diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2017-01-20 23:57:11 +0100 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2017-01-26 00:56:15 +0100 |
| commit | 48cefdea31e62d49c8b728576d29e0f298141a04 (patch) | |
| tree | 3a5e68b45dd4da38df7ba1e6d54956c0c5155d8f /base/server/cms/src/com/netscape | |
| parent | 97ac6024c813621856b3cbfc8207416a46855108 (diff) | |
| download | pki-48cefdea31e62d49c8b728576d29e0f298141a04.tar.gz pki-48cefdea31e62d49c8b728576d29e0f298141a04.tar.xz pki-48cefdea31e62d49c8b728576d29e0f298141a04.zip | |
Fixed inconsistent internal token detection.
The codes that detect internal token name have been modified to
use CryptoUtil.isInternalToken() such that the comparison can be
done consistently both in normal mode and FIPS mode.
https://fedorahosted.org/pki/ticket/2556
Diffstat (limited to 'base/server/cms/src/com/netscape')
12 files changed, 36 insertions, 47 deletions
diff --git a/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java b/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java index 3f46d918d..d1c04ee9b 100644 --- a/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java +++ b/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java @@ -926,7 +926,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME); // by default JSS will use internal crypto token - if (!tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (!CryptoUtil.isInternalToken(tokenName)) { savedToken = cm.getThreadToken(); signToken = cm.getTokenByName(tokenName); if(signToken != null) { diff --git a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java index 47e886361..3b6916b37 100644 --- a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java +++ b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java @@ -702,7 +702,7 @@ public abstract class EnrollProfile extends BasicProfile String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME); savedToken = cm.getThreadToken(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { signToken = cm.getInternalCryptoToken(); } else { signToken = cm.getTokenByName(tokenName); @@ -1509,7 +1509,7 @@ public abstract class EnrollProfile extends BasicProfile CryptoManager cm = CryptoManager.getInstance(); CryptoToken verifyToken = null; String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { CMS.debug("POP verification using internal token"); certReqMsg.verify(); } else { diff --git a/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java b/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java index 3ec74eda2..0a389fe6f 100644 --- a/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java +++ b/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java @@ -208,7 +208,7 @@ public abstract class EnrollInput implements IProfileInput { CryptoToken verifyToken = null; String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { CMS.debug("POP verification using internal token"); certReqMsg.verify(); } else { diff --git a/base/server/cms/src/com/netscape/cms/publish/publishers/OCSPPublisher.java b/base/server/cms/src/com/netscape/cms/publish/publishers/OCSPPublisher.java index 45aae2495..7ca88a771 100644 --- a/base/server/cms/src/com/netscape/cms/publish/publishers/OCSPPublisher.java +++ b/base/server/cms/src/com/netscape/cms/publish/publishers/OCSPPublisher.java @@ -145,7 +145,7 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { try { nickname = config.getString("ca.subsystem.nickname", ""); String tokenname = config.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) nickname = tokenname + ":" + nickname; } catch (Exception e) { } diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java index 46ac361fe..eecbdbcd0 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java @@ -588,7 +588,7 @@ public final class CMSAdminServlet extends AdminServlet { String tokenName = (String) tokenizer.nextElement(); String nickName = (String) tokenizer.nextElement(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { tokenName = jssSubSystem.getInternalTokenName(); } else { nickName = tokenName + ":" + nickName; @@ -693,7 +693,7 @@ public final class CMSAdminServlet extends AdminServlet { } String tokenName = (String) tokenizer.nextElement(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) tokenName = ""; else tokenName = tokenName + ":"; @@ -1100,7 +1100,7 @@ public final class CMSAdminServlet extends AdminServlet { String value = req.getParameter(key); if (key.equals(Constants.PR_TOKEN_NAME)) { - if (!value.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (!CryptoUtil.isInternalToken(value)) tokenName = value; } else if (key.equals(Constants.PR_KEY_LENGTH)) { keyLength = Integer.parseInt(value); @@ -1264,7 +1264,7 @@ public final class CMSAdminServlet extends AdminServlet { CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) signingUnit.setNewNickName(nickname); else { if (tokenName.equals("") && nickname.equals("")) @@ -1287,7 +1287,7 @@ public final class CMSAdminServlet extends AdminServlet { IRegistrationAuthority ra = (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) ra.setNewNickName(nickname); else { if (tokenName.equals("") && nickname.equals("")) @@ -1311,7 +1311,7 @@ public final class CMSAdminServlet extends AdminServlet { if (ocsp != null) { ISigningUnit signingUnit = ocsp.getSigningUnit(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) signingUnit.setNewNickName(nickname); else { if (tokenName.equals("") && nickname.equals("")) @@ -1324,7 +1324,7 @@ public final class CMSAdminServlet extends AdminServlet { CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) signingUnit.setNewNickName(nickname); else { if (tokenName.equals("") && nickname.equals("")) @@ -1356,7 +1356,7 @@ public final class CMSAdminServlet extends AdminServlet { IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) kra.setNewNickName(nickname); else { if (tokenName.equals("") && nickname.equals("")) diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/KRAConnectorProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/admin/KRAConnectorProcessor.java index 92067c7c3..2fd5d5371 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/admin/KRAConnectorProcessor.java +++ b/base/server/cms/src/com/netscape/cms/servlet/admin/KRAConnectorProcessor.java @@ -194,7 +194,7 @@ public class KRAConnectorProcessor extends CAProcessor { String nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) nickname = tokenname + ":" + nickname; cs.putString(PREFIX + ".nickName", nickname); cs.commit(true); diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java index 27840bdc6..55860fad5 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java +++ b/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java @@ -245,8 +245,7 @@ public class CRSEnrollment extends HttpServlet { mTokenName = scepConfig.getString("tokenname", ""); mUseCA = false; } - if (!(mTokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_NAME) || - mTokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) || mTokenName.length() == 0)) { + if (!CryptoUtil.isInternalToken(mTokenName)) { int i = mNickname.indexOf(':'); if (!((i > -1) && (mTokenName.length() == i) && (mNickname.startsWith(mTokenName)))) { mNickname = mTokenName + ":" + mNickname; @@ -1964,9 +1963,7 @@ public class CRSEnrollment extends HttpServlet { cm = CryptoManager.getInstance(); internalToken = cm.getInternalCryptoToken(); DESkg = internalToken.getKeyGenerator(kga); - if (mTokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_NAME) || - mTokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) || - mTokenName.length() == 0) { + if (CryptoUtil.isInternalToken(mTokenName)) { keyStorageToken = cm.getInternalKeyStorageToken(); internalKeyStorageToken = keyStorageToken; CMS.debug("CRSEnrollment: CryptoContext: internal token name: '" + mTokenName + "'"); diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java index d652963b1..018bfc7c1 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java @@ -763,8 +763,7 @@ public class CertUtil { } String fullnickname = nickname; - - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (!CryptoUtil.isInternalToken(tokenname)) { fullnickname = tokenname + ":" + nickname; } diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index 105ae6ee9..e65035ecb 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -997,8 +997,7 @@ public class ConfigurationUtils { String name1 = "preop.master." + tag + ".nickname"; String nickname = cs.getString(name1, ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && - !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) nickname = tokenname + ":" + nickname; CMS.debug("ConfigurationUtils.verifySystemCertificates(): checking certificate " + nickname); @@ -2341,9 +2340,8 @@ public class ConfigurationUtils { CryptoManager cm = CryptoManager.getInstance(); - if (token != null) { - if (!token.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) - nickname = token + ":" + nickname; + if (!CryptoUtil.isInternalToken(token)) { + nickname = token + ":" + nickname; } X509Certificate cert = cm.findCertByNickname(nickname); @@ -2815,7 +2813,7 @@ public class ConfigurationUtils { String cstype = config.getString("cs.type", null); cstype = cstype.toLowerCase(); if (cstype.equals("kra")) { - if (!token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (!CryptoUtil.isInternalToken(token)) { if (certTag.equals("storage")) { config.putString(subsystem + ".storageUnit.hardware", token); config.putString(subsystem + ".storageUnit.nickName", token + ":" + nickname); @@ -2834,7 +2832,7 @@ public class ConfigurationUtils { String serverCertNickname = nickname; String path = CMS.getConfigStore().getString("instanceRoot", ""); if (certTag.equals("sslserver")) { - if (!token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (!CryptoUtil.isInternalToken(token)) { serverCertNickname = token + ":" + nickname; } PrintStream ps = new PrintStream(path + "/conf/serverCertNick.conf", "UTF-8"); @@ -2845,7 +2843,7 @@ public class ConfigurationUtils { config.putString(subsystem + "." + certTag + ".nickname", nickname); config.putString(subsystem + "." + certTag + ".tokenname", token); if (certTag.equals("audit_signing")) { - if (!token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && !token.equals("")) { + if (!CryptoUtil.isInternalToken(token)) { config.putString("log.instance.SignedAudit.signedAuditCertNickname", token + ":" + nickname); } else { @@ -2855,7 +2853,7 @@ public class ConfigurationUtils { } // for system certs verification - if (!token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && !token.equals("")) { + if (!CryptoUtil.isInternalToken(token)) { config.putString(subsystem + ".cert." + certTag + ".nickname", token + ":" + nickname); } else { @@ -2929,7 +2927,7 @@ public class ConfigurationUtils { cstype = cstype.toLowerCase(); if (cstype.equals("kra")) { String token = config.getString("preop.module.token"); - if (!token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (!CryptoUtil.isInternalToken(token)) { CMS.debug("ConfigurationUtils: updating configuration for KRA clone with hardware token"); String subsystem = config.getString(PCERT_PREFIX + "storage.subsystem"); String storageNickname = getNickname(config, "storage"); @@ -2947,7 +2945,7 @@ public class ConfigurationUtils { // audit signing cert String audit_nn = config.getString(cstype + ".audit_signing" + ".nickname", ""); String audit_tk = config.getString(cstype + ".audit_signing" + ".tokenname", ""); - if (!audit_tk.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && !audit_tk.equals("")) { + if (!CryptoUtil.isInternalToken(audit_tk)) { config.putString("log.instance.SignedAudit.signedAuditCertNickname", audit_tk + ":" + audit_nn); } else { @@ -3332,7 +3330,7 @@ public class ConfigurationUtils { if (certTag.equals("signing") && subsystem.equals("ca")) { String NickName = nickname; - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) NickName = tokenname + ":" + nickname; CMS.debug("handleCerts(): set trust on CA signing cert " + NickName); @@ -3349,7 +3347,7 @@ public class ConfigurationUtils { IConfigStore cs = CMS.getConfigStore(); String nickname = cs.getString("preop.cert." + tag + ".nickname", ""); String tokenname = cs.getString("preop.module.token", ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) nickname = tokenname + ":" + nickname; CryptoManager cm = CryptoManager.getInstance(); @@ -3375,7 +3373,7 @@ public class ConfigurationUtils { String fullnickname = nickname; boolean hardware = false; - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (!CryptoUtil.isInternalToken(tokenname)) { hardware = true; fullnickname = tokenname + ":" + nickname; } @@ -3437,9 +3435,7 @@ public class ConfigurationUtils { CryptoToken tok = CryptoUtil.getKeyStorageToken(tokenname); CryptoStore store = tok.getCryptoStore(); String fullnickname = nickname; - if (!tokenname.equals("") && - !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && - !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) fullnickname = tokenname + ":" + nickname; CMS.debug("deleteCert: nickname=" + fullnickname); @@ -3485,7 +3481,7 @@ public class ConfigurationUtils { String nickname = cs.getString("preop.cert." + t + ".nickname"); String modname = cs.getString("preop.module.token"); - if (!modname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(modname)) nickname = modname + ":" + nickname; util.loadCertFromNSS(pkcs12, nickname, true, false); @@ -3997,9 +3993,7 @@ public class ConfigurationUtils { String nickname = cs.getString("preop.cert.subsystem.nickname", ""); String tokenname = cs.getString("preop.module.token", ""); - if (!tokenname.equals("") && - !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && - !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (!CryptoUtil.isInternalToken(tokenname)) { nickname = tokenname + ":" + nickname; } CMS.debug("updateDomainXML() nickname=" + nickname); @@ -4574,8 +4568,7 @@ public class ConfigurationUtils { String nickname = cs.getString("preop.cert.subsystem.nickname", ""); String tokenname = cs.getString("preop.module.token", ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) - && !tokenname.equals("")) { + if (!CryptoUtil.isInternalToken(tokenname)) { nickname = tokenname + ":" + nickname; } diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java index 6bb0746b7..ba292a664 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java @@ -70,7 +70,7 @@ public class GetSubsystemCert extends CMSServlet { try { nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) nickname = tokenname + ":" + nickname; } catch (Exception e) { } diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java index d5b552be8..1a7d89d72 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java @@ -108,7 +108,7 @@ public class UpdateOCSPConfig extends CMSServlet { try { nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) nickname = tokenname + ":" + nickname; } catch (Exception e) { } diff --git a/base/server/cms/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java b/base/server/cms/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java index d4e8f92b6..d2dec7310 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java @@ -356,7 +356,7 @@ public class AddCRLServlet extends CMSServlet { String tokenName = CMS.getConfigStore().getString("ocsp.crlVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME); savedToken = cmanager.getThreadToken(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { verToken = cmanager.getInternalCryptoToken(); } else { verToken = cmanager.getTokenByName(tokenName); |