Replaced SHA1-based random number generators.

The SHA1-based random number generators in some classes have been replaced with the random number generator provided by JssSubsystem. https://pagure.io/dogtagpki/issue/2695 Change-Id: Id0285dbc8c940fa7afb8feccab3086030d949514
author: Endi S. Dewata <edewata@redhat.com> 2017-05-20 01:49:36 +0200
committer: Endi S. Dewata <edewata@redhat.com> 2017-05-25 16:55:05 +0200
commit: 8aa94e1ca017e54454f6f6f6ebb4ee254062e822 (patch)
tree: 08775f536846369e3ac98d62968724bb43e1f23d /base/kra/src
parent: 2a947446b81d21758ffadbae905a49e8c4e900ef (diff)
download: pki-8aa94e1ca017e54454f6f6f6ebb4ee254062e822.tar.gz
pki-8aa94e1ca017e54454f6f6f6ebb4ee254062e822.tar.xz
pki-8aa94e1ca017e54454f6f6f6ebb4ee254062e822.zip
2 files changed, 8 insertions, 2 deletions
diff --git a/base/kra/src/com/netscape/kra/NetkeyKeygenService.java b/base/kra/src/com/netscape/kra/NetkeyKeygenService.java
index e54c58acf..8383e895e 100644
--- a/base/kra/src/com/netscape/kra/NetkeyKeygenService.java
+++ b/base/kra/src/com/netscape/kra/NetkeyKeygenService.java
@@ -62,6 +62,7 @@ import com.netscape.certsrv.security.IStorageKeyUnit;
 import com.netscape.certsrv.security.ITransportKeyUnit;
 import com.netscape.cms.servlet.key.KeyRecordParser;
 import com.netscape.cmscore.dbs.KeyRecord;
+import com.netscape.cmscore.security.JssSubsystem;
 import com.netscape.cmscore.util.Debug;
 import com.netscape.cmsutil.crypto.CryptoUtil;
 
@@ -153,10 +154,12 @@ public class NetkeyKeygenService implements IService {
         byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
         String iv_s = "";
         try {
-            SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+            JssSubsystem jssSubsystem = (JssSubsystem) CMS.getSubsystem(JssSubsystem.ID);
+            SecureRandom random = jssSubsystem.getRandomNumberGenerator();
             random.nextBytes(iv);
         } catch (Exception e) {
             CMS.debug("NetkeyKeygenService.serviceRequest:  " + e.toString());
+            throw new EBaseException(e);
         }
 
         IVParameterSpec algParam = new IVParameterSpec(iv);
diff --git a/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java b/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java
index 2519a4d5e..c0b5cdd2d 100644
--- a/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java
+++ b/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java
@@ -56,6 +56,7 @@ import com.netscape.certsrv.request.RequestId;
 import com.netscape.certsrv.security.IStorageKeyUnit;
 import com.netscape.certsrv.security.ITransportKeyUnit;
 import com.netscape.cmscore.dbs.KeyRecord;
+import com.netscape.cmscore.security.JssSubsystem;
 import com.netscape.cmsutil.crypto.CryptoUtil;
 import com.netscape.cmsutil.util.Cert;
 
@@ -203,10 +204,12 @@ public class TokenKeyRecoveryService implements IService {
 
         byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
         try {
-            SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+            JssSubsystem jssSubsystem = (JssSubsystem) CMS.getSubsystem(JssSubsystem.ID);
+            SecureRandom random = jssSubsystem.getRandomNumberGenerator();
             random.nextBytes(iv);
         } catch (Exception e) {
             CMS.debug("TokenKeyRecoveryService.serviceRequest: " + e.toString());
+            throw new EBaseException(e);
         }
 
         RequestId auditRequestID = request.getRequestId();
author	Endi S. Dewata <edewata@redhat.com>	2017-05-20 01:49:36 +0200
committer	Endi S. Dewata <edewata@redhat.com>	2017-05-25 16:55:05 +0200
commit	8aa94e1ca017e54454f6f6f6ebb4ee254062e822 (patch)
tree	08775f536846369e3ac98d62968724bb43e1f23d /base/kra/src
parent	2a947446b81d21758ffadbae905a49e8c4e900ef (diff)
download	pki-8aa94e1ca017e54454f6f6f6ebb4ee254062e822.tar.gz pki-8aa94e1ca017e54454f6f6f6ebb4ee254062e822.tar.xz pki-8aa94e1ca017e54454f6f6f6ebb4ee254062e822.zip