From 41f7377308d59e574b87b75d842b49d37b323fe3 Mon Sep 17 00:00:00 2001
From: cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>
Date: Mon, 4 Oct 2010 16:55:18 +0000
Subject: Bug 504061 - ECC: unable to install subsystems (sub-CA, DRM, TKS,
 etc.) for an ECC CA (installation and starting ONLY.  Run time issues are
 filed as separate bugs)

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1330 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
---
 pki/base/ca/shared/webapps/ca/WEB-INF/web.xml      |  2 +-
 .../netscape/cms/servlet/csadmin/SizePanel.java    | 22 ++++++++++++----------
 pki/base/kra/shared/webapps/kra/WEB-INF/web.xml    |  2 +-
 .../kra/src/com/netscape/kra/TransportKeyUnit.java |  5 +++--
 pki/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml  |  2 +-
 pki/base/tks/shared/webapps/tks/WEB-INF/web.xml    |  2 +-
 6 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/pki/base/ca/shared/webapps/ca/WEB-INF/web.xml b/pki/base/ca/shared/webapps/ca/WEB-INF/web.xml
index f26518c49..71d0e7715 100644
--- a/pki/base/ca/shared/webapps/ca/WEB-INF/web.xml
+++ b/pki/base/ca/shared/webapps/ca/WEB-INF/web.xml
@@ -61,7 +61,7 @@
         </init-param>
         <init-param>
             <param-name>panels</param-name>
-            <param-value>welcome=com.netscape.cms.servlet.csadmin.WelcomePanel,securitydomain=com.netscape.cms.servlet.csadmin.SecurityDomainPanel,securitydomain=com.netscape.cms.servlet.csadmin.DisplayCertChainPanel,subsystem=com.netscape.cms.servlet.csadmin.CreateSubsystemPanel,clone=com.netscape.cms.servlet.csadmin.DisplayCertChainPanel,restorekeys=com.netscape.cms.servlet.csadmin.RestoreKeyCertPanel,cahierarchy=com.netscape.cms.servlet.csadmin.HierarchyPanel,database=com.netscape.cms.servlet.csadmin.DatabasePanel,module=com.netscape.cms.servlet.csadmin.ModulePanel,confighsmlogin=com.netscape.cms.servlet.csadmin.ConfigHSMLoginPanel,size=com.netscape.cms.servlet.csadmin.SizePanel,subjectname=com.netscape.cms.servlet.csadmin.NamePanel,certrequest=com.netscape.cms.servlet.csadmin.CertRequestPanel,backupkeys=com.netscape.cms.servlet.csadmin.BackupKeyCertPanel,savepk12=com.netscape.cms.servlet.csadmin.SavePKCS12Panel,importcachain=com.netscape.cms.servlet.csadmin.ImportCAChainPanel,admin=com.netscape.cms.servlet.csadmin.AdminPanel,importadmincert=com.netscape.cms.servlet.csadmin.ImportAdminCertPanel,done=com.netscape.cms.servlet.csadmin.DonePanel</param-value>
+            <param-value>welcome=com.netscape.cms.servlet.csadmin.WelcomePanel,module=com.netscape.cms.servlet.csadmin.ModulePanel,confighsmlogin=com.netscape.cms.servlet.csadmin.ConfigHSMLoginPanel,securitydomain=com.netscape.cms.servlet.csadmin.SecurityDomainPanel,securitydomain=com.netscape.cms.servlet.csadmin.DisplayCertChainPanel,subsystem=com.netscape.cms.servlet.csadmin.CreateSubsystemPanel,clone=com.netscape.cms.servlet.csadmin.DisplayCertChainPanel,restorekeys=com.netscape.cms.servlet.csadmin.RestoreKeyCertPanel,cahierarchy=com.netscape.cms.servlet.csadmin.HierarchyPanel,database=com.netscape.cms.servlet.csadmin.DatabasePanel,size=com.netscape.cms.servlet.csadmin.SizePanel,subjectname=com.netscape.cms.servlet.csadmin.NamePanel,certrequest=com.netscape.cms.servlet.csadmin.CertRequestPanel,backupkeys=com.netscape.cms.servlet.csadmin.BackupKeyCertPanel,savepk12=com.netscape.cms.servlet.csadmin.SavePKCS12Panel,importcachain=com.netscape.cms.servlet.csadmin.ImportCAChainPanel,admin=com.netscape.cms.servlet.csadmin.AdminPanel,importadmincert=com.netscape.cms.servlet.csadmin.ImportAdminCertPanel,done=com.netscape.cms.servlet.csadmin.DonePanel</param-value>
         </init-param>
     </servlet>
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
index d7670cd9b..0f9ef3007 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
@@ -496,24 +496,26 @@ public class SizePanel extends WizardPanelBase {
         } catch (Exception e1) {
         }
 
-        if (systemType.equals("OCSP")) {
-          if (ct.equals("signing")) {
-             config.putString("ocsp.signing.defaultSigningAlgorithm",
-                           keyAlgo);
-           }
-        }
-
-        if (systemType.equals("CA")) {
+        if (systemType.equalsIgnoreCase("CA")) {
           if (ct.equals("signing")) {
             config.putString("ca.signing.defaultSigningAlgorithm",
                            keyAlgo);
             config.putString("ca.crl.MasterCRL.signingAlgorithm",
                            keyAlgo);
-          }
-          if (ct.equals("ocsp_signing")) {
+          } else if (ct.equals("ocsp_signing")) {
             config.putString("ca.ocsp_signing.defaultSigningAlgorithm",
                            keyAlgo);
           }
+        } else if (systemType.equalsIgnoreCase("OCSP")) {
+          if (ct.equals("signing")) {
+             config.putString("ocsp.signing.defaultSigningAlgorithm",
+                           keyAlgo);
+           }
+        } else if (systemType.equalsIgnoreCase("KRA") ||
+               systemType.equalsIgnoreCase("DRM")) {
+           if (ct.equals("transport")) {
+                config.putString("kra.transportUnit.signingAlgorithm", keyAlgo);
+           }
         }
 
     }
diff --git a/pki/base/kra/shared/webapps/kra/WEB-INF/web.xml b/pki/base/kra/shared/webapps/kra/WEB-INF/web.xml
index 3ac470aa1..7f4d72c32 100644
--- a/pki/base/kra/shared/webapps/kra/WEB-INF/web.xml
+++ b/pki/base/kra/shared/webapps/kra/WEB-INF/web.xml
@@ -52,7 +52,7 @@
         </init-param>
         <init-param>
             <param-name>panels</param-name>
-            <param-value>welcome=com.netscape.cms.servlet.csadmin.WelcomePanel,securitydomain=com.netscape.cms.servlet.csadmin.SecurityDomainPanel,securitydomain=com.netscape.cms.servlet.csadmin.DisplayCertChainPanel,subsystem=com.netscape.cms.servlet.csadmin.CreateSubsystemPanel,restorekeys=com.netscape.cms.servlet.csadmin.RestoreKeyCertPanel,databasepanel=com.netscape.cms.servlet.csadmin.DatabasePanel,modulepanel=com.netscape.cms.servlet.csadmin.ModulePanel,config_hsmloginpanel=com.netscape.cms.servlet.csadmin.ConfigHSMLoginPanel,sizepanel=com.netscape.cms.servlet.csadmin.SizePanel,namepanel=com.netscape.cms.servlet.csadmin.NamePanel,certrequestpanel=com.netscape.cms.servlet.csadmin.CertRequestPanel,backupkeys=com.netscape.cms.servlet.csadmin.BackupKeyCertPanel,savepk12=com.netscape.cms.servlet.csadmin.SavePKCS12Panel,adminpanel=com.netscape.cms.servlet.csadmin.AdminPanel,importadmincertpanel=com.netscape.cms.servlet.csadmin.ImportAdminCertPanel,donepanel=com.netscape.cms.servlet.csadmin.DonePanel</param-value>
+            <param-value>welcome=com.netscape.cms.servlet.csadmin.WelcomePanel,module=com.netscape.cms.servlet.csadmin.ModulePanel,confighsmlogin=com.netscape.cms.servlet.csadmin.ConfigHSMLoginPanel,securitydomain=com.netscape.cms.servlet.csadmin.SecurityDomainPanel,securitydomain=com.netscape.cms.servlet.csadmin.DisplayCertChainPanel,subsystem=com.netscape.cms.servlet.csadmin.CreateSubsystemPanel,restorekeys=com.netscape.cms.servlet.csadmin.RestoreKeyCertPanel,databasepanel=com.netscape.cms.servlet.csadmin.DatabasePanel,sizepanel=com.netscape.cms.servlet.csadmin.SizePanel,namepanel=com.netscape.cms.servlet.csadmin.NamePanel,certrequestpanel=com.netscape.cms.servlet.csadmin.CertRequestPanel,backupkeys=com.netscape.cms.servlet.csadmin.BackupKeyCertPanel,savepk12=com.netscape.cms.servlet.csadmin.SavePKCS12Panel,adminpanel=com.netscape.cms.servlet.csadmin.AdminPanel,importadmincertpanel=com.netscape.cms.servlet.csadmin.ImportAdminCertPanel,donepanel=com.netscape.cms.servlet.csadmin.DonePanel</param-value>
         </init-param>
     </servlet>
 
diff --git a/pki/base/kra/src/com/netscape/kra/TransportKeyUnit.java b/pki/base/kra/src/com/netscape/kra/TransportKeyUnit.java
index 4fc65fcea..e7e0e9f64 100644
--- a/pki/base/kra/src/com/netscape/kra/TransportKeyUnit.java
+++ b/pki/base/kra/src/com/netscape/kra/TransportKeyUnit.java
@@ -38,6 +38,7 @@ import org.mozilla.jss.util.*;
 import org.mozilla.jss.crypto.*;
 import org.mozilla.jss.*;
 import org.mozilla.jss.crypto.PrivateKey;
+import com.netscape.cmsutil.util.Cert;
 
 
 /**
@@ -96,11 +97,11 @@ public class TransportKeyUnit extends EncryptionUnit implements
         try {
             mManager = CryptoManager.getInstance();
             mCert = mManager.findCertByNickname(getNickName());
+            String algo = config.getString("signingAlgorithm", "SHA256withRSA");
 
             // #613795 - initialize this; otherwise JSS is not happy
             CryptoToken token = getToken(); 
-            SignatureAlgorithm sigalg = 
-              SignatureAlgorithm.RSASignatureWithMD5Digest;
+            SignatureAlgorithm sigalg = Cert.mapAlgorithmToJss(algo);
             Signature signer = token.getSignatureContext(sigalg); 
             signer.initSign(getPrivateKey());
            
diff --git a/pki/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml b/pki/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml
index 7a55f92b6..bf1f61df2 100644
--- a/pki/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml
+++ b/pki/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml
@@ -56,7 +56,7 @@
         </init-param>
         <init-param>
             <param-name>panels</param-name>
-            <param-value>welcome=com.netscape.cms.servlet.csadmin.WelcomePanel,securitydomain=com.netscape.cms.servlet.csadmin.SecurityDomainPanel,securitydomain=com.netscape.cms.servlet.csadmin.DisplayCertChainPanel,subsystem=com.netscape.cms.servlet.csadmin.CreateSubsystemPanel,restorekeys=com.netscape.cms.servlet.csadmin.RestoreKeyCertPanel,databasepanel=com.netscape.cms.servlet.csadmin.DatabasePanel,modulepanel=com.netscape.cms.servlet.csadmin.ModulePanel,config_hsmloginpanel=com.netscape.cms.servlet.csadmin.ConfigHSMLoginPanel,sizepanel=com.netscape.cms.servlet.csadmin.SizePanel,namepanel=com.netscape.cms.servlet.csadmin.NamePanel,certrequestpanel=com.netscape.cms.servlet.csadmin.CertRequestPanel,backupkeys=com.netscape.cms.servlet.csadmin.BackupKeyCertPanel,savepk12=com.netscape.cms.servlet.csadmin.SavePKCS12Panel,adminpanel=com.netscape.cms.servlet.csadmin.AdminPanel,importadmincertpanel=com.netscape.cms.servlet.csadmin.ImportAdminCertPanel,donepanel=com.netscape.cms.servlet.csadmin.DonePanel</param-value>
+            <param-value>welcome=com.netscape.cms.servlet.csadmin.WelcomePanel,module=com.netscape.cms.servlet.csadmin.ModulePanel,confighsmlogin=com.netscape.cms.servlet.csadmin.ConfigHSMLoginPanel,securitydomain=com.netscape.cms.servlet.csadmin.SecurityDomainPanel,securitydomain=com.netscape.cms.servlet.csadmin.DisplayCertChainPanel,subsystem=com.netscape.cms.servlet.csadmin.CreateSubsystemPanel,restorekeys=com.netscape.cms.servlet.csadmin.RestoreKeyCertPanel,databasepanel=com.netscape.cms.servlet.csadmin.DatabasePanel,sizepanel=com.netscape.cms.servlet.csadmin.SizePanel,namepanel=com.netscape.cms.servlet.csadmin.NamePanel,certrequestpanel=com.netscape.cms.servlet.csadmin.CertRequestPanel,backupkeys=com.netscape.cms.servlet.csadmin.BackupKeyCertPanel,savepk12=com.netscape.cms.servlet.csadmin.SavePKCS12Panel,adminpanel=com.netscape.cms.servlet.csadmin.AdminPanel,importadmincertpanel=com.netscape.cms.servlet.csadmin.ImportAdminCertPanel,donepanel=com.netscape.cms.servlet.csadmin.DonePanel</param-value>
         </init-param>
     </servlet>
 
diff --git a/pki/base/tks/shared/webapps/tks/WEB-INF/web.xml b/pki/base/tks/shared/webapps/tks/WEB-INF/web.xml
index d35e1eb04..28ec73f8e 100644
--- a/pki/base/tks/shared/webapps/tks/WEB-INF/web.xml
+++ b/pki/base/tks/shared/webapps/tks/WEB-INF/web.xml
@@ -56,7 +56,7 @@
         </init-param>
         <init-param>
             <param-name>panels</param-name>
-            <param-value>welcome=com.netscape.cms.servlet.csadmin.WelcomePanel,securitydomain=com.netscape.cms.servlet.csadmin.SecurityDomainPanel,securitydomain=com.netscape.cms.servlet.csadmin.DisplayCertChainPanel,subsystem=com.netscape.cms.servlet.csadmin.CreateSubsystemPanel,restorekeys=com.netscape.cms.servlet.csadmin.RestoreKeyCertPanel,databasepanel=com.netscape.cms.servlet.csadmin.DatabasePanel,modulepanel=com.netscape.cms.servlet.csadmin.ModulePanel,config_hsmloginpanel=com.netscape.cms.servlet.csadmin.ConfigHSMLoginPanel,sizepanel=com.netscape.cms.servlet.csadmin.SizePanel,namepanel=com.netscape.cms.servlet.csadmin.NamePanel,certrequestpanel=com.netscape.cms.servlet.csadmin.CertRequestPanel,backupkeys=com.netscape.cms.servlet.csadmin.BackupKeyCertPanel,savepk12=com.netscape.cms.servlet.csadmin.SavePKCS12Panel,adminpanel=com.netscape.cms.servlet.csadmin.AdminPanel,importadmincertpanel=com.netscape.cms.servlet.csadmin.ImportAdminCertPanel,donepanel=com.netscape.cms.servlet.csadmin.DonePanel</param-value>
+            <param-value>welcome=com.netscape.cms.servlet.csadmin.WelcomePanel,module=com.netscape.cms.servlet.csadmin.ModulePanel,confighsmlogin=com.netscape.cms.servlet.csadmin.ConfigHSMLoginPanel,securitydomain=com.netscape.cms.servlet.csadmin.SecurityDomainPanel,securitydomain=com.netscape.cms.servlet.csadmin.DisplayCertChainPanel,subsystem=com.netscape.cms.servlet.csadmin.CreateSubsystemPanel,restorekeys=com.netscape.cms.servlet.csadmin.RestoreKeyCertPanel,databasepanel=com.netscape.cms.servlet.csadmin.DatabasePanel,sizepanel=com.netscape.cms.servlet.csadmin.SizePanel,namepanel=com.netscape.cms.servlet.csadmin.NamePanel,certrequestpanel=com.netscape.cms.servlet.csadmin.CertRequestPanel,backupkeys=com.netscape.cms.servlet.csadmin.BackupKeyCertPanel,savepk12=com.netscape.cms.servlet.csadmin.SavePKCS12Panel,adminpanel=com.netscape.cms.servlet.csadmin.AdminPanel,importadmincertpanel=com.netscape.cms.servlet.csadmin.ImportAdminCertPanel,donepanel=com.netscape.cms.servlet.csadmin.DonePanel</param-value>
         </init-param>
     </servlet>
 
-- 
cgit