From 95e41dc9043a3fbbeea2abd58cca84d1442c0102 Mon Sep 17 00:00:00 2001
From: Christina Fu <cfu@redhat.com>
Date: Sat, 26 Jan 2013 03:39:24 -0800
Subject: Bug 903401 - TMS: RSA token enrollment failed : public key decode
 error

---
 .../src/com/netscape/kra/NetkeyKeygenService.java  | 10 ++++++---
 base/tps/src/processor/RA_Enroll_Processor.cpp     | 24 ++++++++++++++--------
 2 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/base/kra/src/com/netscape/kra/NetkeyKeygenService.java b/base/kra/src/com/netscape/kra/NetkeyKeygenService.java
index f0eec6a26..3acea9ae1 100644
--- a/base/kra/src/com/netscape/kra/NetkeyKeygenService.java
+++ b/base/kra/src/com/netscape/kra/NetkeyKeygenService.java
@@ -486,9 +486,13 @@ public class NetkeyKeygenService implements IService {
                     return false;
                 } else {
                     //CMS.debug("NetkeyKeygenService: public key binary length ="+ publicKeyData.length);
-                    /* url encode */
-                    PubKey = com.netscape.cmsutil.util.Utils.SpecialEncode(publicKeyData);
-                    CMS.debug("NetkeyKeygenService: EC PubKey special encoded");
+                    if (rKeytype.equals("EC")) {
+                        /* url encode */
+                        PubKey = com.netscape.cmsutil.util.Utils.SpecialEncode(publicKeyData);
+                        CMS.debug("NetkeyKeygenService: EC PubKey special encoded");
+                    } else {
+                        PubKey = base64Encode(publicKeyData);
+                    }
 
                     //CMS.debug("NetkeyKeygenService: public key length =" + PubKey.length());
                     request.setExtData("public_key", PubKey);
diff --git a/base/tps/src/processor/RA_Enroll_Processor.cpp b/base/tps/src/processor/RA_Enroll_Processor.cpp
index 6922dc2aa..e4ff38c5e 100644
--- a/base/tps/src/processor/RA_Enroll_Processor.cpp
+++ b/base/tps/src/processor/RA_Enroll_Processor.cpp
@@ -363,19 +363,25 @@ RA_Status RA_Enroll_Processor::DoEnrollment(AuthParams *login, RA_Session *sessi
       SECItem der;
       CERTSubjectPublicKeyInfo* spki = NULL;
                
-      Buffer *decodePubKey = Util::URLDecode(pKey);
-      char *pKey_ascii = NULL;
-      if (decodePubKey != NULL) {
-          pKey_ascii = 
-              BTOA_DataToAscii(decodePubKey->getBuf(), decodePubKey->size());
+      if (isECC) {
+          Buffer *decodePubKey = Util::URLDecode(pKey);
+          char *pKey_ascii = NULL;
+          if (decodePubKey != NULL) {
+              pKey_ascii = 
+                  BTOA_DataToAscii(decodePubKey->getBuf(), decodePubKey->size());
             
+          } else {
+              PR_snprintf(audit_msg, 512, "ServerSideKeyGen: failed to URL decode public key");
+            goto loser;
+          }
+
+          der.type = (SECItemType) 0; /* initialize it, since convertAsciiToItem does not set it */
+          rv = ATOB_ConvertAsciiToItem (&der, pKey_ascii);
       } else {
-          PR_snprintf(audit_msg, 512, "ServerSideKeyGen: failed to URL decode public key");
-        goto loser;
+          der.type = (SECItemType) 0; /* initialize it, since convertAsciiToItem does not set it */
+          rv = ATOB_ConvertAsciiToItem (&der, pKey);
       }
 
-      der.type = (SECItemType) 0; /* initialize it, since convertAsciiToItem does not set it */
-      rv = ATOB_ConvertAsciiToItem (&der, pKey_ascii);
       if (rv != SECSuccess){
         RA::Debug(LL_PER_CONNECTION,FN,
           "failed to convert b64 public key to binary");
-- 
cgit