       %{base_name}-ui, %{base_prefix}-java-tools >= 1.0.0, %{base_prefix}-setup >= 1.0.0, %{pki_jre}, osutil >= 1.0.0, rhgb >= 0.14.1, symkey >= 1.0.0, tomcatjss >= 1.1.0, velocity >= 1.4
+Requires:       %{base_name}-ui, %{base_prefix}-java-tools >= 1.0.0, %{base_prefix}-setup >= 1.0.0, %{pki_jre}, osutil >= 1.0.0, rhgb >= 0.14.1, symkey >= 1.0.0, tomcatjss >= 1.1.0, velocity >= 1.4, jss >= 4.2.6-5
 
 
 ## This package conflicts with the following packages!
@@ -285,6 +285,9 @@ chmod 00755 %{_datadir}/%{base_prefix}/setup/postinstall
 ###############################################################################
 
 %changelog
+* Tue Aug 4 2009 Ade Lee <alee@redhat.com> 1.2.0-2
+- Bugzilla Bug #224688 - Support ECC POP on the server    
+
 * Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1
 - Version update to Dogtag 1.2.0.
 * Fri Jul 10 2009 Ade Lee <alee@redhat.com> 1.1.0-42