From 87ffc7a341860f3f1ece434e90e4bc33a02b8155 Mon Sep 17 00:00:00 2001
From: Jack Magne <jmagne@localhost.localdomain>
Date: Thu, 12 Mar 2015 19:08:41 -0700
Subject: NISTSP8000 feature.

Implementation of the nistSP800 dervication feature.
Works for both supported scp01 cards and scp02 cards.
During the various session key and key upgrade functions, the nist dervication code is being called.

Review comments addressed

Cleanup of some input validation on the TKS.
Added some sanity checking on the TPS side for key versions and token cuid's and kdd's.

Final review comments.

Fixed issue with extracting the kdd from the AppletInfo class.

Fixed issue with sending the KDD to the encryptData TKS servlet.

Added requested entries to the CS.cfg .
---
 .../src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java  | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java')

diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
index 5b8560a1d..265ce0491 100644
--- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
+++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
@@ -301,7 +301,7 @@ public class TPSEnrollProcessor extends TPSProcessor {
         CMS.debug("TPSEnrollProcessor.enroll: Finished updating applet if needed.");
 
         //Check and upgrade keys if called for
-        SecureChannel channel = checkAndUpgradeSymKeys();
+        SecureChannel channel = checkAndUpgradeSymKeys(appletInfo,tokenRecord);
         channel.externalAuthenticate();
 
         //Reset the token's pin, create one if we don't have one already
@@ -467,13 +467,13 @@ public class TPSEnrollProcessor extends TPSProcessor {
         pkcs11objx.setFormatVersion(pkcs11objx.getOldFormatVersion());
 
         // Make sure we have a good secure channel before writing out the final objects
-        channel = setupSecureChannel();
+        channel = setupSecureChannel(appletInfo);
 
         statusUpdate(92, "PROGRESS_WRITE_OBJECTS");
 
         writeFinalPKCS11ObjectToToken(pkcs11objx, appletInfo, channel);
         statusUpdate(98, "PROGRESS_ISSUER_INFO");
-        writeIssuerInfoToToken(channel);
+        writeIssuerInfoToToken(channel,appletInfo);
 
         statusUpdate(99, "PROGRESS_SET_LIFECYCLE");
         channel.setLifeycleState((byte) 0x0f);
-- 
cgit