Replaced CryptoManager.getTokenByName().

Direct invocations of CryptoManager.getTokenByName() have been replaced with CryptoUtil.getCryptoToken() and getKeyStorageToken() to ensure that internal token names are handled consistently both in normal mode and FIPS mode. https://fedorahosted.org/pki/ticket/2556
author: Endi S. Dewata <edewata@redhat.com> 2017-01-24 16:17:10 +0100
committer: Endi S. Dewata <edewata@redhat.com> 2017-01-27 17:52:27 +0100
commit: 2fa7bc707a558da1b0c4d748d0805bdd0b60168c (patch)
tree: 9a0152fb6da9db98883bc16e8ee46ae676f0eac0 /base/kra/src
parent: 755fb2834d22131628ad1929c1bd4b1cd7592203 (diff)
download: pki-2fa7bc707a558da1b0c4d748d0805bdd0b60168c.tar.gz
pki-2fa7bc707a558da1b0c4d748d0805bdd0b60168c.tar.xz
pki-2fa7bc707a558da1b0c4d748d0805bdd0b60168c.zip
3 files changed, 9 insertions, 20 deletions
diff --git a/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java b/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java
index b51057b15..64680ed82 100644
--- a/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java
+++ b/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java
@@ -30,7 +30,6 @@ import java.util.Vector;
 
 import org.dogtagpki.legacy.kra.KRAPolicy;
 import org.dogtagpki.legacy.policy.IPolicyProcessor;
-import org.mozilla.jss.CryptoManager;
 import org.mozilla.jss.NoSuchTokenException;
 import org.mozilla.jss.crypto.CryptoToken;
 
@@ -339,13 +338,8 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove
             serverKeygenTokenName = CryptoUtil.INTERNAL_TOKEN_NAME;
 
         try {
-            if (serverKeygenTokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_NAME)) {
-                CMS.debug("KeyRecoveryAuthority: getting internal crypto token for serverkeygen");
-                mKeygenToken = CryptoManager.getInstance().getInternalKeyStorageToken();
-            } else {
-                CMS.debug("KeyRecoveryAuthority: getting HSM token for serverkeygen");
-                mKeygenToken = CryptoManager.getInstance().getTokenByName(serverKeygenTokenName);
-            }
+            mKeygenToken = CryptoUtil.getKeyStorageToken(serverKeygenTokenName);
+            CMS.debug("KeyRecoveryAuthority: token: " + mKeygenToken.getName());
             CMS.debug("KeyRecoveryAuthority: set up keygenToken");
         } catch (NoSuchTokenException e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", serverKeygenTokenName));
diff --git a/base/kra/src/com/netscape/kra/RecoveryService.java b/base/kra/src/com/netscape/kra/RecoveryService.java
index e9c357d1e..7bcceb833 100644
--- a/base/kra/src/com/netscape/kra/RecoveryService.java
+++ b/base/kra/src/com/netscape/kra/RecoveryService.java
@@ -139,13 +139,9 @@ public class RecoveryService implements IService {
             cm = CryptoManager.getInstance();
             config = CMS.getConfigStore();
             tokName = config.getString("kra.storageUnit.hardware", CryptoUtil.INTERNAL_TOKEN_NAME);
-            if (CryptoUtil.isInternalToken(tokName)) {
-                CMS.debug("RecoveryService: serviceRequest: use internal token ");
-                ct = cm.getInternalCryptoToken();
-            } else {
-                CMS.debug("RecoveryService: serviceRequest: tokenName=" + tokName);
-                ct = cm.getTokenByName(tokName);
-            }
+            CMS.debug("RecoveryService: serviceRequest: token: " + tokName);
+            ct = CryptoUtil.getCryptoToken(tokName);
+
             allowEncDecrypt_recovery = config.getBoolean("kra.allowEncDecrypt.recovery", false);
         } catch (Exception e) {
             CMS.debug("RecoveryService exception: use internal token :"
diff --git a/base/kra/src/com/netscape/kra/StorageKeyUnit.java b/base/kra/src/com/netscape/kra/StorageKeyUnit.java
index 30a0317ac..83f3e2a79 100644
--- a/base/kra/src/com/netscape/kra/StorageKeyUnit.java
+++ b/base/kra/src/com/netscape/kra/StorageKeyUnit.java
@@ -60,6 +60,7 @@ import com.netscape.certsrv.kra.IShare;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.security.Credential;
 import com.netscape.certsrv.security.IStorageKeyUnit;
+import com.netscape.cmsutil.crypto.CryptoUtil;
 import com.netscape.cmsutil.util.Utils;
 
 /**
@@ -686,11 +687,9 @@ public class StorageKeyUnit extends EncryptionUnit implements
 
     public CryptoToken getToken() {
         try {
-            if (mConfig.getString(PROP_HARDWARE, null) != null) {
-                return mManager.getTokenByName(mConfig.getString(PROP_HARDWARE));
-            } else {
-                return CryptoManager.getInstance().getInternalKeyStorageToken();
-            }
+            String tokenName = mConfig.getString(PROP_HARDWARE, null);
+            return CryptoUtil.getKeyStorageToken(tokenName);
+
         } catch (Exception e) {
             return null;
         }
author	Endi S. Dewata <edewata@redhat.com>	2017-01-24 16:17:10 +0100
committer	Endi S. Dewata <edewata@redhat.com>	2017-01-27 17:52:27 +0100
commit	2fa7bc707a558da1b0c4d748d0805bdd0b60168c (patch)
tree	9a0152fb6da9db98883bc16e8ee46ae676f0eac0 /base/kra/src
parent	755fb2834d22131628ad1929c1bd4b1cd7592203 (diff)
download	pki-2fa7bc707a558da1b0c4d748d0805bdd0b60168c.tar.gz pki-2fa7bc707a558da1b0c4d748d0805bdd0b60168c.tar.xz pki-2fa7bc707a558da1b0c4d748d0805bdd0b60168c.zip