From a614eb15476adb00df571d3ea05fdd8ea282141d Mon Sep 17 00:00:00 2001
From: Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com>
Date: Fri, 2 Jun 2017 15:40:52 -0700
Subject: Resolve  #1663 Add SCP03 support .

This particular fix resolves a simple issue when formatting a token in FIPS mode for SCP03.
---
 base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java  | 7 ++++---
 base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java | 4 ++++
 2 files changed, 8 insertions(+), 3 deletions(-)

(limited to 'base/tps')

diff --git a/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java b/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java
index 5e5646b40..3b80f2743 100644
--- a/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java
+++ b/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java
@@ -421,10 +421,11 @@ public class SecureChannel {
                 throw new TPSException(method + "Failed to calculate card cryptogram!", TPSStatus.STATUS_ERROR_SECURE_CHANNEL);
             }
 
-            CMS.debug(method + " dumped macSessionKey: " + new TPSBuffer(macSessionKey.getEncoded()).toHexString() );
+            if(cardCryptogram != null)
+                CMS.debug(method + " actual card cryptogram " + cardCryptogram.toHexString());
 
-            CMS.debug(method + " actual card cryptogram " + cardCryptogram.toHexString());
-            CMS.debug(method + " calculated card cryptogram " + calculatedCardCryptogram.toHexString());
+            if(calculatedCardCryptogram != null)
+                CMS.debug(method + " calculated card cryptogram " + calculatedCardCryptogram.toHexString());
 
             ExternalAuthenticateAPDUGP211 externalAuth = new ExternalAuthenticateAPDUGP211(hostCryptogram,
                     /* secLevel */secLevelGP211);
diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
index 0f9691556..e1a574878 100644
--- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
+++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
@@ -957,6 +957,10 @@ public class TPSProcessor {
                 kekSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret,
                         kekSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES);
 
+            CMS.debug(" encSessionKeySCP03 " + encSessionKeySCP03);
+            CMS.debug(" macSessionKeySCP03 " + macSessionKeySCP03);
+            CMS.debug(" kekSessionKeySCP03 " + kekSessionKeySCP03);
+
             channel = new SecureChannel(this, encSessionKeySCP03, macSessionKeySCP03, kekSessionKeySCP03,
                     drmDesKeyBuff, kekDesKeyBuff,
                     keyCheckBuff, keyDiversificationData, cardChallenge,
-- 
cgit