Ticket #2569: Token memory not wiped after key deletion

This is the dogtag upstream side of the TPS portion of this ticket. This fix also involves an applet fix, handled in another bug.
author: Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> 2016-12-16 16:25:48 -0800
committer: Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> 2017-01-11 15:59:28 -0800
commit: 3e8bb9d0e42594afafdd0c0ac2a0f1b7a5d05aeb (patch)
tree: bd89828c109a6befc937e2e8e2f8ef87bc07d610 /base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java
parent: 48090b00c3727c95ecd77b52272bd7596b3ff09b (diff)
download: pki-3e8bb9d0e42594afafdd0c0ac2a0f1b7a5d05aeb.tar.gz
pki-3e8bb9d0e42594afafdd0c0ac2a0f1b7a5d05aeb.tar.xz
pki-3e8bb9d0e42594afafdd0c0ac2a0f1b7a5d05aeb.zip
1 files changed, 33 insertions, 0 deletions
diff --git a/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java b/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java
index 8860f48cc..f2e32368f 100644
--- a/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java
+++ b/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java
@@ -23,6 +23,7 @@ import org.dogtagpki.server.tps.engine.TPSEngine;
 import org.dogtagpki.server.tps.processor.TPSProcessor;
 import org.dogtagpki.tps.apdu.APDU;
 import org.dogtagpki.tps.apdu.APDUResponse;
+import org.dogtagpki.tps.apdu.ClearKeySlotsAPDU;
 import org.dogtagpki.tps.apdu.CreateObjectAPDU;
 import org.dogtagpki.tps.apdu.CreatePinAPDU;
 import org.dogtagpki.tps.apdu.DeleteFileAPDU;
@@ -850,6 +851,38 @@ public class SecureChannel {
         return keyInfoData;
     }
 
+    //Call the applet to clear unused key slots
+    /// data is in the fomat of bytes, which is basically the payload of the apdu to be sent
+    // [privateKeyIndex] [publicKeyIndex] ... [final privateKeyIndex] [final publicKeyIndex]
+    public void clearAppletKeySlotData(TPSBuffer data) {
+        String method = "SecureChannel.clearAppletKeySlotData: ";
+
+        CMS.debug(method + " entering ...");
+
+        if(data == null) {
+            CMS.debug(method + " Invalid input data returning...");
+            return;
+        }
+
+        APDUResponse response;
+        try {
+            ClearKeySlotsAPDU  clearKey = new ClearKeySlotsAPDU(data.toBytesArray());
+            computeAPDU(clearKey);
+            response = processor.handleAPDURequest(clearKey);
+        } catch (TPSException | IOException e) {
+            CMS.debug(method + " bad apdu return!");
+            return;
+
+        }
+
+        if (!response.checkResult()) {
+            CMS.debug(method + " bad apdu return!");
+        }
+
+        CMS.debug(method + " Successful applet key data cleanup operation completed.");
+
+    }
+
     public void writeObject(TPSBuffer objectID, TPSBuffer objectData) throws TPSException, IOException {
         CMS.debug("SecureChannel.writeObject: entering ...");
author	Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com>	2016-12-16 16:25:48 -0800
committer	Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com>	2017-01-11 15:59:28 -0800
commit	3e8bb9d0e42594afafdd0c0ac2a0f1b7a5d05aeb (patch)
tree	bd89828c109a6befc937e2e8e2f8ef87bc07d610 /base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java
parent	48090b00c3727c95ecd77b52272bd7596b3ff09b (diff)
download	pki-3e8bb9d0e42594afafdd0c0ac2a0f1b7a5d05aeb.tar.gz pki-3e8bb9d0e42594afafdd0c0ac2a0f1b7a5d05aeb.tar.xz pki-3e8bb9d0e42594afafdd0c0ac2a0f1b7a5d05aeb.zip