Ticket: TPS throws "err=6" when attempting to format and e : https://fedorahosted.org/pki/ticket/2544
Fix tested on standard card, it does what it is supposed to do. It checks first to make sure the lifecycle state needs to be changed before attempting to do so. This will prevent any cards that return an error when one tries to over write the value with the same value it had before.
From bc03fc3c6f124dfaac33946c6983bde9b106af89 Mon Sep 17 00:00:00 2001 From: Jack Magne <[email protected]> Date: Tue, 15 Nov 2016 17:37:07 -0800 Subject: [PATCH] Change lifecycle at end of enrollment if it is not already set. --- base/common/src/org/dogtagpki/tps/apdu/APDU.java | 3 +- .../org/dogtagpki/tps/apdu/GetLifecycleAPDU.java | 19 ++++++++++ .../server/tps/processor/TPSEnrollProcessor.java | 17 ++++++++- .../server/tps/processor/TPSProcessor.java | 41 ++++++++++++++++++++++ 4 files changed, 78 insertions(+), 2 deletions(-) create mode 100644 base/common/src/org/dogtagpki/tps/apdu/GetLifecycleAPDU.java diff --git a/base/common/src/org/dogtagpki/tps/apdu/APDU.java b/base/common/src/org/dogtagpki/tps/apdu/APDU.java index 86f07ee..390252f 100644 --- a/base/common/src/org/dogtagpki/tps/apdu/APDU.java +++ b/base/common/src/org/dogtagpki/tps/apdu/APDU.java @@ -56,7 +56,8 @@ public abstract class APDU { APDU_IMPORT_KEY_ENC, APDU_SET_ISSUERINFO, APDU_GET_ISSUERINFO, - APDU_GENERATE_KEY_ECC + APDU_GENERATE_KEY_ECC, + APDU_GET_LIFECYCLE } protected byte cla; diff --git a/base/common/src/org/dogtagpki/tps/apdu/GetLifecycleAPDU.java b/base/common/src/org/dogtagpki/tps/apdu/GetLifecycleAPDU.java new file mode 100644 index 0000000..3f82be1 --- /dev/null +++ b/base/common/src/org/dogtagpki/tps/apdu/GetLifecycleAPDU.java @@ -0,0 +1,19 @@ +package org.dogtagpki.tps.apdu; + + +public class GetLifecycleAPDU extends APDU { + public GetLifecycleAPDU() { + setCLA((byte) 0xB0); + setINS((byte) 0xf2); + setP1((byte) 0x0); + setP2((byte) 0x0); + } + + @Override + public Type getType() + { + return Type.APDU_GET_LIFECYCLE; + } + + +} diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java index 31d3eed..1bdcf02 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java @@ -100,6 +100,12 @@ public class TPSEnrollProcessor extends TPSProcessor { AppletInfo appletInfo = null; TokenRecord tokenRecord = null; + + byte lifecycleState = (byte) 0xf0; + + + lifecycleState = getLifecycleState(); + try { appletInfo = getAppletInfo(); auditOpRequest("enroll", appletInfo, "success", null); @@ -542,7 +548,16 @@ public class TPSEnrollProcessor extends TPSProcessor { writeIssuerInfoToToken(channel, appletInfo); statusUpdate(99, "PROGRESS_SET_LIFECYCLE"); - channel.setLifeycleState((byte) 0x0f); + + + + if( lifecycleState != 0x0f) { + channel.setLifeycleState((byte) 0x0f); + } else { + CMS.debug(method + " No need to reset lifecycle state, it is already at the proper value."); + } + + //update the tokendb with new certs CMS.debug(method + " updating tokendb with certs."); try { diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java index 582e3f9..75314b7 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java @@ -60,6 +60,7 @@ import org.dogtagpki.server.tps.mapping.FilterMappingParams; import org.dogtagpki.tps.apdu.APDU; import org.dogtagpki.tps.apdu.APDUResponse; import org.dogtagpki.tps.apdu.GetDataAPDU; +import org.dogtagpki.tps.apdu.GetLifecycleAPDU; import org.dogtagpki.tps.apdu.GetStatusAPDU; import org.dogtagpki.tps.apdu.GetVersionAPDU; import org.dogtagpki.tps.apdu.InitializeUpdateAPDU; @@ -387,6 +388,44 @@ public class TPSProcessor { } + protected byte getLifecycleState() { + + byte resultState = 0xf; + + String method = "TPSProcessor.getLifecycleState:"; + CMS.debug(".getLifecycleState: "); + + GetLifecycleAPDU getLifecycle = new GetLifecycleAPDU(); + + try { + + selectCoolKeyApplet(); + + APDUResponse response = handleAPDURequest(getLifecycle); + + if (!response.checkResult()) { + return resultState; + } + + TPSBuffer result = response.getResultDataNoCode(); + + CMS.debug(method + " result size: " + result.size()); + + if (result.size() >= 1) { + resultState = result.at(0); + + CMS.debug(method + " result: " + resultState); + } + + } catch (TPSException | IOException e) { + CMS.debug(method + " problem getting state: " + e); + } + + return resultState; + + } + + protected TPSBuffer encryptData(AppletInfo appletInfo, TPSBuffer keyInfo, TPSBuffer plaintextChallenge, String connId) throws TPSException { @@ -2983,6 +3022,8 @@ public class TPSProcessor { } } + + protected boolean checkSymmetricKeysEnabled() throws TPSException { boolean result = true; -- 2.5.0
_______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
