diff options
author | Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> | 2017-05-05 11:44:17 -0700 |
---|---|---|
committer | Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> | 2017-05-05 17:00:15 -0700 |
commit | f26b3aaee1cf36941f387b464b937ffee1403048 (patch) | |
tree | a52f8983fe5b9648a8d0937fc5d183a78897d6f6 /base | |
parent | 3fb95590cdf0e45418fa0be7a020691567ef152a (diff) | |
download | pki-f26b3aaee1cf36941f387b464b937ffee1403048.tar.gz pki-f26b3aaee1cf36941f387b464b937ffee1403048.tar.xz pki-f26b3aaee1cf36941f387b464b937ffee1403048.zip |
Non server keygen issue in SCP03.
Ticket 1663 Add SCP03 support: https://pagure.io/dogtagpki/issue/1663
We discovered a minor issue when trying to log values that don't exist when performing the non server side keygen case. For instance , we don't need to generate a kek session key in this case, and we were trying to print info about it to the logs. This fix allows this case to work without issue.
Diffstat (limited to 'base')
-rw-r--r-- | base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java | 4 | ||||
-rw-r--r-- | base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java | 51 |
2 files changed, 37 insertions, 18 deletions
diff --git a/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java b/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java index fc5472c79..5e5646b40 100644 --- a/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java +++ b/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java @@ -148,8 +148,8 @@ public class SecureChannel { CMS.debug("SecureChannel.SecureChannel: For SCP03. : "); - CMS.debug("kekDesKey: " + kekDesKey.toHexString()); - CMS.debug("keyCheck: " + keyCheck.toHexString()); + if (keyCheck != null) + CMS.debug("keyCheck: " + keyCheck.toHexString()); this.platProtInfo = platformInfo; this.processor = processor; diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java index 0cfac5919..0f9691556 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java @@ -33,6 +33,8 @@ import java.util.List; import java.util.Map; import java.util.Set; +import netscape.security.x509.RevocationReason; + import org.dogtagpki.server.tps.TPSSession; import org.dogtagpki.server.tps.TPSSubsystem; import org.dogtagpki.server.tps.authentication.AuthUIParameter; @@ -100,8 +102,6 @@ import com.netscape.cms.servlet.tks.SecureChannelProtocol; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.symkey.SessionKey; -import netscape.security.x509.RevocationReason; - public class TPSProcessor { public static final int RESULT_NO_ERROR = 0; @@ -923,20 +923,39 @@ public class TPSProcessor { TPSBuffer drmDesKeyBuff = resp.getDRM_Trans_DesKey(); TPSBuffer kekDesKeyBuff = resp.getKekWrappedDesKey(); - CMS.debug(method + " encSessionKeyBuff: " + encSessionKeyBuff.toHexString()); - CMS.debug(method + " kekSessionKeyBuff: " + kekSessionKeyBuff.toHexString()); - CMS.debug(method + " macSessionKeyBuff: " + macSessionKeyBuff.toHexString()); - CMS.debug(method + " hostCryptogramBuff: " + hostCryptogramBuff.toHexString()); - CMS.debug(method + " keyCheckBuff: " + keyCheckBuff.toHexString()); - CMS.debug(method + " drmDessKeyBuff: " + drmDesKeyBuff.toHexString()); - CMS.debug(method + " kekDesKeyBuff: " + kekDesKeyBuff.toHexString()); - - encSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, - encSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); - macSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, - macSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); - kekSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, - kekSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); + if (encSessionKeyBuff != null) + CMS.debug(method + " encSessionKeyBuff: " + encSessionKeyBuff.toHexString()); + + if (kekSessionKeyBuff != null) + CMS.debug(method + " kekSessionKeyBuff: " + kekSessionKeyBuff.toHexString()); + + if (macSessionKeyBuff != null) + CMS.debug(method + " macSessionKeyBuff: " + macSessionKeyBuff.toHexString()); + + if (hostCryptogramBuff != null) + CMS.debug(method + " hostCryptogramBuff: " + hostCryptogramBuff.toHexString()); + + if (keyCheckBuff != null) + CMS.debug(method + " keyCheckBuff: " + keyCheckBuff.toHexString()); + + if (drmDesKeyBuff != null) + CMS.debug(method + " drmDessKeyBuff: " + drmDesKeyBuff.toHexString()); + + if (kekDesKeyBuff != null) + CMS.debug(method + " kekDesKeyBuff: " + kekDesKeyBuff.toHexString()); + + + if (encSessionKeyBuff != null) + encSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, + encSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); + + if (macSessionKeyBuff != null) + macSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, + macSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); + + if (kekSessionKeyBuff != null) + kekSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, + kekSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); channel = new SecureChannel(this, encSessionKeySCP03, macSessionKeySCP03, kekSessionKeySCP03, drmDesKeyBuff, kekDesKeyBuff, |