diff options
author | jmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-02-18 19:32:36 +0000 |
---|---|---|
committer | jmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-02-18 19:32:36 +0000 |
commit | afe017ee56e94663bc042bacbef716a440787d4f (patch) | |
tree | 65e3b296fff9323c0565c8e68c96c776fa6fa0a1 /pki/base/tps | |
parent | 2fa94f5fec4b1a1707d456aed075c21f2180fe9b (diff) | |
download | pki-afe017ee56e94663bc042bacbef716a440787d4f.tar.gz pki-afe017ee56e94663bc042bacbef716a440787d4f.tar.xz pki-afe017ee56e94663bc042bacbef716a440787d4f.zip |
Fix Bug 676152 - Token enrollment with symmetric key change over fails.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1855 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/tps')
-rw-r--r-- | pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp | 54 | ||||
-rw-r--r-- | pki/base/tps/src/processor/RA_Processor.cpp | 5 |
2 files changed, 53 insertions, 6 deletions
diff --git a/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp b/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp index 984de7401..5a4e7d016 100644 --- a/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp +++ b/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp @@ -69,6 +69,12 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa unsigned int minlen = 0, maxlen = 0; const char *applet_dir; bool upgrade_enc = false; + char curVer[10]; + char newVer[10]; + + char *curKeyInfoStr = NULL; + char *newVersionStr = NULL; + SecurityLevel security_level = SECURE_MSG_MAC_ENC; Buffer *CardManagerAID = RA::GetConfigStore()->GetConfigAsBuffer( RA::CFG_APPLET_CARDMGR_INSTANCE_AID, @@ -114,6 +120,7 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa int maxReturns = 10; char audit_msg[512] = ""; char *profile_state = NULL; + int key_change_over_success = 0; RA::Debug("RA_Pin_Reset_Processor::Process", "Client %s", session->GetRemoteIP()); @@ -255,7 +262,7 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa PR_snprintf((char *)configname, 256, "%s.%s.update.applet.emptyToken.enable", OP_PREFIX, tokenType); if (RA::GetConfigStore()->GetConfigAsBool(configname, 0)) { - appletVersion = PL_strdup( "" ); + appletVersion = PL_strdup( "unknown" ); } else { RA::Error("RA_Pin_Reset_Processor::Process", "no applet found and applet upgrade not enabled"); @@ -424,10 +431,27 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa curIndex, &key_data_set); + curKeyInfoStr = Util::Buffer2String(curKeyInfo); + newVersionStr = Util::Buffer2String(newVersion); + + if(curKeyInfoStr != NULL && strlen(curKeyInfoStr) >= 2) { + curVer[0] = curKeyInfoStr[0]; curVer[1] = curKeyInfoStr[1]; curVer[2] = 0; + } + else { + curVer[0] = 0; + } + + if(newVersionStr != NULL && strlen(newVersionStr) >= 2) { + newVer[0] = newVersionStr[0] ; newVer[1] = newVersionStr[1] ; newVer[2] = 0; + } + else { + newVer[0] = 0; + } + if (rc!=0) { RA::Audit(EV_KEY_CHANGEOVER, AUDIT_MSG_KEY_CHANGEOVER, - userid, cuid, msn, "Failure", "pin_reset", - final_applet_version, curVersion, ((BYTE*)newVersion)[0], + userid != NULL ? userid : "", cuid != NULL ? cuid : "", msn != NULL ? msn : "", "Failure", "pin_reset", + final_applet_version != NULL ? final_applet_version : "", curVer, newVer, "key changeover failed"); } @@ -452,9 +476,10 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa } RA::Audit(EV_KEY_CHANGEOVER, AUDIT_MSG_KEY_CHANGEOVER, - userid, cuid, msn, "Success", "pin_reset", - final_applet_version, curVersion, ((BYTE*)newVersion)[0], + userid != NULL ? userid : "", cuid != NULL ? cuid : "", msn != NULL ? msn : "", "Success", "pin_reset", + final_applet_version != NULL ? final_applet_version : "", curVer, newVer, "key changeover"); + key_change_over_success = 1; } } else { PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, tokenType); @@ -802,7 +827,16 @@ locale), PR_snprintf(audit_msg, 512, "Failed to close channel, status = STATUS_ERROR_CONNECTION"); goto loser; } + + //Update the KeyInfo in case of successful key changeover + if (key_change_over_success != 0) { + RA::tdb_update( userid != NULL ? userid : (char *) "", + cuid != NULL ? cuid : (char *) "" , + final_applet_version != NULL ? (char *) final_applet_version : (char *) "" , + keyVersion != NULL ? keyVersion : (char *) "","active", "", + tokenType != NULL ? tokenType : (char *) ""); + } RA::Audit(EV_PIN_RESET, AUDIT_MSG_PROC, userid != NULL ? userid : "", cuid != NULL ? cuid : "", @@ -890,6 +924,16 @@ loser: } } + if (curKeyInfoStr != NULL) { + PR_Free( (char *) curKeyInfoStr); + curKeyInfoStr = NULL; + } + + if (newVersionStr != NULL) { + PR_Free( (char *) newVersionStr); + newVersionStr = NULL; + } + if( token_status != NULL ) { delete token_status; token_status = NULL; diff --git a/pki/base/tps/src/processor/RA_Processor.cpp b/pki/base/tps/src/processor/RA_Processor.cpp index 79e108652..0bcc40323 100644 --- a/pki/base/tps/src/processor/RA_Processor.cpp +++ b/pki/base/tps/src/processor/RA_Processor.cpp @@ -1353,6 +1353,9 @@ Buffer *RA_Processor::GetAppletVersion(RA_Session *session) if (data.size() != 6) { RA::Error(LL_PER_PDU, "Secure_Channel::GetAppletVersion", "Invalid Applet Version"); + RA::DebugBuffer(LL_PER_PDU, "RA_Processor::GetAppletVersion", + "Bad Applet Version: ", + &data); goto loser; } @@ -3419,7 +3422,7 @@ loser: if (newVersionStr != NULL) { PR_Free( (char *) newVersionStr); - newVersionStr == NULL; + newVersionStr = NULL; } if (keyVersion != NULL) { |