summaryrefslogtreecommitdiffstats
path: root/base/server/cms/src/com
diff options
context:
space:
mode:
Diffstat (limited to 'base/server/cms/src/com')
-rw-r--r--base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java8
-rw-r--r--base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java17
-rw-r--r--base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java2
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java7
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java3
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java2
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java6
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java26
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java10
9 files changed, 21 insertions, 60 deletions
diff --git a/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java b/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java
index d1c04ee9b..44dbed043 100644
--- a/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java
+++ b/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java
@@ -519,11 +519,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
String tokenName =
CMS.getConfigStore().getString("ca.requestVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME);
savedToken = cm.getThreadToken();
- if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) {
- signToken = cm.getInternalCryptoToken();
- } else {
- signToken = cm.getTokenByName(tokenName);
- }
+ signToken = CryptoUtil.getCryptoToken(tokenName);
if (!savedToken.getName().equals(signToken.getName())) {
cm.setThreadToken(signToken);
tokenSwitched = true;
@@ -928,7 +924,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
// by default JSS will use internal crypto token
if (!CryptoUtil.isInternalToken(tokenName)) {
savedToken = cm.getThreadToken();
- signToken = cm.getTokenByName(tokenName);
+ signToken = CryptoUtil.getCryptoToken(tokenName);
if(signToken != null) {
cm.setThreadToken(signToken);
tokenSwitched = true;
diff --git a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java
index 3b6916b37..8d10ec26b 100644
--- a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java
+++ b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java
@@ -702,11 +702,7 @@ public abstract class EnrollProfile extends BasicProfile
String tokenName =
CMS.getConfigStore().getString("ca.requestVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME);
savedToken = cm.getThreadToken();
- if (CryptoUtil.isInternalToken(tokenName)) {
- signToken = cm.getInternalCryptoToken();
- } else {
- signToken = cm.getTokenByName(tokenName);
- }
+ signToken = CryptoUtil.getCryptoToken(tokenName);
if (!savedToken.getName().equals(signToken.getName())) {
cm.setThreadToken(signToken);
tokenSwitched = true;
@@ -1057,14 +1053,7 @@ public abstract class EnrollProfile extends BasicProfile
CMS.debug("EnrollProfile: parsePKCS10: signature verification enabled");
String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME);
savedToken = cm.getThreadToken();
- CryptoToken signToken = null;
- if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) {
- CMS.debug("EnrollProfile: parsePKCS10: use internal token");
- signToken = cm.getInternalCryptoToken();
- } else {
- CMS.debug("EnrollProfile: parsePKCS10: tokenName=" + tokenName);
- signToken = cm.getTokenByName(tokenName);
- }
+ CryptoToken signToken = CryptoUtil.getCryptoToken(tokenName);
CMS.debug("EnrollProfile: parsePKCS10 setting thread token");
cm.setThreadToken(signToken);
pkcs10 = new PKCS10(data);
@@ -1514,7 +1503,7 @@ public abstract class EnrollProfile extends BasicProfile
certReqMsg.verify();
} else {
CMS.debug("POP verification using token:" + tokenName);
- verifyToken = cm.getTokenByName(tokenName);
+ verifyToken = CryptoUtil.getCryptoToken(tokenName);
certReqMsg.verify(verifyToken);
}
diff --git a/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java b/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java
index 0a389fe6f..f24695145 100644
--- a/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java
+++ b/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java
@@ -213,7 +213,7 @@ public abstract class EnrollInput implements IProfileInput {
certReqMsg.verify();
} else {
CMS.debug("POP verification using token:" + tokenName);
- verifyToken = cm.getTokenByName(tokenName);
+ verifyToken = CryptoUtil.getCryptoToken(tokenName);
certReqMsg.verify(verifyToken);
}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
index eecbdbcd0..2c3c6beed 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
@@ -911,17 +911,12 @@ public final class CMSAdminServlet extends AdminServlet {
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
CryptoToken token = null;
- CryptoManager mCryptoManager = null;
- try {
- mCryptoManager = CryptoManager.getInstance();
- } catch (Exception e2) {
- }
if (!jssSubSystem.isTokenLoggedIn(selectedToken)) {
PasswordCallback cpcb = new ConsolePasswordCallback();
while (true) {
try {
- token = mCryptoManager.getTokenByName(selectedToken);
+ token = CryptoUtil.getKeyStorageToken(selectedToken);
token.login(cpcb);
break;
} catch (Exception e3) {
diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java
index 55860fad5..c2c6cde45 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java
@@ -1963,12 +1963,11 @@ public class CRSEnrollment extends HttpServlet {
cm = CryptoManager.getInstance();
internalToken = cm.getInternalCryptoToken();
DESkg = internalToken.getKeyGenerator(kga);
+ keyStorageToken = CryptoUtil.getKeyStorageToken(mTokenName);
if (CryptoUtil.isInternalToken(mTokenName)) {
- keyStorageToken = cm.getInternalKeyStorageToken();
internalKeyStorageToken = keyStorageToken;
CMS.debug("CRSEnrollment: CryptoContext: internal token name: '" + mTokenName + "'");
} else {
- keyStorageToken = cm.getTokenByName(mTokenName);
internalKeyStorageToken = null;
}
if (!mUseCA && internalKeyStorageToken == null) {
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index e65035ecb..0f3153d3d 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -993,7 +993,7 @@ public class ConfigurationUtils {
continue;
String tokenname = cs.getString("preop.module.token", "");
- cm.getTokenByName(tokenname); // throw exception if token doesn't exist
+ CryptoUtil.getKeyStorageToken(tokenname); // throw exception if token doesn't exist
String name1 = "preop.master." + tag + ".nickname";
String nickname = cs.getString(name1, "");
diff --git a/base/server/cms/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java b/base/server/cms/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
index d2dec7310..386ce93e7 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
@@ -356,11 +356,7 @@ public class AddCRLServlet extends CMSServlet {
String tokenName =
CMS.getConfigStore().getString("ocsp.crlVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME);
savedToken = cmanager.getThreadToken();
- if (CryptoUtil.isInternalToken(tokenName)) {
- verToken = cmanager.getInternalCryptoToken();
- } else {
- verToken = cmanager.getTokenByName(tokenName);
- }
+ verToken = CryptoUtil.getCryptoToken(tokenName);
if (!savedToken.getName().equals(verToken.getName())) {
cmanager.setThreadToken(verToken);
tokenSwitched = true;
diff --git a/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java b/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java
index a5cae347b..1766f0459 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java
@@ -4,7 +4,6 @@ import java.io.ByteArrayOutputStream;
import java.io.CharConversionException;
import java.io.IOException;
import java.nio.ByteBuffer;
-import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
@@ -13,11 +12,9 @@ import java.util.Map;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.CryptoManager.NotInitializedException;
import org.mozilla.jss.NoSuchTokenException;
-import org.mozilla.jss.crypto.BadPaddingException;
import org.mozilla.jss.crypto.Cipher;
import org.mozilla.jss.crypto.CryptoToken;
import org.mozilla.jss.crypto.EncryptionAlgorithm;
-import org.mozilla.jss.crypto.IllegalBlockSizeException;
import org.mozilla.jss.crypto.KeyGenAlgorithm;
import org.mozilla.jss.crypto.KeyGenerator;
import org.mozilla.jss.crypto.KeyWrapAlgorithm;
@@ -687,18 +684,13 @@ public class SecureChannelProtocol {
return null;
}
- public CryptoToken returnTokenByName(String name, CryptoManager manager) throws NoSuchTokenException {
+ public CryptoToken returnTokenByName(String name, CryptoManager manager) throws NoSuchTokenException, NotInitializedException {
CMS.debug("returnTokenByName: requested name: " + name);
if (name == null || manager == null)
throw new NoSuchTokenException();
- if(CryptoUtil.isInternalToken(name)) {
- return manager.getInternalKeyStorageToken();
- } else {
- return manager.getTokenByName(name);
- }
-
+ return CryptoUtil.getKeyStorageToken(name);
}
public static byte[] makeDes3FromDes2(byte[] des2) {
@@ -795,8 +787,7 @@ public class SecureChannelProtocol {
symKeyFinal = this.makeDes3KeyDerivedFromDes2(symKey, selectedToken);
- } catch (NoSuchAlgorithmException | TokenException | NoSuchTokenException | IllegalStateException
- | CharConversionException e) {
+ } catch (Exception e) {
CMS.debug(method + " " + e);
throw new EBaseException(e);
}
@@ -874,7 +865,7 @@ public class SecureChannelProtocol {
des3 = concat.derive();
- } catch (NoSuchTokenException | IllegalStateException | TokenException | InvalidKeyException e) {
+ } catch (Exception e) {
CMS.debug(method + " " + e);
throw new EBaseException(e);
}
@@ -907,7 +898,7 @@ public class SecureChannelProtocol {
extracted16 = extract16.derive();
- } catch (NoSuchTokenException | IllegalStateException | TokenException | InvalidKeyException e) {
+ } catch (Exception e) {
CMS.debug(method + " " + e);
throw new EBaseException(e);
}
@@ -945,8 +936,7 @@ public class SecureChannelProtocol {
keyWrap = token.getKeyWrapper(KeyWrapAlgorithm.DES3_ECB);
keyWrap.initWrap(wrapper, null);
wrappedSessKeyData = keyWrap.wrap(sessionKey);
- } catch (NoSuchAlgorithmException | TokenException | InvalidKeyException | InvalidAlgorithmParameterException
- | NoSuchTokenException e) {
+ } catch (Exception e) {
CMS.debug(method + " " + e);
throw new EBaseException(e);
}
@@ -982,9 +972,7 @@ public class SecureChannelProtocol {
CMS.debug(method + "done doFinal");
// SecureChannelProtocol.debugByteArray(output, "Encrypted data:");
- } catch (EBaseException | NoSuchTokenException | NoSuchAlgorithmException | TokenException
- | InvalidKeyException | InvalidAlgorithmParameterException |
- IllegalStateException | IllegalBlockSizeException | BadPaddingException e) {
+ } catch (Exception e) {
CMS.debug(method + e);
throw new EBaseException(method + e);
diff --git a/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java b/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java
index 39cd429df..a282cd26f 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java
@@ -615,10 +615,9 @@ public class TokenServlet extends CMSServlet {
CryptoToken token = null;
if (useSoftToken_s.equals("true")) {
- //token = CryptoManager.getInstance().getTokenByName(selectedToken);
- token = CryptoManager.getInstance().getInternalCryptoToken();
+ token = CryptoUtil.getCryptoToken(null);
} else {
- token = CryptoManager.getInstance().getTokenByName(selectedToken);
+ token = CryptoUtil.getCryptoToken(selectedToken);
}
//Now we have to create a sym key object for the wrapped session_key (dekKey)
@@ -1242,10 +1241,9 @@ public class TokenServlet extends CMSServlet {
// wrap kek session key with DRM transport public key
CryptoToken token = null;
if (useSoftToken_s.equals("true")) {
- //token = CryptoManager.getInstance().getTokenByName(selectedToken);
- token = CryptoManager.getInstance().getInternalCryptoToken();
+ token = CryptoUtil.getCryptoToken(null);
} else {
- token = CryptoManager.getInstance().getTokenByName(selectedToken);
+ token = CryptoUtil.getCryptoToken(selectedToken);
}
PublicKey pubKey = drmTransCert.getPublicKey();
String pubKeyAlgo = pubKey.getAlgorithm();
generated by cgit (git 2.34.1) at 2026-03-19 08:43:43 +0000