diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2017-01-20 23:57:11 +0100 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2017-01-26 00:56:15 +0100 |
| commit | 48cefdea31e62d49c8b728576d29e0f298141a04 (patch) | |
| tree | 3a5e68b45dd4da38df7ba1e6d54956c0c5155d8f | |
| parent | 97ac6024c813621856b3cbfc8207416a46855108 (diff) | |
| download | pki-48cefdea31e62d49c8b728576d29e0f298141a04.tar.gz pki-48cefdea31e62d49c8b728576d29e0f298141a04.tar.xz pki-48cefdea31e62d49c8b728576d29e0f298141a04.zip | |
Fixed inconsistent internal token detection.
The codes that detect internal token name have been modified to
use CryptoUtil.isInternalToken() such that the comparison can be
done consistently both in normal mode and FIPS mode.
https://fedorahosted.org/pki/ticket/2556
33 files changed, 162 insertions, 174 deletions
diff --git a/base/ca/src/com/netscape/ca/SigningUnit.java b/base/ca/src/com/netscape/ca/SigningUnit.java index d97bd8bc6..120b3547c 100644 --- a/base/ca/src/com/netscape/ca/SigningUnit.java +++ b/base/ca/src/com/netscape/ca/SigningUnit.java @@ -151,8 +151,7 @@ public final class SigningUnit implements ISigningUnit { } tokenname = config.getString(PROP_TOKEN_NAME); - if (tokenname.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_NAME) || - tokenname.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { mToken = mManager.getInternalKeyStorageToken(); setNewNickName(mNickname); } else { diff --git a/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java b/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java index edf6e1335..9b435eea2 100644 --- a/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java +++ b/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java @@ -95,7 +95,7 @@ public class CMCEnroll { CryptoManager manager = CryptoManager.getInstance(); CryptoToken token = null; - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { token = manager.getInternalKeyStorageToken(); } else { token = manager.getTokenByName(tokenname); diff --git a/base/java-tools/src/com/netscape/cmstools/CMCRequest.java b/base/java-tools/src/com/netscape/cmstools/CMCRequest.java index 865d410ed..5a692a031 100644 --- a/base/java-tools/src/com/netscape/cmstools/CMCRequest.java +++ b/base/java-tools/src/com/netscape/cmstools/CMCRequest.java @@ -33,10 +33,6 @@ import java.security.NoSuchAlgorithmException; import java.util.Date; import java.util.StringTokenizer; -import netscape.security.pkcs.PKCS10; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertImpl; - import org.mozilla.jss.CryptoManager; import org.mozilla.jss.asn1.ANY; import org.mozilla.jss.asn1.ASN1Util; @@ -83,6 +79,10 @@ import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.HMACDigest; import com.netscape.cmsutil.util.Utils; +import netscape.security.pkcs.PKCS10; +import netscape.security.x509.X500Name; +import netscape.security.x509.X509CertImpl; + /** * Tool for creating CMC full request * @@ -108,7 +108,7 @@ public class CMCRequest { CryptoManager manager = CryptoManager.getInstance(); CryptoToken token = null; - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { token = manager.getInternalKeyStorageToken(); } else { token = manager.getTokenByName(tokenName); @@ -1019,7 +1019,7 @@ public class CMCRequest { CryptoManager cm = CryptoManager.getInstance(); System.out.println("CryptoManger initialized"); - if ((tokenName == null) || (tokenName.equals(""))) { + if (CryptoUtil.isInternalToken(tokenName)) { token = cm.getInternalKeyStorageToken(); tokenName = CryptoUtil.INTERNAL_TOKEN_NAME; } else { diff --git a/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java b/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java index b238321ac..bb0cc44a7 100644 --- a/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java +++ b/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java @@ -27,9 +27,6 @@ import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Date; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertImpl; - import org.mozilla.jss.CryptoManager; import org.mozilla.jss.NoSuchTokenException; import org.mozilla.jss.asn1.ANY; @@ -61,6 +58,9 @@ import org.mozilla.jss.util.Password; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.Utils; +import netscape.security.x509.X500Name; +import netscape.security.x509.X509CertImpl; + /** * Tool for signing a CMC revocation request with an agent's certificate. * @@ -175,21 +175,21 @@ public class CMCRevoke { // initialize CryptoManager mPath = dValue; System.out.println("cert/key prefix = " + mPrefix); - System.out.println("path = " + mPath); + System.out.println("path = " + mPath); CryptoManager.InitializationValues vals = - new CryptoManager.InitializationValues(mPath, mPrefix, mPrefix, "secmod.db"); + new CryptoManager.InitializationValues(mPath, mPrefix, mPrefix, "secmod.db"); CryptoManager.initialize(vals); - + CryptoManager cm = CryptoManager.getInstance(); CryptoToken token = null; - if ((hValue == null) || (hValue.equals(""))) { + if (CryptoUtil.isInternalToken(hValue)) { token = cm.getInternalKeyStorageToken(); hValue = CryptoUtil.INTERNAL_TOKEN_NAME; } else { token = cm.getTokenByName(hValue); } - + Password pass = new Password(pValue.toCharArray()); token.login(pass); @@ -259,7 +259,7 @@ public class CMCRevoke { Exception, TokenException { CryptoToken token = null; - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { token = manager.getInternalKeyStorageToken(); } else { token = manager.getTokenByName(tokenname); diff --git a/base/java-tools/src/com/netscape/cmstools/HttpClient.java b/base/java-tools/src/com/netscape/cmstools/HttpClient.java index c2134648b..05f64f9f4 100644 --- a/base/java-tools/src/com/netscape/cmstools/HttpClient.java +++ b/base/java-tools/src/com/netscape/cmstools/HttpClient.java @@ -114,7 +114,7 @@ public class HttpClient { CryptoManager.initialize(vals); CryptoManager cm = CryptoManager.getInstance(); CryptoToken token = null; - if ((tokenName == null) || (tokenName.equals(""))) { + if (CryptoUtil.isInternalToken(tokenName)) { token = cm.getInternalKeyStorageToken(); tokenName = CryptoUtil.INTERNAL_TOKEN_NAME; } else { diff --git a/base/java-tools/src/com/netscape/cmstools/KRATool.java b/base/java-tools/src/com/netscape/cmstools/KRATool.java index c89d488e2..2ec09658f 100644 --- a/base/java-tools/src/com/netscape/cmstools/KRATool.java +++ b/base/java-tools/src/com/netscape/cmstools/KRATool.java @@ -42,12 +42,6 @@ import java.util.Iterator; import java.util.Vector; import java.util.regex.PatternSyntaxException; -import netscape.security.provider.RSAPublicKey; -import netscape.security.util.DerInputStream; -import netscape.security.util.DerOutputStream; -import netscape.security.util.DerValue; -import netscape.security.x509.X509CertImpl; - import org.mozilla.jss.CertDatabaseException; import org.mozilla.jss.CryptoManager; import org.mozilla.jss.KeyDatabaseException; @@ -68,6 +62,12 @@ import org.mozilla.jss.util.Password; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.Utils; +import netscape.security.provider.RSAPublicKey; +import netscape.security.util.DerInputStream; +import netscape.security.util.DerOutputStream; +import netscape.security.util.DerValue; +import netscape.security.x509.X509CertImpl; + /** * The KRATool class is a utility program designed to operate on an LDIF file * to perform one or more of the following tasks: @@ -1620,7 +1620,7 @@ public class KRATool { + "'." + NEWLINE, true); - if (mSourceStorageTokenName.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (CryptoUtil.isInternalToken(mSourceStorageTokenName)) { mSourceToken = cm.getInternalKeyStorageToken(); } else { mSourceToken = cm.getTokenByName(mSourceStorageTokenName); diff --git a/base/java-tools/src/com/netscape/cmstools/TestCRLSigning.java b/base/java-tools/src/com/netscape/cmstools/TestCRLSigning.java index 24a51f8ee..90535296a 100644 --- a/base/java-tools/src/com/netscape/cmstools/TestCRLSigning.java +++ b/base/java-tools/src/com/netscape/cmstools/TestCRLSigning.java @@ -63,7 +63,7 @@ public class TestCRLSigning { // Login to token CryptoToken token = null; - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { token = cm.getInternalKeyStorageToken(); } else { token = cm.getTokenByName(tokenname); diff --git a/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java b/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java index d07a972db..b51057b15 100644 --- a/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java +++ b/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java @@ -324,7 +324,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove if (mStorageKeyUnit.getToken() != null) { try { String storageToken = mStorageKeyUnit.getToken().getName(); - if (!storageToken.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (!CryptoUtil.isInternalToken(storageToken)) { CMS.debug("Auto set serverKeygenTokenName to " + storageToken); serverKeygenTokenName = storageToken; } @@ -335,7 +335,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove if (serverKeygenTokenName == null) { serverKeygenTokenName = CryptoUtil.INTERNAL_TOKEN_NAME; } - if (serverKeygenTokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(serverKeygenTokenName)) serverKeygenTokenName = CryptoUtil.INTERNAL_TOKEN_NAME; try { diff --git a/base/kra/src/com/netscape/kra/RecoveryService.java b/base/kra/src/com/netscape/kra/RecoveryService.java index a5e9e78df..e9c357d1e 100644 --- a/base/kra/src/com/netscape/kra/RecoveryService.java +++ b/base/kra/src/com/netscape/kra/RecoveryService.java @@ -139,7 +139,7 @@ public class RecoveryService implements IService { cm = CryptoManager.getInstance(); config = CMS.getConfigStore(); tokName = config.getString("kra.storageUnit.hardware", CryptoUtil.INTERNAL_TOKEN_NAME); - if (tokName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokName)) { CMS.debug("RecoveryService: serviceRequest: use internal token "); ct = cm.getInternalCryptoToken(); } else { diff --git a/base/ocsp/src/com/netscape/ocsp/SigningUnit.java b/base/ocsp/src/com/netscape/ocsp/SigningUnit.java index 2cf22e3d9..a802abea4 100644 --- a/base/ocsp/src/com/netscape/ocsp/SigningUnit.java +++ b/base/ocsp/src/com/netscape/ocsp/SigningUnit.java @@ -138,8 +138,7 @@ public final class SigningUnit implements ISigningUnit { CMS.debug("OCSP nickname " + mNickname); tokenname = config.getString(PROP_TOKEN_NAME); - if (tokenname.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_NAME) || - tokenname.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { mToken = mManager.getInternalKeyStorageToken(); } else { mToken = mManager.getTokenByName(tokenname); diff --git a/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java b/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java index 3f46d918d..d1c04ee9b 100644 --- a/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java +++ b/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java @@ -926,7 +926,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME); // by default JSS will use internal crypto token - if (!tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (!CryptoUtil.isInternalToken(tokenName)) { savedToken = cm.getThreadToken(); signToken = cm.getTokenByName(tokenName); if(signToken != null) { diff --git a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java index 47e886361..3b6916b37 100644 --- a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java +++ b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java @@ -702,7 +702,7 @@ public abstract class EnrollProfile extends BasicProfile String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME); savedToken = cm.getThreadToken(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { signToken = cm.getInternalCryptoToken(); } else { signToken = cm.getTokenByName(tokenName); @@ -1509,7 +1509,7 @@ public abstract class EnrollProfile extends BasicProfile CryptoManager cm = CryptoManager.getInstance(); CryptoToken verifyToken = null; String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { CMS.debug("POP verification using internal token"); certReqMsg.verify(); } else { diff --git a/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java b/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java index 3ec74eda2..0a389fe6f 100644 --- a/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java +++ b/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java @@ -208,7 +208,7 @@ public abstract class EnrollInput implements IProfileInput { CryptoToken verifyToken = null; String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { CMS.debug("POP verification using internal token"); certReqMsg.verify(); } else { diff --git a/base/server/cms/src/com/netscape/cms/publish/publishers/OCSPPublisher.java b/base/server/cms/src/com/netscape/cms/publish/publishers/OCSPPublisher.java index 45aae2495..7ca88a771 100644 --- a/base/server/cms/src/com/netscape/cms/publish/publishers/OCSPPublisher.java +++ b/base/server/cms/src/com/netscape/cms/publish/publishers/OCSPPublisher.java @@ -145,7 +145,7 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { try { nickname = config.getString("ca.subsystem.nickname", ""); String tokenname = config.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) nickname = tokenname + ":" + nickname; } catch (Exception e) { } diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java index 46ac361fe..eecbdbcd0 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java @@ -588,7 +588,7 @@ public final class CMSAdminServlet extends AdminServlet { String tokenName = (String) tokenizer.nextElement(); String nickName = (String) tokenizer.nextElement(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { tokenName = jssSubSystem.getInternalTokenName(); } else { nickName = tokenName + ":" + nickName; @@ -693,7 +693,7 @@ public final class CMSAdminServlet extends AdminServlet { } String tokenName = (String) tokenizer.nextElement(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) tokenName = ""; else tokenName = tokenName + ":"; @@ -1100,7 +1100,7 @@ public final class CMSAdminServlet extends AdminServlet { String value = req.getParameter(key); if (key.equals(Constants.PR_TOKEN_NAME)) { - if (!value.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (!CryptoUtil.isInternalToken(value)) tokenName = value; } else if (key.equals(Constants.PR_KEY_LENGTH)) { keyLength = Integer.parseInt(value); @@ -1264,7 +1264,7 @@ public final class CMSAdminServlet extends AdminServlet { CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) signingUnit.setNewNickName(nickname); else { if (tokenName.equals("") && nickname.equals("")) @@ -1287,7 +1287,7 @@ public final class CMSAdminServlet extends AdminServlet { IRegistrationAuthority ra = (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) ra.setNewNickName(nickname); else { if (tokenName.equals("") && nickname.equals("")) @@ -1311,7 +1311,7 @@ public final class CMSAdminServlet extends AdminServlet { if (ocsp != null) { ISigningUnit signingUnit = ocsp.getSigningUnit(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) signingUnit.setNewNickName(nickname); else { if (tokenName.equals("") && nickname.equals("")) @@ -1324,7 +1324,7 @@ public final class CMSAdminServlet extends AdminServlet { CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) signingUnit.setNewNickName(nickname); else { if (tokenName.equals("") && nickname.equals("")) @@ -1356,7 +1356,7 @@ public final class CMSAdminServlet extends AdminServlet { IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) kra.setNewNickName(nickname); else { if (tokenName.equals("") && nickname.equals("")) diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/KRAConnectorProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/admin/KRAConnectorProcessor.java index 92067c7c3..2fd5d5371 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/admin/KRAConnectorProcessor.java +++ b/base/server/cms/src/com/netscape/cms/servlet/admin/KRAConnectorProcessor.java @@ -194,7 +194,7 @@ public class KRAConnectorProcessor extends CAProcessor { String nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) nickname = tokenname + ":" + nickname; cs.putString(PREFIX + ".nickName", nickname); cs.commit(true); diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java index 27840bdc6..55860fad5 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java +++ b/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java @@ -245,8 +245,7 @@ public class CRSEnrollment extends HttpServlet { mTokenName = scepConfig.getString("tokenname", ""); mUseCA = false; } - if (!(mTokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_NAME) || - mTokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) || mTokenName.length() == 0)) { + if (!CryptoUtil.isInternalToken(mTokenName)) { int i = mNickname.indexOf(':'); if (!((i > -1) && (mTokenName.length() == i) && (mNickname.startsWith(mTokenName)))) { mNickname = mTokenName + ":" + mNickname; @@ -1964,9 +1963,7 @@ public class CRSEnrollment extends HttpServlet { cm = CryptoManager.getInstance(); internalToken = cm.getInternalCryptoToken(); DESkg = internalToken.getKeyGenerator(kga); - if (mTokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_NAME) || - mTokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) || - mTokenName.length() == 0) { + if (CryptoUtil.isInternalToken(mTokenName)) { keyStorageToken = cm.getInternalKeyStorageToken(); internalKeyStorageToken = keyStorageToken; CMS.debug("CRSEnrollment: CryptoContext: internal token name: '" + mTokenName + "'"); diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java index d652963b1..018bfc7c1 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java @@ -763,8 +763,7 @@ public class CertUtil { } String fullnickname = nickname; - - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (!CryptoUtil.isInternalToken(tokenname)) { fullnickname = tokenname + ":" + nickname; } diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index 105ae6ee9..e65035ecb 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -997,8 +997,7 @@ public class ConfigurationUtils { String name1 = "preop.master." + tag + ".nickname"; String nickname = cs.getString(name1, ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && - !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) nickname = tokenname + ":" + nickname; CMS.debug("ConfigurationUtils.verifySystemCertificates(): checking certificate " + nickname); @@ -2341,9 +2340,8 @@ public class ConfigurationUtils { CryptoManager cm = CryptoManager.getInstance(); - if (token != null) { - if (!token.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) - nickname = token + ":" + nickname; + if (!CryptoUtil.isInternalToken(token)) { + nickname = token + ":" + nickname; } X509Certificate cert = cm.findCertByNickname(nickname); @@ -2815,7 +2813,7 @@ public class ConfigurationUtils { String cstype = config.getString("cs.type", null); cstype = cstype.toLowerCase(); if (cstype.equals("kra")) { - if (!token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (!CryptoUtil.isInternalToken(token)) { if (certTag.equals("storage")) { config.putString(subsystem + ".storageUnit.hardware", token); config.putString(subsystem + ".storageUnit.nickName", token + ":" + nickname); @@ -2834,7 +2832,7 @@ public class ConfigurationUtils { String serverCertNickname = nickname; String path = CMS.getConfigStore().getString("instanceRoot", ""); if (certTag.equals("sslserver")) { - if (!token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (!CryptoUtil.isInternalToken(token)) { serverCertNickname = token + ":" + nickname; } PrintStream ps = new PrintStream(path + "/conf/serverCertNick.conf", "UTF-8"); @@ -2845,7 +2843,7 @@ public class ConfigurationUtils { config.putString(subsystem + "." + certTag + ".nickname", nickname); config.putString(subsystem + "." + certTag + ".tokenname", token); if (certTag.equals("audit_signing")) { - if (!token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && !token.equals("")) { + if (!CryptoUtil.isInternalToken(token)) { config.putString("log.instance.SignedAudit.signedAuditCertNickname", token + ":" + nickname); } else { @@ -2855,7 +2853,7 @@ public class ConfigurationUtils { } // for system certs verification - if (!token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && !token.equals("")) { + if (!CryptoUtil.isInternalToken(token)) { config.putString(subsystem + ".cert." + certTag + ".nickname", token + ":" + nickname); } else { @@ -2929,7 +2927,7 @@ public class ConfigurationUtils { cstype = cstype.toLowerCase(); if (cstype.equals("kra")) { String token = config.getString("preop.module.token"); - if (!token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (!CryptoUtil.isInternalToken(token)) { CMS.debug("ConfigurationUtils: updating configuration for KRA clone with hardware token"); String subsystem = config.getString(PCERT_PREFIX + "storage.subsystem"); String storageNickname = getNickname(config, "storage"); @@ -2947,7 +2945,7 @@ public class ConfigurationUtils { // audit signing cert String audit_nn = config.getString(cstype + ".audit_signing" + ".nickname", ""); String audit_tk = config.getString(cstype + ".audit_signing" + ".tokenname", ""); - if (!audit_tk.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && !audit_tk.equals("")) { + if (!CryptoUtil.isInternalToken(audit_tk)) { config.putString("log.instance.SignedAudit.signedAuditCertNickname", audit_tk + ":" + audit_nn); } else { @@ -3332,7 +3330,7 @@ public class ConfigurationUtils { if (certTag.equals("signing") && subsystem.equals("ca")) { String NickName = nickname; - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) NickName = tokenname + ":" + nickname; CMS.debug("handleCerts(): set trust on CA signing cert " + NickName); @@ -3349,7 +3347,7 @@ public class ConfigurationUtils { IConfigStore cs = CMS.getConfigStore(); String nickname = cs.getString("preop.cert." + tag + ".nickname", ""); String tokenname = cs.getString("preop.module.token", ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) nickname = tokenname + ":" + nickname; CryptoManager cm = CryptoManager.getInstance(); @@ -3375,7 +3373,7 @@ public class ConfigurationUtils { String fullnickname = nickname; boolean hardware = false; - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (!CryptoUtil.isInternalToken(tokenname)) { hardware = true; fullnickname = tokenname + ":" + nickname; } @@ -3437,9 +3435,7 @@ public class ConfigurationUtils { CryptoToken tok = CryptoUtil.getKeyStorageToken(tokenname); CryptoStore store = tok.getCryptoStore(); String fullnickname = nickname; - if (!tokenname.equals("") && - !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && - !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) fullnickname = tokenname + ":" + nickname; CMS.debug("deleteCert: nickname=" + fullnickname); @@ -3485,7 +3481,7 @@ public class ConfigurationUtils { String nickname = cs.getString("preop.cert." + t + ".nickname"); String modname = cs.getString("preop.module.token"); - if (!modname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(modname)) nickname = modname + ":" + nickname; util.loadCertFromNSS(pkcs12, nickname, true, false); @@ -3997,9 +3993,7 @@ public class ConfigurationUtils { String nickname = cs.getString("preop.cert.subsystem.nickname", ""); String tokenname = cs.getString("preop.module.token", ""); - if (!tokenname.equals("") && - !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && - !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (!CryptoUtil.isInternalToken(tokenname)) { nickname = tokenname + ":" + nickname; } CMS.debug("updateDomainXML() nickname=" + nickname); @@ -4574,8 +4568,7 @@ public class ConfigurationUtils { String nickname = cs.getString("preop.cert.subsystem.nickname", ""); String tokenname = cs.getString("preop.module.token", ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) - && !tokenname.equals("")) { + if (!CryptoUtil.isInternalToken(tokenname)) { nickname = tokenname + ":" + nickname; } diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java index 6bb0746b7..ba292a664 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java @@ -70,7 +70,7 @@ public class GetSubsystemCert extends CMSServlet { try { nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) nickname = tokenname + ":" + nickname; } catch (Exception e) { } diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java index d5b552be8..1a7d89d72 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java @@ -108,7 +108,7 @@ public class UpdateOCSPConfig extends CMSServlet { try { nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) nickname = tokenname + ":" + nickname; } catch (Exception e) { } diff --git a/base/server/cms/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java b/base/server/cms/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java index d4e8f92b6..d2dec7310 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java @@ -356,7 +356,7 @@ public class AddCRLServlet extends CMSServlet { String tokenName = CMS.getConfigStore().getString("ocsp.crlVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME); savedToken = cmanager.getThreadToken(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { verToken = cmanager.getInternalCryptoToken(); } else { verToken = cmanager.getTokenByName(tokenName); diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java index a0c1b785e..2cf76d80a 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java @@ -34,8 +34,6 @@ import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.Request; import javax.ws.rs.core.UriInfo; -import netscape.security.x509.X509CertImpl; - import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.mutable.MutableBoolean; import org.mozilla.jss.CryptoManager; @@ -68,6 +66,8 @@ import com.netscape.cms.servlet.csadmin.SystemCertDataFactory; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.Utils; +import netscape.security.x509.X509CertImpl; + /** * @author alee * @@ -150,7 +150,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou // specify module and log into token CMS.debug("=== Token Authentication ==="); String token = data.getToken(); - if (token == null) { + if (CryptoUtil.isInternalToken(token)) { token = CryptoUtil.INTERNAL_TOKEN_FULL_NAME; } loginToken(data, token); @@ -569,12 +569,16 @@ public class SystemConfigService extends PKIService implements SystemConfigResou ObjectNotFoundException, TokenException { // TODO - some of these parameters may only be valid for RSA CryptoManager cryptoManager = CryptoManager.getInstance(); - if (!tokenName.isEmpty()) + String nickname; + if (!CryptoUtil.isInternalToken(tokenName)) { CMS.debug("SystemConfigService:updateCloneConfiguration: tokenName=" + tokenName); - else + nickname = tokenName + ":" + cdata.getNickname(); + } else { CMS.debug("SystemConfigService:updateCloneConfiguration: tokenName empty; using internal"); + nickname = cdata.getNickname(); + } - X509Certificate cert = cryptoManager.findCertByNickname(!tokenName.isEmpty()? tokenName + ":" + cdata.getNickname() : cdata.getNickname()); + X509Certificate cert = cryptoManager.findCertByNickname(nickname); PublicKey pubk = cert.getPublicKey(); byte[] exponent = CryptoUtil.getPublicExponent(pubk); byte[] modulus = CryptoUtil.getModulus(pubk); @@ -588,7 +592,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } private void updateConfiguration(ConfigurationRequest data, SystemCertData cdata, String tag) { - if (cdata.getToken().equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (CryptoUtil.isInternalToken(cdata.getToken())) { cs.putString(csSubsystem + ".cert." + tag + ".nickname", cdata.getNickname()); } else { cs.putString(csSubsystem + ".cert." + tag + ".nickname", data.getToken() + @@ -877,7 +881,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou CMS.debug("SystemConfigService: get configuration entries from master"); ConfigurationUtils.getConfigEntriesFromMaster(); - if (token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (CryptoUtil.isInternalToken(token)) { if (!data.getSystemCertsImported()) { CMS.debug("SystemConfigService: restore certificates from P12 file"); String p12File = data.getP12File(); @@ -1019,7 +1023,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou public void loginToken(ConfigurationRequest data, String token) { cs.putString("preop.module.token", token); - if (! token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (!CryptoUtil.isInternalToken(token)) { try { CryptoManager cryptoManager = CryptoManager.getInstance(); CryptoToken ctoken = cryptoManager.getTokenByName(token); @@ -1130,7 +1134,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou throw new BadRequestException("Invalid clone URI: " + cloneUri, e); } - if (data.getToken().equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (CryptoUtil.isInternalToken(data.getToken())) { if (!data.getSystemCertsImported()) { if (data.getP12File() == null) { throw new BadRequestException("P12 filename not provided"); diff --git a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java index bfb44aba0..90ee8b90a 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java +++ b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java @@ -1448,8 +1448,7 @@ public class CMSEngine implements ICMSEngine { nickName) { String newName = null; - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME) || - tokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) newName = nickName; else { if (tokenName.equals("") && nickName.equals("")) diff --git a/base/server/cmscore/src/com/netscape/cmscore/security/CASigningCert.java b/base/server/cmscore/src/com/netscape/cmscore/security/CASigningCert.java index 4cf9501a5..27a339eee 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/security/CASigningCert.java +++ b/base/server/cmscore/src/com/netscape/cmscore/security/CASigningCert.java @@ -21,8 +21,6 @@ import java.io.IOException; import java.math.BigInteger; import java.security.KeyPair; -import netscape.security.x509.KeyUsageExtension; - import org.mozilla.jss.crypto.PQGParamGenException; import org.mozilla.jss.crypto.PQGParams; @@ -34,6 +32,8 @@ import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; import com.netscape.cmsutil.crypto.CryptoUtil; +import netscape.security.x509.KeyUsageExtension; + /** * CA signing certificate. * @@ -129,7 +129,7 @@ public class CASigningCert extends CertificateInfo { throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", keyType)); cmsFileTmp.putString("ca.signing.defaultSigningAlgorithm", alg); - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenname)) cmsFileTmp.putString("ca.signing.cacertnickname", nickname); else cmsFileTmp.putString("ca.signing.cacertnickname", diff --git a/base/server/cmscore/src/com/netscape/cmscore/security/JssSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/security/JssSubsystem.java index ec6611167..a721d4e52 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/security/JssSubsystem.java +++ b/base/server/cmscore/src/com/netscape/cmscore/security/JssSubsystem.java @@ -44,15 +44,6 @@ import java.util.Locale; import java.util.StringTokenizer; import java.util.Vector; -import netscape.ldap.util.DN; -import netscape.security.x509.AlgIdDSA; -import netscape.security.x509.AlgorithmId; -import netscape.security.x509.BasicConstraintsExtension; -import netscape.security.x509.CertificateExtensions; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; - import org.mozilla.jss.CryptoManager; import org.mozilla.jss.CryptoManager.NicknameConflictException; import org.mozilla.jss.CryptoManager.NotInitializedException; @@ -100,6 +91,15 @@ import com.netscape.cmscore.util.Debug; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.Utils; +import netscape.ldap.util.DN; +import netscape.security.x509.AlgIdDSA; +import netscape.security.x509.AlgorithmId; +import netscape.security.x509.BasicConstraintsExtension; +import netscape.security.x509.CertificateExtensions; +import netscape.security.x509.X500Name; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; + /** * Subsystem for initializing JSS> * <P> @@ -540,7 +540,7 @@ public final class JssSubsystem implements ICryptoSubsystem { public boolean isTokenLoggedIn(String name) throws EBaseException { try { - if (name.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(name)) name = CryptoUtil.INTERNAL_TOKEN_FULL_NAME; CryptoToken ctoken = mCryptoManager.getTokenByName(name); @@ -631,7 +631,7 @@ public final class JssSubsystem implements ICryptoSubsystem { StringBuffer certNames = new StringBuffer(); try { - if (name.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(name)) { c = mCryptoManager.getInternalKeyStorageToken(); } else { c = mCryptoManager.getTokenByName(name); @@ -681,7 +681,7 @@ public final class JssSubsystem implements ICryptoSubsystem { StringBuffer certNames = new StringBuffer(); try { - if (name.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(name)) { c = mCryptoManager.getInternalKeyStorageToken(); } else { c = mCryptoManager.getTokenByName(name); @@ -794,7 +794,7 @@ public final class JssSubsystem implements ICryptoSubsystem { int keySize, PQGParams pqg) throws EBaseException { String t = tokenName; - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) t = CryptoUtil.INTERNAL_TOKEN_FULL_NAME; CryptoToken token = null; @@ -911,8 +911,7 @@ public final class JssSubsystem implements ICryptoSubsystem { String tmp = (String) properties.get(Constants.PR_TOKEN_NAME); - if ((tmp != null) && - (!tmp.equals(CryptoUtil.INTERNAL_TOKEN_NAME))) + if (!CryptoUtil.isInternalToken(tmp)) tokenname = tmp; tmp = (String) properties.get(Constants.PR_KEY_TYPE); if (tmp != null) @@ -950,7 +949,7 @@ public final class JssSubsystem implements ICryptoSubsystem { public KeyPair getECCKeyPair(String token, String keyCurve, String certType) throws EBaseException { KeyPair pair = null; - if ((token == null) || (token.equals(""))) + if (CryptoUtil.isInternalToken(token)) token = CryptoUtil.INTERNAL_TOKEN_NAME; if ((keyCurve == null) || (keyCurve.equals(""))) @@ -1078,7 +1077,7 @@ public final class JssSubsystem implements ICryptoSubsystem { String issuername) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { nickname = nickname.substring(index + 1); } try { @@ -1166,7 +1165,7 @@ public final class JssSubsystem implements ICryptoSubsystem { + list[i].getNickname()); } catch (ObjectNotFoundException e) { String nickname = list[i].getNickname(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { nickname = CryptoUtil.INTERNAL_TOKEN_NAME + ":" + nickname; } X509CertImpl impl = null; @@ -1236,8 +1235,7 @@ public final class JssSubsystem implements ICryptoSubsystem { PrivateKey key = CryptoManager.getInstance().findPrivKeyByCert(list[i]); // check for errors String nickname = list[i].getNickname(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME) || - tokenName.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { nickname = CryptoUtil.INTERNAL_TOKEN_NAME + ":" + nickname; } X509CertImpl impl = null; @@ -1745,7 +1743,7 @@ public final class JssSubsystem implements ICryptoSubsystem { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { nickname = nickname.substring(index + 1); } try { @@ -1783,7 +1781,7 @@ public final class JssSubsystem implements ICryptoSubsystem { String issuerName) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { nickname = nickname.substring(index + 1); } try { @@ -1829,7 +1827,7 @@ public final class JssSubsystem implements ICryptoSubsystem { String issuerName, Locale locale) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { nickname = nickname.substring(index + 1); } try { @@ -1873,7 +1871,7 @@ public final class JssSubsystem implements ICryptoSubsystem { String issuerName, Locale locale) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { nickname = nickname.substring(index + 1); } try { diff --git a/base/server/cmscore/src/com/netscape/cmscore/security/KRATransportCert.java b/base/server/cmscore/src/com/netscape/cmscore/security/KRATransportCert.java index 9f8ef75c7..d50aaccf1 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/security/KRATransportCert.java +++ b/base/server/cmscore/src/com/netscape/cmscore/security/KRATransportCert.java @@ -20,8 +20,6 @@ package com.netscape.cmscore.security; import java.io.IOException; import java.security.KeyPair; -import netscape.security.x509.KeyUsageExtension; - import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.ConfigConstants; @@ -29,6 +27,8 @@ import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; import com.netscape.cmsutil.crypto.CryptoUtil; +import netscape.security.x509.KeyUsageExtension; + /** * KRA transport certificate * @@ -52,7 +52,7 @@ public class KRATransportCert extends CertificateInfo { String tokenname = (String) mProperties.get(Constants.PR_TOKEN_NAME); String nickname = getNickname(); - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenname)) cmsFileTmp.putString("kra.transportUnit.nickName", nickname); else cmsFileTmp.putString("kra.transportUnit.nickName", tokenname + ":" + nickname); diff --git a/base/server/cmscore/src/com/netscape/cmscore/security/KeyCertUtil.java b/base/server/cmscore/src/com/netscape/cmscore/security/KeyCertUtil.java index f8d2ebd47..802028b2e 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/security/KeyCertUtil.java +++ b/base/server/cmscore/src/com/netscape/cmscore/security/KeyCertUtil.java @@ -41,43 +41,6 @@ import java.security.interfaces.RSAPublicKey; import java.util.Enumeration; import java.util.Vector; -import netscape.ldap.LDAPAttribute; -import netscape.ldap.LDAPAttributeSet; -import netscape.ldap.LDAPConnection; -import netscape.ldap.LDAPEntry; -import netscape.ldap.LDAPException; -import netscape.ldap.LDAPModification; -import netscape.security.extensions.AuthInfoAccessExtension; -import netscape.security.extensions.ExtendedKeyUsageExtension; -import netscape.security.extensions.NSCertTypeExtension; -import netscape.security.extensions.OCSPNoCheckExtension; -import netscape.security.pkcs.PKCS10; -import netscape.security.pkcs.PKCS10Attribute; -import netscape.security.pkcs.PKCS10Attributes; -import netscape.security.pkcs.PKCS9Attribute; -import netscape.security.util.BigInt; -import netscape.security.util.DerOutputStream; -import netscape.security.util.DerValue; -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.AlgIdDSA; -import netscape.security.x509.AlgorithmId; -import netscape.security.x509.AuthorityKeyIdentifierExtension; -import netscape.security.x509.BasicConstraintsExtension; -import netscape.security.x509.CertificateAlgorithmId; -import netscape.security.x509.CertificateExtensions; -import netscape.security.x509.Extension; -import netscape.security.x509.Extensions; -import netscape.security.x509.GeneralName; -import netscape.security.x509.KeyIdentifier; -import netscape.security.x509.KeyUsageExtension; -import netscape.security.x509.SubjectKeyIdentifierExtension; -import netscape.security.x509.URIName; -import netscape.security.x509.X500Name; -import netscape.security.x509.X500Signer; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; -import netscape.security.x509.X509Key; - import org.mozilla.jss.CryptoManager; import org.mozilla.jss.CryptoManager.NicknameConflictException; import org.mozilla.jss.CryptoManager.NotInitializedException; @@ -115,6 +78,43 @@ import com.netscape.cmscore.dbs.X509CertImplMapper; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.Utils; +import netscape.ldap.LDAPAttribute; +import netscape.ldap.LDAPAttributeSet; +import netscape.ldap.LDAPConnection; +import netscape.ldap.LDAPEntry; +import netscape.ldap.LDAPException; +import netscape.ldap.LDAPModification; +import netscape.security.extensions.AuthInfoAccessExtension; +import netscape.security.extensions.ExtendedKeyUsageExtension; +import netscape.security.extensions.NSCertTypeExtension; +import netscape.security.extensions.OCSPNoCheckExtension; +import netscape.security.pkcs.PKCS10; +import netscape.security.pkcs.PKCS10Attribute; +import netscape.security.pkcs.PKCS10Attributes; +import netscape.security.pkcs.PKCS9Attribute; +import netscape.security.util.BigInt; +import netscape.security.util.DerOutputStream; +import netscape.security.util.DerValue; +import netscape.security.util.ObjectIdentifier; +import netscape.security.x509.AlgIdDSA; +import netscape.security.x509.AlgorithmId; +import netscape.security.x509.AuthorityKeyIdentifierExtension; +import netscape.security.x509.BasicConstraintsExtension; +import netscape.security.x509.CertificateAlgorithmId; +import netscape.security.x509.CertificateExtensions; +import netscape.security.x509.Extension; +import netscape.security.x509.Extensions; +import netscape.security.x509.GeneralName; +import netscape.security.x509.KeyIdentifier; +import netscape.security.x509.KeyUsageExtension; +import netscape.security.x509.SubjectKeyIdentifierExtension; +import netscape.security.x509.URIName; +import netscape.security.x509.X500Name; +import netscape.security.x509.X500Signer; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; +import netscape.security.x509.X509Key; + /** * This class provides all the base methods to generate the key for different * kinds of certificates. @@ -339,7 +339,7 @@ public class KeyCertUtil { CryptoManager manager = CryptoManager.getInstance(); CryptoToken token = null; - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { token = manager.getInternalKeyStorageToken(); } else { token = manager.getTokenByName(tokenname); @@ -499,11 +499,11 @@ public class KeyCertUtil { CryptoToken token = null; - if (tokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) tokenName = CryptoUtil.INTERNAL_TOKEN_NAME; try { - if (tokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { token = CryptoManager.getInstance().getInternalKeyStorageToken(); } else { token = CryptoManager.getInstance().getTokenByName(tokenName); @@ -1124,7 +1124,7 @@ public class KeyCertUtil { IOException, CertificateException { String fullnickname = nickname; - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) fullnickname = tokenname + ":" + nickname; CryptoManager manager = CryptoManager.getInstance(); X509Certificate cert = manager.findCertByNickname(fullnickname); diff --git a/base/server/cmscore/src/com/netscape/cmscore/security/OCSPSigningCert.java b/base/server/cmscore/src/com/netscape/cmscore/security/OCSPSigningCert.java index f60600f6e..c2b9a733e 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/security/OCSPSigningCert.java +++ b/base/server/cmscore/src/com/netscape/cmscore/security/OCSPSigningCert.java @@ -21,8 +21,6 @@ import java.io.IOException; import java.math.BigInteger; import java.security.KeyPair; -import netscape.security.x509.KeyUsageExtension; - import org.mozilla.jss.crypto.PQGParamGenException; import org.mozilla.jss.crypto.PQGParams; @@ -34,6 +32,8 @@ import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; import com.netscape.cmsutil.crypto.CryptoUtil; +import netscape.security.x509.KeyUsageExtension; + /** * OCSP signing certificate. * @@ -107,7 +107,7 @@ public class OCSPSigningCert extends CertificateInfo { throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", keyType)); cmsFileTmp.putString("ca.signing.defaultSigningAlgorithm", alg); - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenname)) cmsFileTmp.putString("ca.signing.cacertnickname", nickname); else cmsFileTmp.putString("ca.signing.cacertnickname", diff --git a/base/server/cmscore/src/com/netscape/cmscore/security/SSLCert.java b/base/server/cmscore/src/com/netscape/cmscore/security/SSLCert.java index a7d5f7992..45af2bc7e 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/security/SSLCert.java +++ b/base/server/cmscore/src/com/netscape/cmscore/security/SSLCert.java @@ -20,8 +20,6 @@ package com.netscape.cmscore.security; import java.io.IOException; import java.security.KeyPair; -import netscape.security.x509.KeyUsageExtension; - import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.ConfigConstants; @@ -29,6 +27,8 @@ import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; import com.netscape.cmsutil.crypto.CryptoUtil; +import netscape.security.x509.KeyUsageExtension; + /** * SSL server certificate * @@ -63,7 +63,7 @@ public class SSLCert extends CertificateInfo { String nickname = getNickname(); String fullNickname = ""; - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { fullNickname = nickname; } else { fullNickname = tokenname + ":" + nickname; diff --git a/base/server/cmscore/src/com/netscape/cmscore/security/SSLSelfSignedCert.java b/base/server/cmscore/src/com/netscape/cmscore/security/SSLSelfSignedCert.java index 66b20c47e..45f06af68 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/security/SSLSelfSignedCert.java +++ b/base/server/cmscore/src/com/netscape/cmscore/security/SSLSelfSignedCert.java @@ -20,8 +20,6 @@ package com.netscape.cmscore.security; import java.io.IOException; import java.security.KeyPair; -import netscape.security.x509.KeyUsageExtension; - import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.ConfigConstants; @@ -29,6 +27,8 @@ import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; import com.netscape.cmsutil.crypto.CryptoUtil; +import netscape.security.x509.KeyUsageExtension; + /** * SSL server certificate * @@ -57,7 +57,7 @@ public class SSLSelfSignedCert extends CertificateInfo { String nickname = getNickname(); String fullNickname = ""; - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { fullNickname = nickname; } else { fullNickname = tokenname + ":" + nickname; diff --git a/base/tps/src/org/dogtagpki/server/tps/TPSSubsystem.java b/base/tps/src/org/dogtagpki/server/tps/TPSSubsystem.java index 402718f26..f718576c5 100644 --- a/base/tps/src/org/dogtagpki/server/tps/TPSSubsystem.java +++ b/base/tps/src/org/dogtagpki/server/tps/TPSSubsystem.java @@ -364,10 +364,11 @@ public class TPSSubsystem implements IAuthority, ISubsystem { public org.mozilla.jss.crypto.X509Certificate getSubsystemCert() throws EBaseException, NotInitializedException, ObjectNotFoundException, TokenException { + IConfigStore cs = CMS.getConfigStore(); String nickname = cs.getString("tps.subsystem.nickname", ""); String tokenname = cs.getString("tps.subsystem.tokenname", ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) nickname = tokenname + ":" + nickname; CryptoManager cm = CryptoManager.getInstance(); diff --git a/base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java b/base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java index 823b0d7bf..1ff32b39f 100644 --- a/base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java +++ b/base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java @@ -51,8 +51,7 @@ public class TPSInstallerService extends SystemConfigService { // get token prefix, if applicable String tokPrefix = ""; - if (!request.getToken().equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && - !request.getToken().equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (!CryptoUtil.isInternalToken(request.getToken())) { tokPrefix = request.getToken() + ":"; } |