summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java24
1 files changed, 23 insertions, 1 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java b/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
index ff2d760..c144d6e 100644
--- a/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
+++ b/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
@@ -34,6 +34,7 @@ import netscape.security.x509.X509CertImpl;
import netscape.security.x509.X509ExtensionException;
import org.mozilla.jss.CryptoManager;
+import org.mozilla.jss.crypto.CryptoToken;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.IAuthToken;
@@ -339,13 +340,30 @@ public class AddCRLServlet extends CMSServlet {
pt.getThisUpdate());
// verify CRL
+ CryptoManager cmanager = null;
+ boolean tokenSwitched = false;
+ CryptoToken verToken = null;
+ CryptoToken savedToken = null;
byte caCertData[] = pt.getCACert();
if (caCertData != null) {
try {
+ cmanager = CryptoManager.getInstance();
X509CertImpl caCert = new X509CertImpl(caCertData);
CMS.debug("AddCRLServlet: start verify");
- CryptoManager cmanager = CryptoManager.getInstance();
+ String tokenName =
+ CMS.getConfigStore().getString("ocsp.crlVerify.token", "internal");
+ savedToken = cmanager.getThreadToken();
+ if (tokenName.equals("internal")) {
+ verToken = cmanager.getInternalCryptoToken();
+ } else {
+ verToken = cmanager.getTokenByName(tokenName);
+ }
+ if (!savedToken.getName().equals(verToken.getName())) {
+ cmanager.setThreadToken(verToken);
+ tokenSwitched = true;
+ }
+
org.mozilla.jss.crypto.X509Certificate jssCert = null;
try {
jssCert = cmanager.importCACertPackage(
@@ -392,6 +410,10 @@ public class AddCRLServlet extends CMSServlet {
throw new ECMSGWException(
CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
+ } finally {
+ if (tokenSwitched == true){
+ cmanager.setThreadToken(savedToken);
+ }
}
}