diff options
author | jdennis <jdennis@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-09-10 13:20:48 +0000 |
---|---|---|
committer | jdennis <jdennis@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-09-10 13:20:48 +0000 |
commit | cf90cc33edee40478d97f369dc9e6ef62c8a26ea (patch) | |
tree | 0b45b037cf72332cb8900d64fa5a24e35988d69a /pki/base/common/src/com/netscape/cmscore/security | |
parent | 32b1e7d836c5128c53023d22977adb916a1ee4b5 (diff) | |
download | pki-cf90cc33edee40478d97f369dc9e6ef62c8a26ea.tar.gz pki-cf90cc33edee40478d97f369dc9e6ef62c8a26ea.tar.xz pki-cf90cc33edee40478d97f369dc9e6ef62c8a26ea.zip |
Related: bug #632425
fix password & CryptoManger initialization
These are a couple of simple issues which I discovered during the tomcat
porting. Since they are mostly independent of the tomcat changes I'd like to
keep them separate and get them in first.
The changes are:
1) Make CMSEngine.getPasswordStore() a synchronized method.
During testing I had discovered two threads were both calling this
method at essentially the same time trashing the state which lead to
password failures.
2) Remove redundant duplicated code for initializing the password store,
now CMSEngine.getPasswordStore() is the sole owner of the logic to
perform this action.
3) Initialize CryptoManager before first use. We had been relying on a
side effect in tomcat 5 for CryptoManager initialization where tomcatjss
was doing the CryptoManager initialization prior to our first use of the
CryptoManager. Tomcat 6 has modified when the connection objects first
get created (which was what was kicking off the CryptoManager
initialization). The patch adds the same code for initializing the
CryptoManger as is in tomcatjss. We now check for CryptoManager
initialization *prior* to our first use of it and if and only if it
hasn't been initialized yet we do so.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1279 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/security')
-rw-r--r-- | pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java | 35 |
1 files changed, 29 insertions, 6 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java index 8ee34ca4a..0d3f03199 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java @@ -63,6 +63,7 @@ import netscape.ldap.util.*; public final class JssSubsystem implements ICryptoSubsystem { public static final String ID = "jss"; + private static final String CONFIG_DIR = "configDir"; private static final String CERTPREFIX_ALIAS = "certPrefix"; private static final String KEYPREFIX_ALIAS = "keyPrefix"; private static final String CONFIGDIR_ALIAS = "configDir"; @@ -233,11 +234,11 @@ public final class JssSubsystem implements ICryptoSubsystem { if (!enabled) return; - try { - devRandomInputStream = new FileInputStream("/dev/urandom"); - } catch (IOException ioe) { - // XXX - add new exception - } + try { + devRandomInputStream = new FileInputStream("/dev/urandom"); + } catch (IOException ioe) { + // XXX - add new exception + } // get hardcoded password (for debugging. String pw; @@ -248,9 +249,31 @@ public final class JssSubsystem implements ICryptoSubsystem { CMS.debug("JssSubsystem init() got password from hardcoded in config"); } + String certDir; + + certDir = config.getString(CONFIG_DIR, null); + + CryptoManager.InitializationValues vals = + new CryptoManager.InitializationValues(certDir, + "", "", "secmod.db"); + + vals.removeSunProvider = false; + vals.installJSSProvider = true; try { - mCryptoManager = CryptoManager.getInstance(); + CryptoManager.initialize(vals); + } catch (AlreadyInitializedException e) { + // do nothing + } catch (Exception e) { + String[] params = {mId, e.toString()}; + EBaseException ex = new EBaseException( + CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); + + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); + throw ex; + } + try { + mCryptoManager = CryptoManager.getInstance(); initSSL(); } catch (CryptoManager.NotInitializedException e) { String[] params = {mId, e.toString()}; |