Fixed inconsistent internal token detection.

The codes that detect internal token name have been modified to use CryptoUtil.isInternalToken() such that the comparison can be done consistently both in normal mode and FIPS mode. https://fedorahosted.org/pki/ticket/2556
author: Endi S. Dewata <edewata@redhat.com> 2017-01-20 23:57:11 +0100
committer: Endi S. Dewata <edewata@redhat.com> 2017-01-26 00:56:15 +0100
commit: 48cefdea31e62d49c8b728576d29e0f298141a04 (patch)
tree: 3a5e68b45dd4da38df7ba1e6d54956c0c5155d8f /base/server/cms/src/org
parent: 97ac6024c813621856b3cbfc8207416a46855108 (diff)
download: pki-48cefdea31e62d49c8b728576d29e0f298141a04.tar.gz
pki-48cefdea31e62d49c8b728576d29e0f298141a04.tar.xz
pki-48cefdea31e62d49c8b728576d29e0f298141a04.zip
1 files changed, 14 insertions, 10 deletions
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
index a0c1b785e..2cf76d80a 100644
--- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
+++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
@@ -34,8 +34,6 @@ import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.Request;
 import javax.ws.rs.core.UriInfo;
 
-import netscape.security.x509.X509CertImpl;
-
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang.mutable.MutableBoolean;
 import org.mozilla.jss.CryptoManager;
@@ -68,6 +66,8 @@ import com.netscape.cms.servlet.csadmin.SystemCertDataFactory;
 import com.netscape.cmsutil.crypto.CryptoUtil;
 import com.netscape.cmsutil.util.Utils;
 
+import netscape.security.x509.X509CertImpl;
+
 /**
  * @author alee
  *
@@ -150,7 +150,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
         // specify module and log into token
         CMS.debug("=== Token Authentication ===");
         String token = data.getToken();
-        if (token == null) {
+        if (CryptoUtil.isInternalToken(token)) {
             token = CryptoUtil.INTERNAL_TOKEN_FULL_NAME;
         }
         loginToken(data, token);
@@ -569,12 +569,16 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
             ObjectNotFoundException, TokenException {
         // TODO - some of these parameters may only be valid for RSA
         CryptoManager cryptoManager = CryptoManager.getInstance();
-        if (!tokenName.isEmpty())
+        String nickname;
+        if (!CryptoUtil.isInternalToken(tokenName)) {
             CMS.debug("SystemConfigService:updateCloneConfiguration: tokenName=" + tokenName);
-        else
+            nickname = tokenName + ":" + cdata.getNickname();
+        } else {
             CMS.debug("SystemConfigService:updateCloneConfiguration: tokenName empty; using internal");
+            nickname = cdata.getNickname();
+        }
 
-        X509Certificate cert = cryptoManager.findCertByNickname(!tokenName.isEmpty()? tokenName + ":" + cdata.getNickname() :  cdata.getNickname());
+        X509Certificate cert = cryptoManager.findCertByNickname(nickname);
         PublicKey pubk = cert.getPublicKey();
         byte[] exponent = CryptoUtil.getPublicExponent(pubk);
         byte[] modulus = CryptoUtil.getModulus(pubk);
@@ -588,7 +592,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
     }
 
     private void updateConfiguration(ConfigurationRequest data, SystemCertData cdata, String tag) {
-        if (cdata.getToken().equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) {
+        if (CryptoUtil.isInternalToken(cdata.getToken())) {
             cs.putString(csSubsystem + ".cert." + tag + ".nickname", cdata.getNickname());
         } else {
             cs.putString(csSubsystem + ".cert." + tag + ".nickname", data.getToken() +
@@ -877,7 +881,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
         CMS.debug("SystemConfigService: get configuration entries from master");
         ConfigurationUtils.getConfigEntriesFromMaster();
 
-        if (token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) {
+        if (CryptoUtil.isInternalToken(token)) {
             if (!data.getSystemCertsImported()) {
                 CMS.debug("SystemConfigService: restore certificates from P12 file");
                 String p12File = data.getP12File();
@@ -1019,7 +1023,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
     public void loginToken(ConfigurationRequest data, String token) {
         cs.putString("preop.module.token", token);
 
-        if (! token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) {
+        if (!CryptoUtil.isInternalToken(token)) {
             try {
                 CryptoManager cryptoManager = CryptoManager.getInstance();
                 CryptoToken ctoken = cryptoManager.getTokenByName(token);
@@ -1130,7 +1134,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
                 throw new BadRequestException("Invalid clone URI: " + cloneUri, e);
             }
 
-            if (data.getToken().equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) {
+            if (CryptoUtil.isInternalToken(data.getToken())) {
                 if (!data.getSystemCertsImported()) {
                     if (data.getP12File() == null) {
                         throw new BadRequestException("P12 filename not provided");
author	Endi S. Dewata <edewata@redhat.com>	2017-01-20 23:57:11 +0100
committer	Endi S. Dewata <edewata@redhat.com>	2017-01-26 00:56:15 +0100
commit	48cefdea31e62d49c8b728576d29e0f298141a04 (patch)
tree	3a5e68b45dd4da38df7ba1e6d54956c0c5155d8f /base/server/cms/src/org
parent	97ac6024c813621856b3cbfc8207416a46855108 (diff)
download	pki-48cefdea31e62d49c8b728576d29e0f298141a04.tar.gz pki-48cefdea31e62d49c8b728576d29e0f298141a04.tar.xz pki-48cefdea31e62d49c8b728576d29e0f298141a04.zip