From 87c92d0d2e170e0c7a6c307fcf98c8b7a0438dda Mon Sep 17 00:00:00 2001
From: Andrew Wnuk <awnuk@redhat.com>
Date: Tue, 24 Jul 2012 11:44:32 -0700
Subject: elimination of CA crash

This patch eliminates CA crash caused by default Android browser.

Bug: 819123.
---
 .../com/netscape/cms/profile/input/CMCCertReqInput.java  |  5 +++++
 .../src/com/netscape/cms/profile/input/CertReqInput.java |  5 +++++
 .../com/netscape/cms/profile/input/DualKeyGenInput.java  |  5 +++++
 .../cms/profile/input/EncryptionKeyGenInput.java         |  5 +++++
 .../src/com/netscape/cms/profile/input/KeyGenInput.java  |  5 +++++
 .../netscape/cms/profile/input/SigningKeyGenInput.java   |  5 +++++
 .../ca-ui/shared/webapps/ca/ee/ca/ProfileSelect.template | 16 ++++++++--------
 7 files changed, 38 insertions(+), 8 deletions(-)

diff --git a/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java b/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java
index 4c368c03e..d2a2fc718 100644
--- a/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java
+++ b/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java
@@ -96,6 +96,11 @@ public class CMCCertReqInput extends EnrollInput implements IProfileInput {
         X509CertInfo info =
             request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
 
+        if (cert_request == null) {
+            CMS.debug("CMCCertReqInput: populate - invalid certificate request");
+            throw new EProfileException(CMS.getUserMessage(
+                        getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+        }
         TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request);
 
         if (msgs == null) {
diff --git a/base/common/src/com/netscape/cms/profile/input/CertReqInput.java b/base/common/src/com/netscape/cms/profile/input/CertReqInput.java
index 565b7795e..958845335 100644
--- a/base/common/src/com/netscape/cms/profile/input/CertReqInput.java
+++ b/base/common/src/com/netscape/cms/profile/input/CertReqInput.java
@@ -106,6 +106,11 @@ public class CertReqInput extends EnrollInput implements IProfileInput {
                         "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", 
                         ""));
         }
+        if (cert_request == null) {
+            CMS.debug("CertReqInput: populate - invalid certificate request");
+            throw new EProfileException(CMS.getUserMessage(
+                        getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+        }
 
         if (cert_request_type.equals(EnrollProfile.REQ_TYPE_PKCS10)) {
             PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), cert_request);
diff --git a/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java b/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java
index dfb7be887..178977f86 100644
--- a/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java
+++ b/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java
@@ -105,6 +105,11 @@ public class DualKeyGenInput extends EnrollInput implements IProfileInput {
                         "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
                         ""));
         }
+        if (keygen_request == null) {
+            CMS.debug("DualKeyGenInput: populate - invalid certificate request");
+            throw new EProfileException(CMS.getUserMessage(
+                        getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+        }
         if (keygen_request_type.startsWith("pkcs10")) {
             PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request);
 
diff --git a/base/common/src/com/netscape/cms/profile/input/EncryptionKeyGenInput.java b/base/common/src/com/netscape/cms/profile/input/EncryptionKeyGenInput.java
index 4fb7ae863..b70a800d5 100644
--- a/base/common/src/com/netscape/cms/profile/input/EncryptionKeyGenInput.java
+++ b/base/common/src/com/netscape/cms/profile/input/EncryptionKeyGenInput.java
@@ -107,6 +107,11 @@ public class EncryptionKeyGenInput extends EnrollInput implements IProfileInput
                         "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
                         ""));
         }
+        if (keygen_request == null) {
+            CMS.debug("EncryptionKeyGenInput: populate - invalid certificate request");
+            throw new EProfileException(CMS.getUserMessage(
+                        getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+        }
         if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) {
             PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request);
 
diff --git a/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java b/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java
index cc8f9a70d..abf5d334f 100644
--- a/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java
+++ b/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java
@@ -107,6 +107,11 @@ public class KeyGenInput extends EnrollInput implements IProfileInput {
                         "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
                         ""));
         }
+        if (keygen_request == null) {
+            CMS.debug("KeyGenInput: populate - invalid certificate request");
+            throw new EProfileException(CMS.getUserMessage(
+                        getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+        }
         if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) {
             PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request);
 
diff --git a/base/common/src/com/netscape/cms/profile/input/SigningKeyGenInput.java b/base/common/src/com/netscape/cms/profile/input/SigningKeyGenInput.java
index 93aaa11b9..5a35bd0ab 100644
--- a/base/common/src/com/netscape/cms/profile/input/SigningKeyGenInput.java
+++ b/base/common/src/com/netscape/cms/profile/input/SigningKeyGenInput.java
@@ -107,6 +107,11 @@ public class SigningKeyGenInput extends EnrollInput implements IProfileInput {
                         "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
                         ""));
         }
+        if (keygen_request == null) {
+            CMS.debug("SigningKeyGenInput: populate - invalid certificate request");
+            throw new EProfileException(CMS.getUserMessage(
+                        getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+        }
         if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) {
             PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request);
 
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSelect.template b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSelect.template
index 0e3ded046..2f1fad14d 100644
--- a/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSelect.template
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSelect.template
@@ -212,7 +212,7 @@ function validate()
           keyTransportCert = transportCert;
         }
         // generate keys for nsm.
-        if (typeof(crypto.version) != "undefined") {
+        if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") {
             var encKeyType = "rsa-ex";
             var signKeyType = "rsa-sign";
             var dualKeyType = "rsa-dual-use";
@@ -304,7 +304,7 @@ function setCRMFRequest()
   var uri = 'profileSubmit';
   if (typeof(authName) != "undefined") {
     if (authIsSSLClientRequired == 'true') {
-      uri = 'https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_CLIENT_AUTH_PORT_UI]/[PKI_SUBSYSTEM_TYPE]/eeca/[PKI_SUBSYSTEM_TYPE]/profileSubmitSSLClient';
+      uri = 'https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_CLIENT_AUTH_PORT]/[PKI_SUBSYSTEM_TYPE]/eeca/[PKI_SUBSYSTEM_TYPE]/profileSubmitSSLClient';
     }
   }
   if (navigator.appName == "Microsoft Internet Explorer") {
@@ -314,7 +314,7 @@ function setCRMFRequest()
       document.writeln("<OBJECT classid='clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1' CODEBASE='/xenroll.dll' id='Enroll'></OBJECT>");
     }
     document.writeln('<form name="ReqForm" onSubmit="if (checkRequest()) {return true;} else {window.location.reload(); return false;}" method="post" action="' + uri + '">');
-  } else if (typeof(crypto.version) != "undefined") {
+  } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") {
     document.writeln('<form name="ReqForm" onSubmit="return validate();" method="post" action="' + uri + '">');
   } else {
     document.writeln('<form name="ReqForm" method="post" action="' + uri + '">');
@@ -588,7 +588,7 @@ for (var m = 0; m < inputPluginListSet.length; m++) {
     } else if (inputListSet[n].inputSyntax == 'dual_keygen_request') {
       if (navigator.appName == "Microsoft Internet Explorer") { 
         document.writeln('<input type=hidden name=' + inputListSet[n].inputId + '>');
-      } else if (typeof(crypto.version) != "undefined") {
+      } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") {
         document.write('<SELECT NAME="encKeyParam">'+keyLengthsCurvesOptions("encryption")+'</SELECT>');
         document.write('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;');
         document.write(keyTypeOptions("encryption")+'&nbsp;&nbsp;(Encryption),&nbsp;&nbsp;</FONT>');
@@ -606,7 +606,7 @@ for (var m = 0; m < inputPluginListSet.length; m++) {
       if (navigator.appName == "Microsoft Internet Explorer") { 
         document.writeln('<input type=hidden name=' + inputListSet[n].inputId + '>');
         document.writeln('<SELECT NAME="keyLength">'+keyLengthsCurvesOptions("")+'</SELECT>&nbsp;&nbsp;<SELECT NAME=\"cryptprovider\"></SELECT>');
-      } else if (typeof(crypto.version) != "undefined") {
+      } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") {
         document.write('<SELECT NAME="keyParam">'+keyLengthsCurvesOptions("")+'</SELECT>');
         document.write('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
         document.write('&nbsp;&nbsp;&nbsp;'+keyTypeOptions("")+'&nbsp;&nbsp;');
@@ -627,7 +627,7 @@ for (var m = 0; m < inputPluginListSet.length; m++) {
       keygen_request = 'true';
       if (navigator.appName == "Microsoft Internet Explorer") {
         document.writeln('Not Supported<input type=hidden name=' + inputListSet[n].inputId + ' value=>');
-      } else if (typeof(crypto.version) != "undefined") {
+      } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") {
         document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">crmf</FONT><input type=hidden name=' + inputListSet[n].inputId + ' value=crmf>');
       } else {
         document.writeln('Not Supported<input type=hidden name=' + inputListSet[n].inputId + ' value=>');
@@ -638,7 +638,7 @@ for (var m = 0; m < inputPluginListSet.length; m++) {
       keygen_request = 'true';
       if (navigator.appName == "Microsoft Internet Explorer") {
         document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">pkcs10</FONT><input type=hidden name=' + inputListSet[n].inputId + ' value=pkcs10>');
-      } else if (typeof(crypto.version) != "undefined") {
+      } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") {
         document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">crmf</FONT><input type=hidden name=' + inputListSet[n].inputId + ' value=crmf>');
       } else {
         document.writeln('keygen<input type=hidden name=' + inputListSet[n].inputId + ' value=keygen>');
@@ -670,7 +670,7 @@ if (errorCode == 0) {
     } else {
       document.writeln('<input type=submit value="Submit">');
     }
-  } else if (typeof(crypto.version) != "undefined") {
+  } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") {
     document.writeln('<input type=submit value="Submit">');
   } else {
     document.writeln('<input type=submit value="Submit">');
-- 
cgit