diff options
Diffstat (limited to 'base/tps')
-rw-r--r-- | base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java | 4 | ||||
-rw-r--r-- | base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java | 51 |
2 files changed, 37 insertions, 18 deletions
diff --git a/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java b/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java index fc5472c79..5e5646b40 100644 --- a/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java +++ b/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java @@ -148,8 +148,8 @@ public class SecureChannel { CMS.debug("SecureChannel.SecureChannel: For SCP03. : "); - CMS.debug("kekDesKey: " + kekDesKey.toHexString()); - CMS.debug("keyCheck: " + keyCheck.toHexString()); + if (keyCheck != null) + CMS.debug("keyCheck: " + keyCheck.toHexString()); this.platProtInfo = platformInfo; this.processor = processor; diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java index 0cfac5919..0f9691556 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java @@ -33,6 +33,8 @@ import java.util.List; import java.util.Map; import java.util.Set; +import netscape.security.x509.RevocationReason; + import org.dogtagpki.server.tps.TPSSession; import org.dogtagpki.server.tps.TPSSubsystem; import org.dogtagpki.server.tps.authentication.AuthUIParameter; @@ -100,8 +102,6 @@ import com.netscape.cms.servlet.tks.SecureChannelProtocol; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.symkey.SessionKey; -import netscape.security.x509.RevocationReason; - public class TPSProcessor { public static final int RESULT_NO_ERROR = 0; @@ -923,20 +923,39 @@ public class TPSProcessor { TPSBuffer drmDesKeyBuff = resp.getDRM_Trans_DesKey(); TPSBuffer kekDesKeyBuff = resp.getKekWrappedDesKey(); - CMS.debug(method + " encSessionKeyBuff: " + encSessionKeyBuff.toHexString()); - CMS.debug(method + " kekSessionKeyBuff: " + kekSessionKeyBuff.toHexString()); - CMS.debug(method + " macSessionKeyBuff: " + macSessionKeyBuff.toHexString()); - CMS.debug(method + " hostCryptogramBuff: " + hostCryptogramBuff.toHexString()); - CMS.debug(method + " keyCheckBuff: " + keyCheckBuff.toHexString()); - CMS.debug(method + " drmDessKeyBuff: " + drmDesKeyBuff.toHexString()); - CMS.debug(method + " kekDesKeyBuff: " + kekDesKeyBuff.toHexString()); - - encSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, - encSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); - macSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, - macSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); - kekSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, - kekSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); + if (encSessionKeyBuff != null) + CMS.debug(method + " encSessionKeyBuff: " + encSessionKeyBuff.toHexString()); + + if (kekSessionKeyBuff != null) + CMS.debug(method + " kekSessionKeyBuff: " + kekSessionKeyBuff.toHexString()); + + if (macSessionKeyBuff != null) + CMS.debug(method + " macSessionKeyBuff: " + macSessionKeyBuff.toHexString()); + + if (hostCryptogramBuff != null) + CMS.debug(method + " hostCryptogramBuff: " + hostCryptogramBuff.toHexString()); + + if (keyCheckBuff != null) + CMS.debug(method + " keyCheckBuff: " + keyCheckBuff.toHexString()); + + if (drmDesKeyBuff != null) + CMS.debug(method + " drmDessKeyBuff: " + drmDesKeyBuff.toHexString()); + + if (kekDesKeyBuff != null) + CMS.debug(method + " kekDesKeyBuff: " + kekDesKeyBuff.toHexString()); + + + if (encSessionKeyBuff != null) + encSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, + encSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); + + if (macSessionKeyBuff != null) + macSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, + macSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); + + if (kekSessionKeyBuff != null) + kekSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, + kekSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); channel = new SecureChannel(this, encSessionKeySCP03, macSessionKeySCP03, kekSessionKeySCP03, drmDesKeyBuff, kekDesKeyBuff, |