diff options
Diffstat (limited to 'base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java')
-rw-r--r-- | base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java | 35 |
1 files changed, 28 insertions, 7 deletions
diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java index db9a230cb..c5015cc8c 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java @@ -15,6 +15,11 @@ import java.util.Map; import java.util.Random; import java.util.zip.DataFormatException; +import netscape.security.provider.RSAPublicKey; +//import org.mozilla.jss.pkcs11.PK11ECPublicKey; +import netscape.security.util.BigInt; +import netscape.security.x509.X509CertImpl; + import org.dogtagpki.server.tps.TPSSession; import org.dogtagpki.server.tps.TPSSubsystem; import org.dogtagpki.server.tps.TPSTokenPolicy; @@ -54,6 +59,8 @@ import org.mozilla.jss.pkcs11.PK11PubKey; import org.mozilla.jss.pkcs11.PK11RSAPublicKey; import org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo; +import sun.security.pkcs11.wrapper.PKCS11Constants; + import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.EPropertyNotFound; @@ -61,12 +68,6 @@ import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.tps.token.TokenStatus; import com.netscape.cmsutil.util.Utils; -import netscape.security.provider.RSAPublicKey; -//import org.mozilla.jss.pkcs11.PK11ECPublicKey; -import netscape.security.util.BigInt; -import netscape.security.x509.X509CertImpl; -import sun.security.pkcs11.wrapper.PKCS11Constants; - public class TPSEnrollProcessor extends TPSProcessor { public TPSEnrollProcessor(TPSSession session) { @@ -335,7 +336,7 @@ public class TPSEnrollProcessor extends TPSProcessor { boolean allowMultiTokens = checkAllowMultiActiveTokensUser(isExternalReg); if (allowMultiTokens == false) { - boolean alreadyHasActiveToken = checkUserAlreadyHasActiveToken(userid); + boolean alreadyHasActiveToken = checkUserAlreadyHasOtherActiveToken(userid,cuid); if (alreadyHasActiveToken == true) { //We don't allow the user to have more than one active token, nip it in the bud right now @@ -1050,6 +1051,7 @@ public class TPSEnrollProcessor extends TPSProcessor { CMS.debug(method + ": There are multiple token entries for user " + userid); + //We already know the current token is not active if( checkUserAlreadyHasActiveToken(userid) == false) { isRecover = true; continue; // TODO: or break? @@ -3709,6 +3711,25 @@ public class TPSEnrollProcessor extends TPSProcessor { return result; } + private boolean checkUserAlreadyHasOtherActiveToken(String userid,String cuid) { + boolean result = false; + String method = "TPSEnrollProcessor.checkUserAlreadyHasOtherActiveToken: "; + + TPSSubsystem tps = (TPSSubsystem) CMS.getSubsystem(TPSSubsystem.ID); + try { + tps.tdb.tdbHasOtherActiveToken(userid,cuid); + result = true; + + } catch (Exception e) { + result = false; + } + + CMS.debug(method + " user: " + userid + " has an active token already: not cuid: " + cuid + " : " + result); + + + return result; + } + private boolean checkAllowMultiActiveTokensUser(boolean isExternalReg) { boolean allow = true; |