diff options
author | Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> | 2017-05-05 11:44:17 -0700 |
---|---|---|
committer | Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> | 2017-05-05 17:00:15 -0700 |
commit | f26b3aaee1cf36941f387b464b937ffee1403048 (patch) | |
tree | a52f8983fe5b9648a8d0937fc5d183a78897d6f6 | |
parent | 3fb95590cdf0e45418fa0be7a020691567ef152a (diff) | |
download | pki-f26b3aaee1cf36941f387b464b937ffee1403048.tar.gz pki-f26b3aaee1cf36941f387b464b937ffee1403048.tar.xz pki-f26b3aaee1cf36941f387b464b937ffee1403048.zip |
Non server keygen issue in SCP03.
Ticket 1663 Add SCP03 support: https://pagure.io/dogtagpki/issue/1663
We discovered a minor issue when trying to log values that don't exist when performing the non server side keygen case. For instance , we don't need to generate a kek session key in this case, and we were trying to print info about it to the logs. This fix allows this case to work without issue.
-rw-r--r-- | base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java | 4 | ||||
-rw-r--r-- | base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java | 51 |
2 files changed, 37 insertions, 18 deletions
diff --git a/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java b/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java index fc5472c79..5e5646b40 100644 --- a/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java +++ b/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java @@ -148,8 +148,8 @@ public class SecureChannel { CMS.debug("SecureChannel.SecureChannel: For SCP03. : "); - CMS.debug("kekDesKey: " + kekDesKey.toHexString()); - CMS.debug("keyCheck: " + keyCheck.toHexString()); + if (keyCheck != null) + CMS.debug("keyCheck: " + keyCheck.toHexString()); this.platProtInfo = platformInfo; this.processor = processor; diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java index 0cfac5919..0f9691556 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java @@ -33,6 +33,8 @@ import java.util.List; import java.util.Map; import java.util.Set; +import netscape.security.x509.RevocationReason; + import org.dogtagpki.server.tps.TPSSession; import org.dogtagpki.server.tps.TPSSubsystem; import org.dogtagpki.server.tps.authentication.AuthUIParameter; @@ -100,8 +102,6 @@ import com.netscape.cms.servlet.tks.SecureChannelProtocol; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.symkey.SessionKey; -import netscape.security.x509.RevocationReason; - public class TPSProcessor { public static final int RESULT_NO_ERROR = 0; @@ -923,20 +923,39 @@ public class TPSProcessor { TPSBuffer drmDesKeyBuff = resp.getDRM_Trans_DesKey(); TPSBuffer kekDesKeyBuff = resp.getKekWrappedDesKey(); - CMS.debug(method + " encSessionKeyBuff: " + encSessionKeyBuff.toHexString()); - CMS.debug(method + " kekSessionKeyBuff: " + kekSessionKeyBuff.toHexString()); - CMS.debug(method + " macSessionKeyBuff: " + macSessionKeyBuff.toHexString()); - CMS.debug(method + " hostCryptogramBuff: " + hostCryptogramBuff.toHexString()); - CMS.debug(method + " keyCheckBuff: " + keyCheckBuff.toHexString()); - CMS.debug(method + " drmDessKeyBuff: " + drmDesKeyBuff.toHexString()); - CMS.debug(method + " kekDesKeyBuff: " + kekDesKeyBuff.toHexString()); - - encSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, - encSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); - macSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, - macSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); - kekSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, - kekSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); + if (encSessionKeyBuff != null) + CMS.debug(method + " encSessionKeyBuff: " + encSessionKeyBuff.toHexString()); + + if (kekSessionKeyBuff != null) + CMS.debug(method + " kekSessionKeyBuff: " + kekSessionKeyBuff.toHexString()); + + if (macSessionKeyBuff != null) + CMS.debug(method + " macSessionKeyBuff: " + macSessionKeyBuff.toHexString()); + + if (hostCryptogramBuff != null) + CMS.debug(method + " hostCryptogramBuff: " + hostCryptogramBuff.toHexString()); + + if (keyCheckBuff != null) + CMS.debug(method + " keyCheckBuff: " + keyCheckBuff.toHexString()); + + if (drmDesKeyBuff != null) + CMS.debug(method + " drmDessKeyBuff: " + drmDesKeyBuff.toHexString()); + + if (kekDesKeyBuff != null) + CMS.debug(method + " kekDesKeyBuff: " + kekDesKeyBuff.toHexString()); + + + if (encSessionKeyBuff != null) + encSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, + encSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); + + if (macSessionKeyBuff != null) + macSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, + macSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); + + if (kekSessionKeyBuff != null) + kekSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, + kekSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); channel = new SecureChannel(this, encSessionKeySCP03, macSessionKeySCP03, kekSessionKeySCP03, drmDesKeyBuff, kekDesKeyBuff, |