diff options
| author | Ade Lee <alee@redhat.com> | 2016-05-12 00:35:41 +0200 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2016-05-12 17:16:26 +0200 |
| commit | 6efedf46bfba0d9199bffb27e7a50afbf97e5bd5 (patch) | |
| tree | dd32ac51c89f9b6f89b7f208291547cf0035f1a1 /base/server/cms/src | |
| parent | c5d9d3ac288045045aa387dfc53f1157c3a7e4b5 (diff) | |
Fix existing ca setup to work with HSM
If the existing CA keys are in an HSM, the code fails to
load the keys becauseit does not take into account the full nickname.
This small fix addresses this bug.
Diffstat (limited to 'base/server/cms/src')
| -rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java | 7 | ||||
| -rw-r--r-- | base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java | 2 |
2 files changed, 7 insertions, 2 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index c0f0ce1f4..527ed826e 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -2268,12 +2268,17 @@ public class ConfigurationUtils { certObj.setCertChain(certChainStr); } - public static KeyPair loadKeyPair(String nickname) throws Exception { + public static KeyPair loadKeyPair(String nickname, String token) throws Exception { CMS.debug("ConfigurationUtils: loadKeyPair(" + nickname + ")"); CryptoManager cm = CryptoManager.getInstance(); + if (token != null) { + if (!token.equals("internal") && !token.equals("Internal Key Storage Token")) + nickname = token + ":" + nickname; + } + X509Certificate cert = cm.findCertByNickname(nickname); PublicKey publicKey = cert.getPublicKey(); PrivateKey privateKey = cm.findPrivKeyByCert(cert); diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java index f9415f520..3ed28bc72 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java @@ -424,7 +424,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou if (request.isExternal() && tag.equals("signing")) { // external/existing CA // load key pair for existing and externally-signed signing cert CMS.debug("SystemConfigService: loading signing cert key pair"); - KeyPair pair = ConfigurationUtils.loadKeyPair(certData.getNickname()); + KeyPair pair = ConfigurationUtils.loadKeyPair(certData.getNickname(), certData.getToken()); ConfigurationUtils.storeKeyPair(cs, tag, pair); } else if (!request.getStepTwo()) { |