diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-01-24 16:17:10 +0100 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-01-27 17:52:27 +0100 |
commit | 2fa7bc707a558da1b0c4d748d0805bdd0b60168c (patch) | |
tree | 9a0152fb6da9db98883bc16e8ee46ae676f0eac0 /base/kra/src | |
parent | 755fb2834d22131628ad1929c1bd4b1cd7592203 (diff) | |
download | pki-2fa7bc707a558da1b0c4d748d0805bdd0b60168c.tar.gz pki-2fa7bc707a558da1b0c4d748d0805bdd0b60168c.tar.xz pki-2fa7bc707a558da1b0c4d748d0805bdd0b60168c.zip |
Replaced CryptoManager.getTokenByName().
Direct invocations of CryptoManager.getTokenByName() have been
replaced with CryptoUtil.getCryptoToken() and getKeyStorageToken()
to ensure that internal token names are handled consistently both
in normal mode and FIPS mode.
https://fedorahosted.org/pki/ticket/2556
Diffstat (limited to 'base/kra/src')
-rw-r--r-- | base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java | 10 | ||||
-rw-r--r-- | base/kra/src/com/netscape/kra/RecoveryService.java | 10 | ||||
-rw-r--r-- | base/kra/src/com/netscape/kra/StorageKeyUnit.java | 9 |
3 files changed, 9 insertions, 20 deletions
diff --git a/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java b/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java index b51057b15..64680ed82 100644 --- a/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java +++ b/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java @@ -30,7 +30,6 @@ import java.util.Vector; import org.dogtagpki.legacy.kra.KRAPolicy; import org.dogtagpki.legacy.policy.IPolicyProcessor; -import org.mozilla.jss.CryptoManager; import org.mozilla.jss.NoSuchTokenException; import org.mozilla.jss.crypto.CryptoToken; @@ -339,13 +338,8 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove serverKeygenTokenName = CryptoUtil.INTERNAL_TOKEN_NAME; try { - if (serverKeygenTokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_NAME)) { - CMS.debug("KeyRecoveryAuthority: getting internal crypto token for serverkeygen"); - mKeygenToken = CryptoManager.getInstance().getInternalKeyStorageToken(); - } else { - CMS.debug("KeyRecoveryAuthority: getting HSM token for serverkeygen"); - mKeygenToken = CryptoManager.getInstance().getTokenByName(serverKeygenTokenName); - } + mKeygenToken = CryptoUtil.getKeyStorageToken(serverKeygenTokenName); + CMS.debug("KeyRecoveryAuthority: token: " + mKeygenToken.getName()); CMS.debug("KeyRecoveryAuthority: set up keygenToken"); } catch (NoSuchTokenException e) { throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", serverKeygenTokenName)); diff --git a/base/kra/src/com/netscape/kra/RecoveryService.java b/base/kra/src/com/netscape/kra/RecoveryService.java index e9c357d1e..7bcceb833 100644 --- a/base/kra/src/com/netscape/kra/RecoveryService.java +++ b/base/kra/src/com/netscape/kra/RecoveryService.java @@ -139,13 +139,9 @@ public class RecoveryService implements IService { cm = CryptoManager.getInstance(); config = CMS.getConfigStore(); tokName = config.getString("kra.storageUnit.hardware", CryptoUtil.INTERNAL_TOKEN_NAME); - if (CryptoUtil.isInternalToken(tokName)) { - CMS.debug("RecoveryService: serviceRequest: use internal token "); - ct = cm.getInternalCryptoToken(); - } else { - CMS.debug("RecoveryService: serviceRequest: tokenName=" + tokName); - ct = cm.getTokenByName(tokName); - } + CMS.debug("RecoveryService: serviceRequest: token: " + tokName); + ct = CryptoUtil.getCryptoToken(tokName); + allowEncDecrypt_recovery = config.getBoolean("kra.allowEncDecrypt.recovery", false); } catch (Exception e) { CMS.debug("RecoveryService exception: use internal token :" diff --git a/base/kra/src/com/netscape/kra/StorageKeyUnit.java b/base/kra/src/com/netscape/kra/StorageKeyUnit.java index 30a0317ac..83f3e2a79 100644 --- a/base/kra/src/com/netscape/kra/StorageKeyUnit.java +++ b/base/kra/src/com/netscape/kra/StorageKeyUnit.java @@ -60,6 +60,7 @@ import com.netscape.certsrv.kra.IShare; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.security.Credential; import com.netscape.certsrv.security.IStorageKeyUnit; +import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.Utils; /** @@ -686,11 +687,9 @@ public class StorageKeyUnit extends EncryptionUnit implements public CryptoToken getToken() { try { - if (mConfig.getString(PROP_HARDWARE, null) != null) { - return mManager.getTokenByName(mConfig.getString(PROP_HARDWARE)); - } else { - return CryptoManager.getInstance().getInternalKeyStorageToken(); - } + String tokenName = mConfig.getString(PROP_HARDWARE, null); + return CryptoUtil.getKeyStorageToken(tokenName); + } catch (Exception e) { return null; } |