diff options
33 files changed, 162 insertions, 174 deletions
diff --git a/base/ca/src/com/netscape/ca/SigningUnit.java b/base/ca/src/com/netscape/ca/SigningUnit.java index d97bd8bc6..120b3547c 100644 --- a/base/ca/src/com/netscape/ca/SigningUnit.java +++ b/base/ca/src/com/netscape/ca/SigningUnit.java @@ -151,8 +151,7 @@ public final class SigningUnit implements ISigningUnit { } tokenname = config.getString(PROP_TOKEN_NAME); - if (tokenname.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_NAME) || - tokenname.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { mToken = mManager.getInternalKeyStorageToken(); setNewNickName(mNickname); } else { diff --git a/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java b/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java index edf6e1335..9b435eea2 100644 --- a/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java +++ b/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java @@ -95,7 +95,7 @@ public class CMCEnroll { CryptoManager manager = CryptoManager.getInstance(); CryptoToken token = null; - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { token = manager.getInternalKeyStorageToken(); } else { token = manager.getTokenByName(tokenname); diff --git a/base/java-tools/src/com/netscape/cmstools/CMCRequest.java b/base/java-tools/src/com/netscape/cmstools/CMCRequest.java index 865d410ed..5a692a031 100644 --- a/base/java-tools/src/com/netscape/cmstools/CMCRequest.java +++ b/base/java-tools/src/com/netscape/cmstools/CMCRequest.java @@ -33,10 +33,6 @@ import java.security.NoSuchAlgorithmException; import java.util.Date; import java.util.StringTokenizer; -import netscape.security.pkcs.PKCS10; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertImpl; - import org.mozilla.jss.CryptoManager; import org.mozilla.jss.asn1.ANY; import org.mozilla.jss.asn1.ASN1Util; @@ -83,6 +79,10 @@ import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.HMACDigest; import com.netscape.cmsutil.util.Utils; +import netscape.security.pkcs.PKCS10; +import netscape.security.x509.X500Name; +import netscape.security.x509.X509CertImpl; + /** * Tool for creating CMC full request * @@ -108,7 +108,7 @@ public class CMCRequest { CryptoManager manager = CryptoManager.getInstance(); CryptoToken token = null; - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { token = manager.getInternalKeyStorageToken(); } else { token = manager.getTokenByName(tokenName); @@ -1019,7 +1019,7 @@ public class CMCRequest { CryptoManager cm = CryptoManager.getInstance(); System.out.println("CryptoManger initialized"); - if ((tokenName == null) || (tokenName.equals(""))) { + if (CryptoUtil.isInternalToken(tokenName)) { token = cm.getInternalKeyStorageToken(); tokenName = CryptoUtil.INTERNAL_TOKEN_NAME; } else { diff --git a/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java b/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java index b238321ac..bb0cc44a7 100644 --- a/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java +++ b/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java @@ -27,9 +27,6 @@ import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Date; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertImpl; - import org.mozilla.jss.CryptoManager; import org.mozilla.jss.NoSuchTokenException; import org.mozilla.jss.asn1.ANY; @@ -61,6 +58,9 @@ import org.mozilla.jss.util.Password; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.Utils; +import netscape.security.x509.X500Name; +import netscape.security.x509.X509CertImpl; + /** * Tool for signing a CMC revocation request with an agent's certificate. * @@ -175,21 +175,21 @@ public class CMCRevoke { // initialize CryptoManager mPath = dValue; System.out.println("cert/key prefix = " + mPrefix); - System.out.println("path = " + mPath); + System.out.println("path = " + mPath); CryptoManager.InitializationValues vals = - new CryptoManager.InitializationValues(mPath, mPrefix, mPrefix, "secmod.db"); + new CryptoManager.InitializationValues(mPath, mPrefix, mPrefix, "secmod.db"); CryptoManager.initialize(vals); - + CryptoManager cm = CryptoManager.getInstance(); CryptoToken token = null; - if ((hValue == null) || (hValue.equals(""))) { + if (CryptoUtil.isInternalToken(hValue)) { token = cm.getInternalKeyStorageToken(); hValue = CryptoUtil.INTERNAL_TOKEN_NAME; } else { token = cm.getTokenByName(hValue); } - + Password pass = new Password(pValue.toCharArray()); token.login(pass); @@ -259,7 +259,7 @@ public class CMCRevoke { Exception, TokenException { CryptoToken token = null; - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { token = manager.getInternalKeyStorageToken(); } else { token = manager.getTokenByName(tokenname); diff --git a/base/java-tools/src/com/netscape/cmstools/HttpClient.java b/base/java-tools/src/com/netscape/cmstools/HttpClient.java index c2134648b..05f64f9f4 100644 --- a/base/java-tools/src/com/netscape/cmstools/HttpClient.java +++ b/base/java-tools/src/com/netscape/cmstools/HttpClient.java @@ -114,7 +114,7 @@ public class HttpClient { CryptoManager.initialize(vals); CryptoManager cm = CryptoManager.getInstance(); CryptoToken token = null; - if ((tokenName == null) || (tokenName.equals(""))) { + if (CryptoUtil.isInternalToken(tokenName)) { token = cm.getInternalKeyStorageToken(); tokenName = CryptoUtil.INTERNAL_TOKEN_NAME; } else { diff --git a/base/java-tools/src/com/netscape/cmstools/KRATool.java b/base/java-tools/src/com/netscape/cmstools/KRATool.java index c89d488e2..2ec09658f 100644 --- a/base/java-tools/src/com/netscape/cmstools/KRATool.java +++ b/base/java-tools/src/com/netscape/cmstools/KRATool.java @@ -42,12 +42,6 @@ import java.util.Iterator; import java.util.Vector; import java.util.regex.PatternSyntaxException; -import netscape.security.provider.RSAPublicKey; -import netscape.security.util.DerInputStream; -import netscape.security.util.DerOutputStream; -import netscape.security.util.DerValue; -import netscape.security.x509.X509CertImpl; - import org.mozilla.jss.CertDatabaseException; import org.mozilla.jss.CryptoManager; import org.mozilla.jss.KeyDatabaseException; @@ -68,6 +62,12 @@ import org.mozilla.jss.util.Password; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.Utils; +import netscape.security.provider.RSAPublicKey; +import netscape.security.util.DerInputStream; +import netscape.security.util.DerOutputStream; +import netscape.security.util.DerValue; +import netscape.security.x509.X509CertImpl; + /** * The KRATool class is a utility program designed to operate on an LDIF file * to perform one or more of the following tasks: @@ -1620,7 +1620,7 @@ public class KRATool { + "'." + NEWLINE, true); - if (mSourceStorageTokenName.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (CryptoUtil.isInternalToken(mSourceStorageTokenName)) { mSourceToken = cm.getInternalKeyStorageToken(); } else { mSourceToken = cm.getTokenByName(mSourceStorageTokenName); diff --git a/base/java-tools/src/com/netscape/cmstools/TestCRLSigning.java b/base/java-tools/src/com/netscape/cmstools/TestCRLSigning.java index 24a51f8ee..90535296a 100644 --- a/base/java-tools/src/com/netscape/cmstools/TestCRLSigning.java +++ b/base/java-tools/src/com/netscape/cmstools/TestCRLSigning.java @@ -63,7 +63,7 @@ public class TestCRLSigning { // Login to token CryptoToken token = null; - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { token = cm.getInternalKeyStorageToken(); } else { token = cm.getTokenByName(tokenname); diff --git a/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java b/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java index d07a972db..b51057b15 100644 --- a/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java +++ b/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java @@ -324,7 +324,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove if (mStorageKeyUnit.getToken() != null) { try { String storageToken = mStorageKeyUnit.getToken().getName(); - if (!storageToken.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (!CryptoUtil.isInternalToken(storageToken)) { CMS.debug("Auto set serverKeygenTokenName to " + storageToken); serverKeygenTokenName = storageToken; } @@ -335,7 +335,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove if (serverKeygenTokenName == null) { serverKeygenTokenName = CryptoUtil.INTERNAL_TOKEN_NAME; } - if (serverKeygenTokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(serverKeygenTokenName)) serverKeygenTokenName = CryptoUtil.INTERNAL_TOKEN_NAME; try { diff --git a/base/kra/src/com/netscape/kra/RecoveryService.java b/base/kra/src/com/netscape/kra/RecoveryService.java index a5e9e78df..e9c357d1e 100644 --- a/base/kra/src/com/netscape/kra/RecoveryService.java +++ b/base/kra/src/com/netscape/kra/RecoveryService.java @@ -139,7 +139,7 @@ public class RecoveryService implements IService { cm = CryptoManager.getInstance(); config = CMS.getConfigStore(); tokName = config.getString("kra.storageUnit.hardware", CryptoUtil.INTERNAL_TOKEN_NAME); - if (tokName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokName)) { CMS.debug("RecoveryService: serviceRequest: use internal token "); ct = cm.getInternalCryptoToken(); } else { diff --git a/base/ocsp/src/com/netscape/ocsp/SigningUnit.java b/base/ocsp/src/com/netscape/ocsp/SigningUnit.java index 2cf22e3d9..a802abea4 100644 --- a/base/ocsp/src/com/netscape/ocsp/SigningUnit.java +++ b/base/ocsp/src/com/netscape/ocsp/SigningUnit.java @@ -138,8 +138,7 @@ public final class SigningUnit implements ISigningUnit { CMS.debug("OCSP nickname " + mNickname); tokenname = config.getString(PROP_TOKEN_NAME); - if (tokenname.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_NAME) || - tokenname.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { mToken = mManager.getInternalKeyStorageToken(); } else { mToken = mManager.getTokenByName(tokenname); diff --git a/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java b/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java index 3f46d918d..d1c04ee9b 100644 --- a/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java +++ b/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java @@ -926,7 +926,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME); // by default JSS will use internal crypto token - if (!tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (!CryptoUtil.isInternalToken(tokenName)) { savedToken = cm.getThreadToken(); signToken = cm.getTokenByName(tokenName); if(signToken != null) { diff --git a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java index 47e886361..3b6916b37 100644 --- a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java +++ b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java @@ -702,7 +702,7 @@ public abstract class EnrollProfile extends BasicProfile String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME); savedToken = cm.getThreadToken(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { signToken = cm.getInternalCryptoToken(); } else { signToken = cm.getTokenByName(tokenName); @@ -1509,7 +1509,7 @@ public abstract class EnrollProfile extends BasicProfile CryptoManager cm = CryptoManager.getInstance(); CryptoToken verifyToken = null; String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { CMS.debug("POP verification using internal token"); certReqMsg.verify(); } else { diff --git a/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java b/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java index 3ec74eda2..0a389fe6f 100644 --- a/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java +++ b/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java @@ -208,7 +208,7 @@ public abstract class EnrollInput implements IProfileInput { CryptoToken verifyToken = null; String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { CMS.debug("POP verification using internal token"); certReqMsg.verify(); } else { diff --git a/base/server/cms/src/com/netscape/cms/publish/publishers/OCSPPublisher.java b/base/server/cms/src/com/netscape/cms/publish/publishers/OCSPPublisher.java index 45aae2495..7ca88a771 100644 --- a/base/server/cms/src/com/netscape/cms/publish/publishers/OCSPPublisher.java +++ b/base/server/cms/src/com/netscape/cms/publish/publishers/OCSPPublisher.java @@ -145,7 +145,7 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { try { nickname = config.getString("ca.subsystem.nickname", ""); String tokenname = config.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) nickname = tokenname + ":" + nickname; } catch (Exception e) { } diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java index 46ac361fe..eecbdbcd0 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java @@ -588,7 +588,7 @@ public final class CMSAdminServlet extends AdminServlet { String tokenName = (String) tokenizer.nextElement(); String nickName = (String) tokenizer.nextElement(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { tokenName = jssSubSystem.getInternalTokenName(); } else { nickName = tokenName + ":" + nickName; @@ -693,7 +693,7 @@ public final class CMSAdminServlet extends AdminServlet { } String tokenName = (String) tokenizer.nextElement(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) tokenName = ""; else tokenName = tokenName + ":"; @@ -1100,7 +1100,7 @@ public final class CMSAdminServlet extends AdminServlet { String value = req.getParameter(key); if (key.equals(Constants.PR_TOKEN_NAME)) { - if (!value.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (!CryptoUtil.isInternalToken(value)) tokenName = value; } else if (key.equals(Constants.PR_KEY_LENGTH)) { keyLength = Integer.parseInt(value); @@ -1264,7 +1264,7 @@ public final class CMSAdminServlet extends AdminServlet { CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) signingUnit.setNewNickName(nickname); else { if (tokenName.equals("") && nickname.equals("")) @@ -1287,7 +1287,7 @@ public final class CMSAdminServlet extends AdminServlet { IRegistrationAuthority ra = (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) ra.setNewNickName(nickname); else { if (tokenName.equals("") && nickname.equals("")) @@ -1311,7 +1311,7 @@ public final class CMSAdminServlet extends AdminServlet { if (ocsp != null) { ISigningUnit signingUnit = ocsp.getSigningUnit(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) signingUnit.setNewNickName(nickname); else { if (tokenName.equals("") && nickname.equals("")) @@ -1324,7 +1324,7 @@ public final class CMSAdminServlet extends AdminServlet { CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) signingUnit.setNewNickName(nickname); else { if (tokenName.equals("") && nickname.equals("")) @@ -1356,7 +1356,7 @@ public final class CMSAdminServlet extends AdminServlet { IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) kra.setNewNickName(nickname); else { if (tokenName.equals("") && nickname.equals("")) diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/KRAConnectorProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/admin/KRAConnectorProcessor.java index 92067c7c3..2fd5d5371 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/admin/KRAConnectorProcessor.java +++ b/base/server/cms/src/com/netscape/cms/servlet/admin/KRAConnectorProcessor.java @@ -194,7 +194,7 @@ public class KRAConnectorProcessor extends CAProcessor { String nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) nickname = tokenname + ":" + nickname; cs.putString(PREFIX + ".nickName", nickname); cs.commit(true); diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java index 27840bdc6..55860fad5 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java +++ b/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java @@ -245,8 +245,7 @@ public class CRSEnrollment extends HttpServlet { mTokenName = scepConfig.getString("tokenname", ""); mUseCA = false; } - if (!(mTokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_NAME) || - mTokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) || mTokenName.length() == 0)) { + if (!CryptoUtil.isInternalToken(mTokenName)) { int i = mNickname.indexOf(':'); if (!((i > -1) && (mTokenName.length() == i) && (mNickname.startsWith(mTokenName)))) { mNickname = mTokenName + ":" + mNickname; @@ -1964,9 +1963,7 @@ public class CRSEnrollment extends HttpServlet { cm = CryptoManager.getInstance(); internalToken = cm.getInternalCryptoToken(); DESkg = internalToken.getKeyGenerator(kga); - if (mTokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_NAME) || - mTokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) || - mTokenName.length() == 0) { + if (CryptoUtil.isInternalToken(mTokenName)) { keyStorageToken = cm.getInternalKeyStorageToken(); internalKeyStorageToken = keyStorageToken; CMS.debug("CRSEnrollment: CryptoContext: internal token name: '" + mTokenName + "'"); diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java index d652963b1..018bfc7c1 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java @@ -763,8 +763,7 @@ public class CertUtil { } String fullnickname = nickname; - - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (!CryptoUtil.isInternalToken(tokenname)) { fullnickname = tokenname + ":" + nickname; } diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index 105ae6ee9..e65035ecb 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -997,8 +997,7 @@ public class ConfigurationUtils { String name1 = "preop.master." + tag + ".nickname"; String nickname = cs.getString(name1, ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && - !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) nickname = tokenname + ":" + nickname; CMS.debug("ConfigurationUtils.verifySystemCertificates(): checking certificate " + nickname); @@ -2341,9 +2340,8 @@ public class ConfigurationUtils { CryptoManager cm = CryptoManager.getInstance(); - if (token != null) { - if (!token.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) - nickname = token + ":" + nickname; + if (!CryptoUtil.isInternalToken(token)) { + nickname = token + ":" + nickname; } X509Certificate cert = cm.findCertByNickname(nickname); @@ -2815,7 +2813,7 @@ public class ConfigurationUtils { String cstype = config.getString("cs.type", null); cstype = cstype.toLowerCase(); if (cstype.equals("kra")) { - if (!token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (!CryptoUtil.isInternalToken(token)) { if (certTag.equals("storage")) { config.putString(subsystem + ".storageUnit.hardware", token); config.putString(subsystem + ".storageUnit.nickName", token + ":" + nickname); @@ -2834,7 +2832,7 @@ public class ConfigurationUtils { String serverCertNickname = nickname; String path = CMS.getConfigStore().getString("instanceRoot", ""); if (certTag.equals("sslserver")) { - if (!token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (!CryptoUtil.isInternalToken(token)) { serverCertNickname = token + ":" + nickname; } PrintStream ps = new PrintStream(path + "/conf/serverCertNick.conf", "UTF-8"); @@ -2845,7 +2843,7 @@ public class ConfigurationUtils { config.putString(subsystem + "." + certTag + ".nickname", nickname); config.putString(subsystem + "." + certTag + ".tokenname", token); if (certTag.equals("audit_signing")) { - if (!token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && !token.equals("")) { + if (!CryptoUtil.isInternalToken(token)) { config.putString("log.instance.SignedAudit.signedAuditCertNickname", token + ":" + nickname); } else { @@ -2855,7 +2853,7 @@ public class ConfigurationUtils { } // for system certs verification - if (!token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && !token.equals("")) { + if (!CryptoUtil.isInternalToken(token)) { config.putString(subsystem + ".cert." + certTag + ".nickname", token + ":" + nickname); } else { @@ -2929,7 +2927,7 @@ public class ConfigurationUtils { cstype = cstype.toLowerCase(); if (cstype.equals("kra")) { String token = config.getString("preop.module.token"); - if (!token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (!CryptoUtil.isInternalToken(token)) { CMS.debug("ConfigurationUtils: updating configuration for KRA clone with hardware token"); String subsystem = config.getString(PCERT_PREFIX + "storage.subsystem"); String storageNickname = getNickname(config, "storage"); @@ -2947,7 +2945,7 @@ public class ConfigurationUtils { // audit signing cert String audit_nn = config.getString(cstype + ".audit_signing" + ".nickname", ""); String audit_tk = config.getString(cstype + ".audit_signing" + ".tokenname", ""); - if (!audit_tk.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && !audit_tk.equals("")) { + if (!CryptoUtil.isInternalToken(audit_tk)) { config.putString("log.instance.SignedAudit.signedAuditCertNickname", audit_tk + ":" + audit_nn); } else { @@ -3332,7 +3330,7 @@ public class ConfigurationUtils { if (certTag.equals("signing") && subsystem.equals("ca")) { String NickName = nickname; - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) NickName = tokenname + ":" + nickname; CMS.debug("handleCerts(): set trust on CA signing cert " + NickName); @@ -3349,7 +3347,7 @@ public class ConfigurationUtils { IConfigStore cs = CMS.getConfigStore(); String nickname = cs.getString("preop.cert." + tag + ".nickname", ""); String tokenname = cs.getString("preop.module.token", ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) nickname = tokenname + ":" + nickname; CryptoManager cm = CryptoManager.getInstance(); @@ -3375,7 +3373,7 @@ public class ConfigurationUtils { String fullnickname = nickname; boolean hardware = false; - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (!CryptoUtil.isInternalToken(tokenname)) { hardware = true; fullnickname = tokenname + ":" + nickname; } @@ -3437,9 +3435,7 @@ public class ConfigurationUtils { CryptoToken tok = CryptoUtil.getKeyStorageToken(tokenname); CryptoStore store = tok.getCryptoStore(); String fullnickname = nickname; - if (!tokenname.equals("") && - !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && - !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) fullnickname = tokenname + ":" + nickname; CMS.debug("deleteCert: nickname=" + fullnickname); @@ -3485,7 +3481,7 @@ public class ConfigurationUtils { String nickname = cs.getString("preop.cert." + t + ".nickname"); String modname = cs.getString("preop.module.token"); - if (!modname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(modname)) nickname = modname + ":" + nickname; util.loadCertFromNSS(pkcs12, nickname, true, false); @@ -3997,9 +3993,7 @@ public class ConfigurationUtils { String nickname = cs.getString("preop.cert.subsystem.nickname", ""); String tokenname = cs.getString("preop.module.token", ""); - if (!tokenname.equals("") && - !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && - !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (!CryptoUtil.isInternalToken(tokenname)) { nickname = tokenname + ":" + nickname; } CMS.debug("updateDomainXML() nickname=" + nickname); @@ -4574,8 +4568,7 @@ public class ConfigurationUtils { String nickname = cs.getString("preop.cert.subsystem.nickname", ""); String tokenname = cs.getString("preop.module.token", ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) - && !tokenname.equals("")) { + if (!CryptoUtil.isInternalToken(tokenname)) { nickname = tokenname + ":" + nickname; } diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java index 6bb0746b7..ba292a664 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java @@ -70,7 +70,7 @@ public class GetSubsystemCert extends CMSServlet { try { nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) nickname = tokenname + ":" + nickname; } catch (Exception e) { } diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java index d5b552be8..1a7d89d72 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java @@ -108,7 +108,7 @@ public class UpdateOCSPConfig extends CMSServlet { try { nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) nickname = tokenname + ":" + nickname; } catch (Exception e) { } diff --git a/base/server/cms/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java b/base/server/cms/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java index d4e8f92b6..d2dec7310 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java @@ -356,7 +356,7 @@ public class AddCRLServlet extends CMSServlet { String tokenName = CMS.getConfigStore().getString("ocsp.crlVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME); savedToken = cmanager.getThreadToken(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { verToken = cmanager.getInternalCryptoToken(); } else { verToken = cmanager.getTokenByName(tokenName); diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java index a0c1b785e..2cf76d80a 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java @@ -34,8 +34,6 @@ import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.Request; import javax.ws.rs.core.UriInfo; -import netscape.security.x509.X509CertImpl; - import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.mutable.MutableBoolean; import org.mozilla.jss.CryptoManager; @@ -68,6 +66,8 @@ import com.netscape.cms.servlet.csadmin.SystemCertDataFactory; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.Utils; +import netscape.security.x509.X509CertImpl; + /** * @author alee * @@ -150,7 +150,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou // specify module and log into token CMS.debug("=== Token Authentication ==="); String token = data.getToken(); - if (token == null) { + if (CryptoUtil.isInternalToken(token)) { token = CryptoUtil.INTERNAL_TOKEN_FULL_NAME; } loginToken(data, token); @@ -569,12 +569,16 @@ public class SystemConfigService extends PKIService implements SystemConfigResou ObjectNotFoundException, TokenException { // TODO - some of these parameters may only be valid for RSA CryptoManager cryptoManager = CryptoManager.getInstance(); - if (!tokenName.isEmpty()) + String nickname; + if (!CryptoUtil.isInternalToken(tokenName)) { CMS.debug("SystemConfigService:updateCloneConfiguration: tokenName=" + tokenName); - else + nickname = tokenName + ":" + cdata.getNickname(); + } else { CMS.debug("SystemConfigService:updateCloneConfiguration: tokenName empty; using internal"); + nickname = cdata.getNickname(); + } - X509Certificate cert = cryptoManager.findCertByNickname(!tokenName.isEmpty()? tokenName + ":" + cdata.getNickname() : cdata.getNickname()); + X509Certificate cert = cryptoManager.findCertByNickname(nickname); PublicKey pubk = cert.getPublicKey(); byte[] exponent = CryptoUtil.getPublicExponent(pubk); byte[] modulus = CryptoUtil.getModulus(pubk); @@ -588,7 +592,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } private void updateConfiguration(ConfigurationRequest data, SystemCertData cdata, String tag) { - if (cdata.getToken().equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (CryptoUtil.isInternalToken(cdata.getToken())) { cs.putString(csSubsystem + ".cert." + tag + ".nickname", cdata.getNickname()); } else { cs.putString(csSubsystem + ".cert." + tag + ".nickname", data.getToken() + @@ -877,7 +881,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou CMS.debug("SystemConfigService: get configuration entries from master"); ConfigurationUtils.getConfigEntriesFromMaster(); - if (token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (CryptoUtil.isInternalToken(token)) { if (!data.getSystemCertsImported()) { CMS.debug("SystemConfigService: restore certificates from P12 file"); String p12File = data.getP12File(); @@ -1019,7 +1023,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou public void loginToken(ConfigurationRequest data, String token) { cs.putString("preop.module.token", token); - if (! token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (!CryptoUtil.isInternalToken(token)) { try { CryptoManager cryptoManager = CryptoManager.getInstance(); CryptoToken ctoken = cryptoManager.getTokenByName(token); @@ -1130,7 +1134,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou throw new BadRequestException("Invalid clone URI: " + cloneUri, e); } - if (data.getToken().equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (CryptoUtil.isInternalToken(data.getToken())) { if (!data.getSystemCertsImported()) { if (data.getP12File() == null) { throw new BadRequestException("P12 filename not provided"); diff --git a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java index bfb44aba0..90ee8b90a 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java +++ b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java @@ -1448,8 +1448,7 @@ public class CMSEngine implements ICMSEngine { nickName) { String newName = null; - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME) || - tokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) newName = nickName; else { if (tokenName.equals("") && nickName.equals("")) diff --git a/base/server/cmscore/src/com/netscape/cmscore/security/CASigningCert.java b/base/server/cmscore/src/com/netscape/cmscore/security/CASigningCert.java index 4cf9501a5..27a339eee 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/security/CASigningCert.java +++ b/base/server/cmscore/src/com/netscape/cmscore/security/CASigningCert.java @@ -21,8 +21,6 @@ import java.io.IOException; import java.math.BigInteger; import java.security.KeyPair; -import netscape.security.x509.KeyUsageExtension; - import org.mozilla.jss.crypto.PQGParamGenException; import org.mozilla.jss.crypto.PQGParams; @@ -34,6 +32,8 @@ import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; import com.netscape.cmsutil.crypto.CryptoUtil; +import netscape.security.x509.KeyUsageExtension; + /** * CA signing certificate. * @@ -129,7 +129,7 @@ public class CASigningCert extends CertificateInfo { throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", keyType)); cmsFileTmp.putString("ca.signing.defaultSigningAlgorithm", alg); - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenname)) cmsFileTmp.putString("ca.signing.cacertnickname", nickname); else cmsFileTmp.putString("ca.signing.cacertnickname", diff --git a/base/server/cmscore/src/com/netscape/cmscore/security/JssSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/security/JssSubsystem.java index ec6611167..a721d4e52 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/security/JssSubsystem.java +++ b/base/server/cmscore/src/com/netscape/cmscore/security/JssSubsystem.java @@ -44,15 +44,6 @@ import java.util.Locale; import java.util.StringTokenizer; import java.util.Vector; -import netscape.ldap.util.DN; -import netscape.security.x509.AlgIdDSA; -import netscape.security.x509.AlgorithmId; -import netscape.security.x509.BasicConstraintsExtension; -import netscape.security.x509.CertificateExtensions; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; - import org.mozilla.jss.CryptoManager; import org.mozilla.jss.CryptoManager.NicknameConflictException; import org.mozilla.jss.CryptoManager.NotInitializedException; @@ -100,6 +91,15 @@ import com.netscape.cmscore.util.Debug; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.Utils; +import netscape.ldap.util.DN; +import netscape.security.x509.AlgIdDSA; +import netscape.security.x509.AlgorithmId; +import netscape.security.x509.BasicConstraintsExtension; +import netscape.security.x509.CertificateExtensions; +import netscape.security.x509.X500Name; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; + /** * Subsystem for initializing JSS> * <P> @@ -540,7 +540,7 @@ public final class JssSubsystem implements ICryptoSubsystem { public boolean isTokenLoggedIn(String name) throws EBaseException { try { - if (name.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(name)) name = CryptoUtil.INTERNAL_TOKEN_FULL_NAME; CryptoToken ctoken = mCryptoManager.getTokenByName(name); @@ -631,7 +631,7 @@ public final class JssSubsystem implements ICryptoSubsystem { StringBuffer certNames = new StringBuffer(); try { - if (name.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(name)) { c = mCryptoManager.getInternalKeyStorageToken(); } else { c = mCryptoManager.getTokenByName(name); @@ -681,7 +681,7 @@ public final class JssSubsystem implements ICryptoSubsystem { StringBuffer certNames = new StringBuffer(); try { - if (name.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(name)) { c = mCryptoManager.getInternalKeyStorageToken(); } else { c = mCryptoManager.getTokenByName(name); @@ -794,7 +794,7 @@ public final class JssSubsystem implements ICryptoSubsystem { int keySize, PQGParams pqg) throws EBaseException { String t = tokenName; - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) t = CryptoUtil.INTERNAL_TOKEN_FULL_NAME; CryptoToken token = null; @@ -911,8 +911,7 @@ public final class JssSubsystem implements ICryptoSubsystem { String tmp = (String) properties.get(Constants.PR_TOKEN_NAME); - if ((tmp != null) && - (!tmp.equals(CryptoUtil.INTERNAL_TOKEN_NAME))) + if (!CryptoUtil.isInternalToken(tmp)) tokenname = tmp; tmp = (String) properties.get(Constants.PR_KEY_TYPE); if (tmp != null) @@ -950,7 +949,7 @@ public final class JssSubsystem implements ICryptoSubsystem { public KeyPair getECCKeyPair(String token, String keyCurve, String certType) throws EBaseException { KeyPair pair = null; - if ((token == null) || (token.equals(""))) + if (CryptoUtil.isInternalToken(token)) token = CryptoUtil.INTERNAL_TOKEN_NAME; if ((keyCurve == null) || (keyCurve.equals(""))) @@ -1078,7 +1077,7 @@ public final class JssSubsystem implements ICryptoSubsystem { String issuername) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { nickname = nickname.substring(index + 1); } try { @@ -1166,7 +1165,7 @@ public final class JssSubsystem implements ICryptoSubsystem { + list[i].getNickname()); } catch (ObjectNotFoundException e) { String nickname = list[i].getNickname(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { nickname = CryptoUtil.INTERNAL_TOKEN_NAME + ":" + nickname; } X509CertImpl impl = null; @@ -1236,8 +1235,7 @@ public final class JssSubsystem implements ICryptoSubsystem { PrivateKey key = CryptoManager.getInstance().findPrivKeyByCert(list[i]); // check for errors String nickname = list[i].getNickname(); - if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME) || - tokenName.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { nickname = CryptoUtil.INTERNAL_TOKEN_NAME + ":" + nickname; } X509CertImpl impl = null; @@ -1745,7 +1743,7 @@ public final class JssSubsystem implements ICryptoSubsystem { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { nickname = nickname.substring(index + 1); } try { @@ -1783,7 +1781,7 @@ public final class JssSubsystem implements ICryptoSubsystem { String issuerName) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { nickname = nickname.substring(index + 1); } try { @@ -1829,7 +1827,7 @@ public final class JssSubsystem implements ICryptoSubsystem { String issuerName, Locale locale) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { nickname = nickname.substring(index + 1); } try { @@ -1873,7 +1871,7 @@ public final class JssSubsystem implements ICryptoSubsystem { String issuerName, Locale locale) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { nickname = nickname.substring(index + 1); } try { diff --git a/base/server/cmscore/src/com/netscape/cmscore/security/KRATransportCert.java b/base/server/cmscore/src/com/netscape/cmscore/security/KRATransportCert.java index 9f8ef75c7..d50aaccf1 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/security/KRATransportCert.java +++ b/base/server/cmscore/src/com/netscape/cmscore/security/KRATransportCert.java @@ -20,8 +20,6 @@ package com.netscape.cmscore.security; import java.io.IOException; import java.security.KeyPair; -import netscape.security.x509.KeyUsageExtension; - import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.ConfigConstants; @@ -29,6 +27,8 @@ import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; import com.netscape.cmsutil.crypto.CryptoUtil; +import netscape.security.x509.KeyUsageExtension; + /** * KRA transport certificate * @@ -52,7 +52,7 @@ public class KRATransportCert extends CertificateInfo { String tokenname = (String) mProperties.get(Constants.PR_TOKEN_NAME); String nickname = getNickname(); - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenname)) cmsFileTmp.putString("kra.transportUnit.nickName", nickname); else cmsFileTmp.putString("kra.transportUnit.nickName", tokenname + ":" + nickname); diff --git a/base/server/cmscore/src/com/netscape/cmscore/security/KeyCertUtil.java b/base/server/cmscore/src/com/netscape/cmscore/security/KeyCertUtil.java index f8d2ebd47..802028b2e 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/security/KeyCertUtil.java +++ b/base/server/cmscore/src/com/netscape/cmscore/security/KeyCertUtil.java @@ -41,43 +41,6 @@ import java.security.interfaces.RSAPublicKey; import java.util.Enumeration; import java.util.Vector; -import netscape.ldap.LDAPAttribute; -import netscape.ldap.LDAPAttributeSet; -import netscape.ldap.LDAPConnection; -import netscape.ldap.LDAPEntry; -import netscape.ldap.LDAPException; -import netscape.ldap.LDAPModification; -import netscape.security.extensions.AuthInfoAccessExtension; -import netscape.security.extensions.ExtendedKeyUsageExtension; -import netscape.security.extensions.NSCertTypeExtension; -import netscape.security.extensions.OCSPNoCheckExtension; -import netscape.security.pkcs.PKCS10; -import netscape.security.pkcs.PKCS10Attribute; -import netscape.security.pkcs.PKCS10Attributes; -import netscape.security.pkcs.PKCS9Attribute; -import netscape.security.util.BigInt; -import netscape.security.util.DerOutputStream; -import netscape.security.util.DerValue; -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.AlgIdDSA; -import netscape.security.x509.AlgorithmId; -import netscape.security.x509.AuthorityKeyIdentifierExtension; -import netscape.security.x509.BasicConstraintsExtension; -import netscape.security.x509.CertificateAlgorithmId; -import netscape.security.x509.CertificateExtensions; -import netscape.security.x509.Extension; -import netscape.security.x509.Extensions; -import netscape.security.x509.GeneralName; -import netscape.security.x509.KeyIdentifier; -import netscape.security.x509.KeyUsageExtension; -import netscape.security.x509.SubjectKeyIdentifierExtension; -import netscape.security.x509.URIName; -import netscape.security.x509.X500Name; -import netscape.security.x509.X500Signer; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; -import netscape.security.x509.X509Key; - import org.mozilla.jss.CryptoManager; import org.mozilla.jss.CryptoManager.NicknameConflictException; import org.mozilla.jss.CryptoManager.NotInitializedException; @@ -115,6 +78,43 @@ import com.netscape.cmscore.dbs.X509CertImplMapper; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.Utils; +import netscape.ldap.LDAPAttribute; +import netscape.ldap.LDAPAttributeSet; +import netscape.ldap.LDAPConnection; +import netscape.ldap.LDAPEntry; +import netscape.ldap.LDAPException; +import netscape.ldap.LDAPModification; +import netscape.security.extensions.AuthInfoAccessExtension; +import netscape.security.extensions.ExtendedKeyUsageExtension; +import netscape.security.extensions.NSCertTypeExtension; +import netscape.security.extensions.OCSPNoCheckExtension; +import netscape.security.pkcs.PKCS10; +import netscape.security.pkcs.PKCS10Attribute; +import netscape.security.pkcs.PKCS10Attributes; +import netscape.security.pkcs.PKCS9Attribute; +import netscape.security.util.BigInt; +import netscape.security.util.DerOutputStream; +import netscape.security.util.DerValue; +import netscape.security.util.ObjectIdentifier; +import netscape.security.x509.AlgIdDSA; +import netscape.security.x509.AlgorithmId; +import netscape.security.x509.AuthorityKeyIdentifierExtension; +import netscape.security.x509.BasicConstraintsExtension; +import netscape.security.x509.CertificateAlgorithmId; +import netscape.security.x509.CertificateExtensions; +import netscape.security.x509.Extension; +import netscape.security.x509.Extensions; +import netscape.security.x509.GeneralName; +import netscape.security.x509.KeyIdentifier; +import netscape.security.x509.KeyUsageExtension; +import netscape.security.x509.SubjectKeyIdentifierExtension; +import netscape.security.x509.URIName; +import netscape.security.x509.X500Name; +import netscape.security.x509.X500Signer; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; +import netscape.security.x509.X509Key; + /** * This class provides all the base methods to generate the key for different * kinds of certificates. @@ -339,7 +339,7 @@ public class KeyCertUtil { CryptoManager manager = CryptoManager.getInstance(); CryptoToken token = null; - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { token = manager.getInternalKeyStorageToken(); } else { token = manager.getTokenByName(tokenname); @@ -499,11 +499,11 @@ public class KeyCertUtil { CryptoToken token = null; - if (tokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenName)) tokenName = CryptoUtil.INTERNAL_TOKEN_NAME; try { - if (tokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenName)) { token = CryptoManager.getInstance().getInternalKeyStorageToken(); } else { token = CryptoManager.getInstance().getTokenByName(tokenName); @@ -1124,7 +1124,7 @@ public class KeyCertUtil { IOException, CertificateException { String fullnickname = nickname; - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) fullnickname = tokenname + ":" + nickname; CryptoManager manager = CryptoManager.getInstance(); X509Certificate cert = manager.findCertByNickname(fullnickname); diff --git a/base/server/cmscore/src/com/netscape/cmscore/security/OCSPSigningCert.java b/base/server/cmscore/src/com/netscape/cmscore/security/OCSPSigningCert.java index f60600f6e..c2b9a733e 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/security/OCSPSigningCert.java +++ b/base/server/cmscore/src/com/netscape/cmscore/security/OCSPSigningCert.java @@ -21,8 +21,6 @@ import java.io.IOException; import java.math.BigInteger; import java.security.KeyPair; -import netscape.security.x509.KeyUsageExtension; - import org.mozilla.jss.crypto.PQGParamGenException; import org.mozilla.jss.crypto.PQGParams; @@ -34,6 +32,8 @@ import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; import com.netscape.cmsutil.crypto.CryptoUtil; +import netscape.security.x509.KeyUsageExtension; + /** * OCSP signing certificate. * @@ -107,7 +107,7 @@ public class OCSPSigningCert extends CertificateInfo { throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", keyType)); cmsFileTmp.putString("ca.signing.defaultSigningAlgorithm", alg); - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) + if (CryptoUtil.isInternalToken(tokenname)) cmsFileTmp.putString("ca.signing.cacertnickname", nickname); else cmsFileTmp.putString("ca.signing.cacertnickname", diff --git a/base/server/cmscore/src/com/netscape/cmscore/security/SSLCert.java b/base/server/cmscore/src/com/netscape/cmscore/security/SSLCert.java index a7d5f7992..45af2bc7e 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/security/SSLCert.java +++ b/base/server/cmscore/src/com/netscape/cmscore/security/SSLCert.java @@ -20,8 +20,6 @@ package com.netscape.cmscore.security; import java.io.IOException; import java.security.KeyPair; -import netscape.security.x509.KeyUsageExtension; - import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.ConfigConstants; @@ -29,6 +27,8 @@ import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; import com.netscape.cmsutil.crypto.CryptoUtil; +import netscape.security.x509.KeyUsageExtension; + /** * SSL server certificate * @@ -63,7 +63,7 @@ public class SSLCert extends CertificateInfo { String nickname = getNickname(); String fullNickname = ""; - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { fullNickname = nickname; } else { fullNickname = tokenname + ":" + nickname; diff --git a/base/server/cmscore/src/com/netscape/cmscore/security/SSLSelfSignedCert.java b/base/server/cmscore/src/com/netscape/cmscore/security/SSLSelfSignedCert.java index 66b20c47e..45f06af68 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/security/SSLSelfSignedCert.java +++ b/base/server/cmscore/src/com/netscape/cmscore/security/SSLSelfSignedCert.java @@ -20,8 +20,6 @@ package com.netscape.cmscore.security; import java.io.IOException; import java.security.KeyPair; -import netscape.security.x509.KeyUsageExtension; - import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.ConfigConstants; @@ -29,6 +27,8 @@ import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; import com.netscape.cmsutil.crypto.CryptoUtil; +import netscape.security.x509.KeyUsageExtension; + /** * SSL server certificate * @@ -57,7 +57,7 @@ public class SSLSelfSignedCert extends CertificateInfo { String nickname = getNickname(); String fullNickname = ""; - if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (CryptoUtil.isInternalToken(tokenname)) { fullNickname = nickname; } else { fullNickname = tokenname + ":" + nickname; diff --git a/base/tps/src/org/dogtagpki/server/tps/TPSSubsystem.java b/base/tps/src/org/dogtagpki/server/tps/TPSSubsystem.java index 402718f26..f718576c5 100644 --- a/base/tps/src/org/dogtagpki/server/tps/TPSSubsystem.java +++ b/base/tps/src/org/dogtagpki/server/tps/TPSSubsystem.java @@ -364,10 +364,11 @@ public class TPSSubsystem implements IAuthority, ISubsystem { public org.mozilla.jss.crypto.X509Certificate getSubsystemCert() throws EBaseException, NotInitializedException, ObjectNotFoundException, TokenException { + IConfigStore cs = CMS.getConfigStore(); String nickname = cs.getString("tps.subsystem.nickname", ""); String tokenname = cs.getString("tps.subsystem.tokenname", ""); - if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!CryptoUtil.isInternalToken(tokenname)) nickname = tokenname + ":" + nickname; CryptoManager cm = CryptoManager.getInstance(); diff --git a/base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java b/base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java index 823b0d7bf..1ff32b39f 100644 --- a/base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java +++ b/base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java @@ -51,8 +51,7 @@ public class TPSInstallerService extends SystemConfigService { // get token prefix, if applicable String tokPrefix = ""; - if (!request.getToken().equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && - !request.getToken().equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { + if (!CryptoUtil.isInternalToken(request.getToken())) { tokPrefix = request.getToken() + ":"; } |