diff options
author | Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> | 2016-12-16 16:25:48 -0800 |
---|---|---|
committer | Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> | 2017-01-11 15:59:28 -0800 |
commit | 3e8bb9d0e42594afafdd0c0ac2a0f1b7a5d05aeb (patch) | |
tree | bd89828c109a6befc937e2e8e2f8ef87bc07d610 /base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java | |
parent | 48090b00c3727c95ecd77b52272bd7596b3ff09b (diff) | |
download | pki-3e8bb9d0e42594afafdd0c0ac2a0f1b7a5d05aeb.tar.gz pki-3e8bb9d0e42594afafdd0c0ac2a0f1b7a5d05aeb.tar.xz pki-3e8bb9d0e42594afafdd0c0ac2a0f1b7a5d05aeb.zip |
Ticket #2569: Token memory not wiped after key deletion
This is the dogtag upstream side of the TPS portion of this ticket.
This fix also involves an applet fix, handled in another bug.
Diffstat (limited to 'base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java')
-rw-r--r-- | base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java b/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java index 8860f48cc..f2e32368f 100644 --- a/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java +++ b/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java @@ -23,6 +23,7 @@ import org.dogtagpki.server.tps.engine.TPSEngine; import org.dogtagpki.server.tps.processor.TPSProcessor; import org.dogtagpki.tps.apdu.APDU; import org.dogtagpki.tps.apdu.APDUResponse; +import org.dogtagpki.tps.apdu.ClearKeySlotsAPDU; import org.dogtagpki.tps.apdu.CreateObjectAPDU; import org.dogtagpki.tps.apdu.CreatePinAPDU; import org.dogtagpki.tps.apdu.DeleteFileAPDU; @@ -850,6 +851,38 @@ public class SecureChannel { return keyInfoData; } + //Call the applet to clear unused key slots + /// data is in the fomat of bytes, which is basically the payload of the apdu to be sent + // [privateKeyIndex] [publicKeyIndex] ... [final privateKeyIndex] [final publicKeyIndex] + public void clearAppletKeySlotData(TPSBuffer data) { + String method = "SecureChannel.clearAppletKeySlotData: "; + + CMS.debug(method + " entering ..."); + + if(data == null) { + CMS.debug(method + " Invalid input data returning..."); + return; + } + + APDUResponse response; + try { + ClearKeySlotsAPDU clearKey = new ClearKeySlotsAPDU(data.toBytesArray()); + computeAPDU(clearKey); + response = processor.handleAPDURequest(clearKey); + } catch (TPSException | IOException e) { + CMS.debug(method + " bad apdu return!"); + return; + + } + + if (!response.checkResult()) { + CMS.debug(method + " bad apdu return!"); + } + + CMS.debug(method + " Successful applet key data cleanup operation completed."); + + } + public void writeObject(TPSBuffer objectID, TPSBuffer objectData) throws TPSException, IOException { CMS.debug("SecureChannel.writeObject: entering ..."); |