diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2017-01-24 16:17:10 +0100 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2017-01-27 17:52:27 +0100 |
| commit | 2fa7bc707a558da1b0c4d748d0805bdd0b60168c (patch) | |
| tree | 9a0152fb6da9db98883bc16e8ee46ae676f0eac0 /base/server/cmscore | |
| parent | 755fb2834d22131628ad1929c1bd4b1cd7592203 (diff) | |
| download | pki-2fa7bc707a558da1b0c4d748d0805bdd0b60168c.tar.gz pki-2fa7bc707a558da1b0c4d748d0805bdd0b60168c.tar.xz pki-2fa7bc707a558da1b0c4d748d0805bdd0b60168c.zip | |
Replaced CryptoManager.getTokenByName().
Direct invocations of CryptoManager.getTokenByName() have been
replaced with CryptoUtil.getCryptoToken() and getKeyStorageToken()
to ensure that internal token names are handled consistently both
in normal mode and FIPS mode.
https://fedorahosted.org/pki/ticket/2556
Diffstat (limited to 'base/server/cmscore')
3 files changed, 22 insertions, 81 deletions
diff --git a/base/server/cmscore/src/com/netscape/cmscore/security/JssSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/security/JssSubsystem.java index a721d4e52..dab9ac91a 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/security/JssSubsystem.java +++ b/base/server/cmscore/src/com/netscape/cmscore/security/JssSubsystem.java @@ -72,7 +72,6 @@ import org.mozilla.jss.pkcs7.SignedData; import org.mozilla.jss.pkix.cert.Certificate; import org.mozilla.jss.ssl.SSLServerSocket; import org.mozilla.jss.ssl.SSLSocket; -import org.mozilla.jss.util.IncorrectPasswordException; import org.mozilla.jss.util.Password; import org.mozilla.jss.util.PasswordCallback; @@ -540,35 +539,24 @@ public final class JssSubsystem implements ICryptoSubsystem { public boolean isTokenLoggedIn(String name) throws EBaseException { try { - if (CryptoUtil.isInternalToken(name)) - name = CryptoUtil.INTERNAL_TOKEN_FULL_NAME; - CryptoToken ctoken = mCryptoManager.getTokenByName(name); + CryptoToken ctoken = CryptoUtil.getKeyStorageToken(name); return ctoken.isLoggedIn(); - } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR")); - } catch (NoSuchTokenException e) { + } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR"), e); } } public void loggedInToken(String tokenName, String pwd) throws EBaseException { try { - CryptoToken ctoken = mCryptoManager.getTokenByName(tokenName); + CryptoToken ctoken = CryptoUtil.getKeyStorageToken(tokenName); Password clk = new Password(pwd.toCharArray()); ctoken.login(clk); - } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR")); - } catch (IncorrectPasswordException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_LOGIN_FAILED")); - } catch (NoSuchTokenException e) { + } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR"), e); } } @@ -631,11 +619,7 @@ public final class JssSubsystem implements ICryptoSubsystem { StringBuffer certNames = new StringBuffer(); try { - if (CryptoUtil.isInternalToken(name)) { - c = mCryptoManager.getInternalKeyStorageToken(); - } else { - c = mCryptoManager.getTokenByName(name); - } + c = CryptoUtil.getKeyStorageToken(name); if (c != null) { CryptoStore store = c.getCryptoStore(); @@ -658,14 +642,7 @@ public final class JssSubsystem implements ICryptoSubsystem { } else return ""; - } catch (TokenException e) { - String[] params = { mId, e.toString() }; - EBaseException ex = new EBaseException( - CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); - - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); - throw ex; - } catch (NoSuchTokenException e) { + } catch (Exception e) { String[] params = { mId, e.toString() }; EBaseException ex = new EBaseException( CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); @@ -681,11 +658,7 @@ public final class JssSubsystem implements ICryptoSubsystem { StringBuffer certNames = new StringBuffer(); try { - if (CryptoUtil.isInternalToken(name)) { - c = mCryptoManager.getInternalKeyStorageToken(); - } else { - c = mCryptoManager.getTokenByName(name); - } + c = CryptoUtil.getKeyStorageToken(name); if (c != null) { CryptoStore store = c.getCryptoStore(); @@ -706,14 +679,7 @@ public final class JssSubsystem implements ICryptoSubsystem { } else return ""; - } catch (TokenException e) { - String[] params = { mId, e.toString() }; - EBaseException ex = new EBaseException( - CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); - - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); - throw ex; - } catch (NoSuchTokenException e) { + } catch (Exception e) { String[] params = { mId, e.toString() }; EBaseException ex = new EBaseException( CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); @@ -793,16 +759,13 @@ public final class JssSubsystem implements ICryptoSubsystem { public KeyPair getKeyPair(String tokenName, String alg, int keySize, PQGParams pqg) throws EBaseException { - String t = tokenName; - if (CryptoUtil.isInternalToken(tokenName)) - t = CryptoUtil.INTERNAL_TOKEN_FULL_NAME; CryptoToken token = null; try { - token = mCryptoManager.getTokenByName(t); - } catch (NoSuchTokenException e) { - log(ILogger.LL_FAILURE, "Generate Key Pair Error " + e); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", tokenName)); + token = CryptoUtil.getKeyStorageToken(tokenName); + } catch (Exception e) { + log(ILogger.LL_FAILURE, "Unable to find token: " + tokenName); + throw new EBaseException(e); } KeyPairAlgorithm kpAlg = null; diff --git a/base/server/cmscore/src/com/netscape/cmscore/security/KeyCertUtil.java b/base/server/cmscore/src/com/netscape/cmscore/security/KeyCertUtil.java index 802028b2e..6dabd0c7f 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/security/KeyCertUtil.java +++ b/base/server/cmscore/src/com/netscape/cmscore/security/KeyCertUtil.java @@ -337,13 +337,8 @@ public class KeyCertUtil { String nickname) throws NotInitializedException, NoSuchTokenException, EBaseException, TokenException { CryptoManager manager = CryptoManager.getInstance(); - CryptoToken token = null; + CryptoToken token = CryptoUtil.getKeyStorageToken(tokenname); - if (CryptoUtil.isInternalToken(tokenname)) { - token = manager.getInternalKeyStorageToken(); - } else { - token = manager.getTokenByName(tokenname); - } StringBuffer certname = new StringBuffer(); if (!token.equals(manager.getInternalKeyStorageToken())) { @@ -503,11 +498,7 @@ public class KeyCertUtil { tokenName = CryptoUtil.INTERNAL_TOKEN_NAME; try { - if (CryptoUtil.isInternalToken(tokenName)) { - token = CryptoManager.getInstance().getInternalKeyStorageToken(); - } else { - token = CryptoManager.getInstance().getTokenByName(tokenName); - } + token = CryptoUtil.getKeyStorageToken(tokenName); } catch (NoSuchTokenException e) { throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", tokenName)); } catch (NotInitializedException e) { diff --git a/base/server/cmscore/src/com/netscape/cmscore/security/PWsdrCache.java b/base/server/cmscore/src/com/netscape/cmscore/security/PWsdrCache.java index 729a368f2..8fd86278b 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/security/PWsdrCache.java +++ b/base/server/cmscore/src/com/netscape/cmscore/security/PWsdrCache.java @@ -29,8 +29,6 @@ import java.util.Enumeration; import java.util.Hashtable; import java.util.StringTokenizer; -import org.mozilla.jss.CryptoManager; -import org.mozilla.jss.CryptoManager.NotInitializedException; import org.mozilla.jss.SecretDecoderRing.Decryptor; import org.mozilla.jss.SecretDecoderRing.Encryptor; import org.mozilla.jss.SecretDecoderRing.KeyManager; @@ -42,6 +40,7 @@ import org.mozilla.jss.util.Password; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.logging.ILogger; +import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.Utils; /* @@ -79,18 +78,13 @@ public class PWsdrCache { private void initToken() throws EBaseException { if (mToken == null) { - CryptoManager cm = null; try { - cm = CryptoManager.getInstance(); mTokenName = CMS.getConfigStore().getString(PROP_PWC_TOKEN_NAME); log(ILogger.LL_DEBUG, "pwcTokenname specified. Use token for SDR key. tokenname= " + mTokenName); - mToken = cm.getTokenByName(mTokenName); - } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, e.toString()); - throw new EBaseException(e.toString()); + mToken = CryptoUtil.getKeyStorageToken(mTokenName); } catch (Exception e) { - log(ILogger.LL_DEBUG, "no pwcTokenname specified, use internal token for SDR key"); - mToken = cm.getInternalKeyStorageToken(); + log(ILogger.LL_FAILURE, e.toString()); + throw new EBaseException(e); } } } @@ -119,20 +113,13 @@ public class PWsdrCache { mPWcachedb = pwCache; mIsTool = isTool; mTokenName = pwcTokenname; - CryptoManager cm = null; if (keyId != null) { mKeyID = keyId; } - cm = CryptoManager.getInstance(); - if (mTokenName != null) { - mToken = cm.getTokenByName(mTokenName); - debug("PWsdrCache: mToken = " + mTokenName); - } else { - mToken = cm.getInternalKeyStorageToken(); - debug("PWsdrCache: mToken = internal"); - } + mToken = CryptoUtil.getKeyStorageToken(mTokenName); + debug("PWsdrCache: token: " + mToken.getName()); } public byte[] getKeyId() { |