diff options
author | Christina Fu <cfu@redhat.com> | 2013-01-09 18:44:54 -0800 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2013-01-09 18:44:54 -0800 |
commit | 5e1099d21288fc23eb41b68d0e21fb683019d08c (patch) | |
tree | 2741f68c570baf1723d94551a649c63492a652d5 /base/common/src/com/netscape/cms | |
parent | 494c57164dd6a4a90c4442f508a55aa7b9511374 (diff) | |
download | pki-5e1099d21288fc23eb41b68d0e21fb683019d08c.tar.gz pki-5e1099d21288fc23eb41b68d0e21fb683019d08c.tar.xz pki-5e1099d21288fc23eb41b68d0e21fb683019d08c.zip |
Bug 839426 - [RFE] ECC CRL support for OCSP
Diffstat (limited to 'base/common/src/com/netscape/cms')
-rw-r--r-- | base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java b/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java index ff2d76029..c144d6e39 100644 --- a/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java +++ b/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java @@ -34,6 +34,7 @@ import netscape.security.x509.X509CertImpl; import netscape.security.x509.X509ExtensionException; import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.crypto.CryptoToken; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; @@ -339,13 +340,30 @@ public class AddCRLServlet extends CMSServlet { pt.getThisUpdate()); // verify CRL + CryptoManager cmanager = null; + boolean tokenSwitched = false; + CryptoToken verToken = null; + CryptoToken savedToken = null; byte caCertData[] = pt.getCACert(); if (caCertData != null) { try { + cmanager = CryptoManager.getInstance(); X509CertImpl caCert = new X509CertImpl(caCertData); CMS.debug("AddCRLServlet: start verify"); - CryptoManager cmanager = CryptoManager.getInstance(); + String tokenName = + CMS.getConfigStore().getString("ocsp.crlVerify.token", "internal"); + savedToken = cmanager.getThreadToken(); + if (tokenName.equals("internal")) { + verToken = cmanager.getInternalCryptoToken(); + } else { + verToken = cmanager.getTokenByName(tokenName); + } + if (!savedToken.getName().equals(verToken.getName())) { + cmanager.setThreadToken(verToken); + tokenSwitched = true; + } + org.mozilla.jss.crypto.X509Certificate jssCert = null; try { jssCert = cmanager.importCACertPackage( @@ -392,6 +410,10 @@ public class AddCRLServlet extends CMSServlet { throw new ECMSGWException( CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); + } finally { + if (tokenSwitched == true){ + cmanager.setThreadToken(savedToken); + } } } |