The internal token short name literals have been replaced with CryptoUtil.INTERNAL_TOKEN_NAME.
https://fedorahosted.org/pki/ticket/2556 Pushed to master under trivial rule. -- Endi S. Dewata
>From 49dbe641d3f1fd8fe4d8c141a93b7533eea1b70f Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <[email protected]> Date: Sat, 21 Jan 2017 02:02:10 +0100 Subject: [PATCH] Replaced internal token short name literals. The internal token short name literals have been replaced with CryptoUtil.INTERNAL_TOKEN_NAME. https://fedorahosted.org/pki/ticket/2556 --- .../netscape/admin/certsrv/config/CACertsTab.java | 44 +++++++++++++----- .../admin/certsrv/config/WBaseKeyPage.java | 21 +++++---- .../certsrv/config/install/WICACert1Page.java | 22 +++++---- .../config/install/WILDAPPublishingPage.java | 25 +++++++--- .../netscape/admin/certsrv/keycert/WKeyPage.java | 53 +++++++++++++++------- .../admin/certsrv/keycert/WTokenLogonPage.java | 27 ++++++++--- .../security/CertRequestSelectTokenPane.java | 36 +++++++++++---- .../src/com/netscape/cmstools/CMCEnroll.java | 13 +++--- .../src/com/netscape/cmstools/TestCRLSigning.java | 14 +++--- .../src/com/netscape/cmstools/cli/MainCLI.java | 5 +- .../src/com/netscape/kra/KeyRecoveryAuthority.java | 4 +- base/kra/src/com/netscape/kra/RecoveryService.java | 17 +++---- .../com/netscape/cms/authentication/CMCAuth.java | 28 ++++++------ .../netscape/cms/profile/common/EnrollProfile.java | 13 +++--- .../netscape/cms/profile/input/EnrollInput.java | 5 +- .../cms/publish/publishers/OCSPPublisher.java | 2 +- .../com/netscape/cms/servlet/csadmin/CertUtil.java | 2 +- .../cms/servlet/csadmin/ConfigurationUtils.java | 14 +++--- .../cms/servlet/csadmin/GetSubsystemCert.java | 2 +- .../cms/servlet/csadmin/UpdateOCSPConfig.java | 2 +- .../netscape/cms/servlet/ocsp/AddCRLServlet.java | 13 +++--- .../cms/servlet/tks/SecureChannelProtocol.java | 8 ++-- .../com/netscape/cms/servlet/tks/TokenServlet.java | 18 ++++---- .../src/org/dogtagpki/server/tps/TPSSubsystem.java | 2 +- .../server/tps/processor/TPSProcessor.java | 2 +- .../server/tps/rest/TPSInstallerService.java | 2 +- .../cmsutil/password/NuxwdogPasswordStore.java | 3 +- 27 files changed, 252 insertions(+), 145 deletions(-) diff --git a/base/console/src/com/netscape/admin/certsrv/config/CACertsTab.java b/base/console/src/com/netscape/admin/certsrv/config/CACertsTab.java index 4cbc2edbbf0b82b1c757bf4a1730de50ad019dca..02f4a591a9c2241e15fbad933dccc28c1f250549 100644 --- a/base/console/src/com/netscape/admin/certsrv/config/CACertsTab.java +++ b/base/console/src/com/netscape/admin/certsrv/config/CACertsTab.java @@ -17,18 +17,38 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.admin.certsrv.config; -import com.netscape.admin.certsrv.*; -import com.netscape.admin.certsrv.connection.*; -import com.netscape.admin.certsrv.ug.*; -import javax.swing.*; -import java.awt.event.*; -import java.awt.*; -import java.util.*; +import java.awt.Color; +import java.awt.GridBagConstraints; +import java.awt.GridBagLayout; +import java.awt.event.ActionEvent; +import java.awt.event.MouseEvent; +import java.util.Vector; -import com.netscape.management.client.util.*; -import com.netscape.management.client.console.*; -import com.netscape.certsrv.common.*; -import com.netscape.admin.certsrv.keycert.*; +import javax.swing.JButton; +import javax.swing.JLabel; +import javax.swing.JOptionPane; +import javax.swing.JPanel; +import javax.swing.JScrollPane; +import javax.swing.JTable; +import javax.swing.ListSelectionModel; + +import com.netscape.admin.certsrv.CMSAdminUtil; +import com.netscape.admin.certsrv.CMSBaseResourceModel; +import com.netscape.admin.certsrv.EAdminException; +import com.netscape.admin.certsrv.LabelCellRenderer; +import com.netscape.admin.certsrv.connection.AdminConnection; +import com.netscape.admin.certsrv.keycert.CertSetupWizard; +import com.netscape.admin.certsrv.keycert.CertSetupWizardInfo; +import com.netscape.admin.certsrv.ug.CMSBaseUGTab; +import com.netscape.admin.certsrv.ug.CertViewDialog; +import com.netscape.certsrv.common.Constants; +import com.netscape.certsrv.common.DestDef; +import com.netscape.certsrv.common.NameValuePairs; +import com.netscape.certsrv.common.ScopeDef; +import com.netscape.cmsutil.crypto.CryptoUtil; +import com.netscape.management.client.console.ConsoleInfo; +import com.netscape.management.client.util.Debug; +import com.netscape.management.client.util.JButtonFactory; /** * CA certs Tab @@ -356,7 +376,7 @@ public class CACertsTab extends CMSBaseUGTab { if (colonindex != -1) v.addElement(nickname.substring(0, colonindex)); else - v.addElement("internal"); + v.addElement(CryptoUtil.INTERNAL_TOKEN_NAME); mDataModel.addRow(v); } } diff --git a/base/console/src/com/netscape/admin/certsrv/config/WBaseKeyPage.java b/base/console/src/com/netscape/admin/certsrv/config/WBaseKeyPage.java index cd5ebfc2571e8b43e76e7af16009726ed1e86b1e..b77ad6a23577636e1b5a878fcee6c6a5621608dd 100644 --- a/base/console/src/com/netscape/admin/certsrv/config/WBaseKeyPage.java +++ b/base/console/src/com/netscape/admin/certsrv/config/WBaseKeyPage.java @@ -17,13 +17,18 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.admin.certsrv.config; -import java.awt.*; -import javax.swing.*; -import javax.swing.event.*; -import com.netscape.admin.certsrv.*; -import com.netscape.admin.certsrv.connection.*; -import com.netscape.admin.certsrv.wizard.*; -import com.netscape.certsrv.common.*; +import java.awt.GridBagConstraints; +import java.awt.GridBagLayout; +import java.awt.Insets; + +import javax.swing.JComboBox; +import javax.swing.JLabel; +import javax.swing.JPanel; +import javax.swing.JTextArea; +import javax.swing.JTextField; + +import com.netscape.admin.certsrv.CMSAdminUtil; +import com.netscape.admin.certsrv.wizard.WizardBasePanel; /** * Setup CA signing cert for installation wizard. @@ -82,7 +87,7 @@ public class WBaseKeyPage extends WizardBasePanel { add(tokenLbl, gbc); mTokenBox = new JComboBox(); - mTokenBox.addItem("internal"); + mTokenBox.addItem(CryptoUtil.INTERNAL_TOKEN_NAME); CMSAdminUtil.resetGBC(gbc); gbc.anchor = gbc.NORTHWEST; gbc.insets = new Insets(COMPONENT_SPACE,0, diff --git a/base/console/src/com/netscape/admin/certsrv/config/install/WICACert1Page.java b/base/console/src/com/netscape/admin/certsrv/config/install/WICACert1Page.java index 8b511ced5192683aac15a675c6872932d1a215df..59ecfe5d26f7099917bcd9cdebe6982378a584be 100644 --- a/base/console/src/com/netscape/admin/certsrv/config/install/WICACert1Page.java +++ b/base/console/src/com/netscape/admin/certsrv/config/install/WICACert1Page.java @@ -17,13 +17,19 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.admin.certsrv.config.install; -import java.awt.*; -import javax.swing.*; -import javax.swing.event.*; -import com.netscape.admin.certsrv.*; -import com.netscape.admin.certsrv.connection.*; -import com.netscape.admin.certsrv.wizard.*; -import com.netscape.certsrv.common.*; +import java.awt.GridBagConstraints; +import java.awt.GridBagLayout; +import java.awt.Insets; + +import javax.swing.JComboBox; +import javax.swing.JLabel; +import javax.swing.JPanel; +import javax.swing.JTextArea; + +import com.netscape.admin.certsrv.CMSAdminUtil; +import com.netscape.admin.certsrv.wizard.IWizardPanel; +import com.netscape.admin.certsrv.wizard.WizardBasePanel; +import com.netscape.admin.certsrv.wizard.WizardInfo; /** * Setup CA signing cert for installation wizard. @@ -106,7 +112,7 @@ class WICACert1Page extends WizardBasePanel implements IWizardPanel { add(tokenLbl, gbc); mTokenBox = new JComboBox(); - mTokenBox.addItem("internal"); + mTokenBox.addItem(CryptoUtil.INTERNAL_TOKEN_NAME); CMSAdminUtil.resetGBC(gbc); gbc.anchor = gbc.NORTHWEST; gbc.insets = new Insets(COMPONENT_SPACE,0, diff --git a/base/console/src/com/netscape/admin/certsrv/config/install/WILDAPPublishingPage.java b/base/console/src/com/netscape/admin/certsrv/config/install/WILDAPPublishingPage.java index 0dd19333c2380c343da75bb0c7ecae3ea0b2f6e4..5392cf4a539e01af386e9e76a3100a12aa081474 100644 --- a/base/console/src/com/netscape/admin/certsrv/config/install/WILDAPPublishingPage.java +++ b/base/console/src/com/netscape/admin/certsrv/config/install/WILDAPPublishingPage.java @@ -17,12 +17,23 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.admin.certsrv.config.install; -import java.awt.*; -import javax.swing.*; -import com.netscape.admin.certsrv.*; -import com.netscape.admin.certsrv.connection.*; -import com.netscape.admin.certsrv.wizard.*; -import com.netscape.certsrv.common.*; +import java.awt.GridBagConstraints; +import java.awt.GridBagLayout; +import java.awt.Insets; + +import javax.swing.JCheckBox; +import javax.swing.JComboBox; +import javax.swing.JLabel; +import javax.swing.JPanel; +import javax.swing.JTextArea; +import javax.swing.JTextField; + +import com.netscape.admin.certsrv.CMSAdminUtil; +import com.netscape.admin.certsrv.wizard.IWizardPanel; +import com.netscape.admin.certsrv.wizard.WizardBasePanel; +import com.netscape.admin.certsrv.wizard.WizardInfo; +import com.netscape.certsrv.common.Constants; +import com.netscape.cmsutil.crypto.CryptoUtil; /** * Introduction page for installation wizard. @@ -215,7 +226,7 @@ class WILDAPPublishingPage extends WizardBasePanel implements IWizardPanel { CMSAdminUtil.resetGBC(gbc); mCertBox = new JComboBox(); - mCertBox.addItem("internal"); + mCertBox.addItem(CryptoUtil.INTERNAL_TOKEN_NAME); gbc.fill = gbc.NONE; gbc.anchor = gbc.NORTHWEST; gbc.insets = new Insets(0, COMPONENT_SPACE, COMPONENT_SPACE, diff --git a/base/console/src/com/netscape/admin/certsrv/keycert/WKeyPage.java b/base/console/src/com/netscape/admin/certsrv/keycert/WKeyPage.java index 6c9c981ef711fee06d9b088c5d027029b0d13cf6..cebb695e5a7a6297a9559e04e9d3fc9e912af5f9 100644 --- a/base/console/src/com/netscape/admin/certsrv/keycert/WKeyPage.java +++ b/base/console/src/com/netscape/admin/certsrv/keycert/WKeyPage.java @@ -17,19 +17,40 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.admin.certsrv.keycert; -import java.awt.*; -import java.awt.event.*; -import java.util.*; -import javax.swing.*; -import javax.swing.border.*; +import java.awt.Color; +import java.awt.GridBagConstraints; +import java.awt.GridBagLayout; +import java.awt.Insets; +import java.awt.event.ActionEvent; +import java.awt.event.ItemEvent; +import java.awt.event.ItemListener; +import java.util.StringTokenizer; -import com.netscape.admin.certsrv.*; -import com.netscape.admin.certsrv.connection.*; -import com.netscape.admin.certsrv.wizard.*; -import com.netscape.certsrv.common.*; +import javax.swing.ButtonGroup; +import javax.swing.JComboBox; +import javax.swing.JComponent; +import javax.swing.JDialog; +import javax.swing.JFrame; +import javax.swing.JLabel; +import javax.swing.JPanel; +import javax.swing.JRadioButton; +import javax.swing.JTextArea; +import javax.swing.JTextField; +import javax.swing.border.TitledBorder; +import javax.swing.text.JTextComponent; + +import com.netscape.admin.certsrv.CMSAdminUtil; +import com.netscape.admin.certsrv.EAdminException; +import com.netscape.admin.certsrv.config.WarningDialog; +import com.netscape.admin.certsrv.connection.AdminConnection; +import com.netscape.admin.certsrv.wizard.IWizardPanel; +import com.netscape.admin.certsrv.wizard.WizardBasePanel; +import com.netscape.admin.certsrv.wizard.WizardInfo; +import com.netscape.certsrv.common.Constants; +import com.netscape.certsrv.common.DestDef; +import com.netscape.certsrv.common.NameValuePairs; +import com.netscape.certsrv.common.ScopeDef; import com.netscape.cmsutil.crypto.CryptoUtil; -import com.netscape.admin.certsrv.config.*; -import javax.swing.text.*; /** * Setup key information for certificate setup wizard. @@ -103,7 +124,7 @@ class WKeyPage extends WizardBasePanel implements IWizardPanel, ItemListener { String str = wizardInfo.getNicknames(); StringTokenizer tokenizer1 = new StringTokenizer(str, ","); while (tokenizer1.hasMoreTokens()) { - mNicknameBox.addItem((String)tokenizer1.nextToken()); + mNicknameBox.addItem(tokenizer1.nextToken()); } } } else { @@ -128,7 +149,7 @@ class WKeyPage extends WizardBasePanel implements IWizardPanel, ItemListener { String tokenList = wizardInfo.getTokenList(); StringTokenizer tokenizer = new StringTokenizer(tokenList, ","); while (tokenizer.hasMoreTokens()) { - mTokenBox.addItem((String)tokenizer.nextToken()); + mTokenBox.addItem(tokenizer.nextToken()); } mTokenBox.addItemListener(this); @@ -253,11 +274,11 @@ class WKeyPage extends WizardBasePanel implements IWizardPanel, ItemListener { if (mKeyTypeBox.isVisible()) { wizardInfo.addEntry(Constants.PR_KEY_TYPE, - (String)mKeyTypeBox.getSelectedItem()); + mKeyTypeBox.getSelectedItem()); nvps.put(Constants.PR_KEY_TYPE, (String) mKeyTypeBox.getSelectedItem()); } else if (mDSAKeyTypeBox.isVisible()) { wizardInfo.addEntry(Constants.PR_KEY_TYPE, - (String)mDSAKeyTypeBox.getSelectedItem()); + mDSAKeyTypeBox.getSelectedItem()); nvps.put(Constants.PR_KEY_TYPE, (String) mDSAKeyTypeBox.getSelectedItem()); } } @@ -302,7 +323,7 @@ class WKeyPage extends WizardBasePanel implements IWizardPanel, ItemListener { if (mNewKeyBtn.isSelected()) { String tokenName = (String)mTokenBox.getSelectedItem(); - if (tokenName.equals("internal")) + if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) tokenName = CryptoUtil.INTERNAL_TOKEN_NAME; nvps.clear(); nvps.put(Constants.PR_TOKEN_NAME, tokenName); diff --git a/base/console/src/com/netscape/admin/certsrv/keycert/WTokenLogonPage.java b/base/console/src/com/netscape/admin/certsrv/keycert/WTokenLogonPage.java index 46c9b61df99d0e2e805c65677004d541cbed5923..617aeebbc147328749087bd68e56423fa0268acc 100644 --- a/base/console/src/com/netscape/admin/certsrv/keycert/WTokenLogonPage.java +++ b/base/console/src/com/netscape/admin/certsrv/keycert/WTokenLogonPage.java @@ -17,13 +17,26 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.admin.certsrv.keycert; -import java.awt.*; -import javax.swing.*; +import java.awt.GridBagConstraints; +import java.awt.GridBagLayout; +import java.awt.Insets; -import com.netscape.admin.certsrv.*; -import com.netscape.admin.certsrv.connection.*; -import com.netscape.admin.certsrv.wizard.*; -import com.netscape.certsrv.common.*; +import javax.swing.JDialog; +import javax.swing.JFrame; +import javax.swing.JLabel; +import javax.swing.JPasswordField; +import javax.swing.JTextArea; + +import com.netscape.admin.certsrv.CMSAdminUtil; +import com.netscape.admin.certsrv.EAdminException; +import com.netscape.admin.certsrv.connection.AdminConnection; +import com.netscape.admin.certsrv.wizard.IWizardPanel; +import com.netscape.admin.certsrv.wizard.WizardBasePanel; +import com.netscape.admin.certsrv.wizard.WizardInfo; +import com.netscape.certsrv.common.Constants; +import com.netscape.certsrv.common.DestDef; +import com.netscape.certsrv.common.NameValuePairs; +import com.netscape.certsrv.common.ScopeDef; import com.netscape.cmsutil.crypto.CryptoUtil; /** @@ -88,7 +101,7 @@ class WTokenLogonPage extends WizardBasePanel implements IWizardPanel { AdminConnection connection = wizardInfo.getAdminConnection(); String tokenname = mTokenNameText.getText().trim(); - if (tokenname.equals("internal")) { + if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { tokenname = CryptoUtil.INTERNAL_TOKEN_NAME; } diff --git a/base/console/src/com/netscape/admin/certsrv/security/CertRequestSelectTokenPane.java b/base/console/src/com/netscape/admin/certsrv/security/CertRequestSelectTokenPane.java index cab38e8d368501cc034ebc7c7114693fc8e696f9..200c74a1b75537566bcb7999fb855807e57ee936 100644 --- a/base/console/src/com/netscape/admin/certsrv/security/CertRequestSelectTokenPane.java +++ b/base/console/src/com/netscape/admin/certsrv/security/CertRequestSelectTokenPane.java @@ -17,13 +17,33 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.admin.certsrv.security; -import java.awt.*; -import java.awt.event.*; -import java.util.*; -import javax.swing.*; -import javax.swing.border.*; -import com.netscape.management.client.util.*; -import com.netscape.management.nmclf.*; +import java.awt.Component; +import java.awt.Dimension; +import java.awt.GridBagConstraints; +import java.awt.GridBagLayout; +import java.awt.Insets; +import java.awt.event.ActionEvent; +import java.awt.event.ActionListener; +import java.util.Vector; + +import javax.swing.Box; +import javax.swing.ButtonGroup; +import javax.swing.JComboBox; +import javax.swing.JLabel; +import javax.swing.JPanel; +import javax.swing.JRadioButton; +import javax.swing.border.CompoundBorder; +import javax.swing.border.EmptyBorder; +import javax.swing.border.EtchedBorder; +import javax.swing.border.TitledBorder; + +import com.netscape.cmsutil.crypto.CryptoUtil; +import com.netscape.management.client.util.GridBagUtil; +import com.netscape.management.client.util.MultilineLabel; +import com.netscape.management.client.util.ResourceSet; +import com.netscape.management.client.util.UtilConsoleGlobals; +import com.netscape.management.nmclf.SuiConstants; +import com.netscape.management.nmclf.SuiOptionPane; /** * @@ -206,7 +226,7 @@ IKeyCertPage { ResourceSet resource = KeyCertUtility.getKeyCertWizardResourceSet(); - _internal = resource.getString("SelectToken", "internal"); + _internal = resource.getString("SelectToken", CryptoUtil.INTERNAL_TOKEN_NAME); _defaultToken = resource.getString("SelectToken", "defaultToken"); _no = new JRadioButton(resource.getString("SelectToken", "no"), diff --git a/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java b/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java index dc4b191c596fd9ec581bc10cc2d01e0ccbcb158d..edf6e1335bf96be49bd94d2d142d20f238cf0628 100644 --- a/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java +++ b/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java @@ -33,10 +33,6 @@ import java.security.NoSuchAlgorithmException; import java.security.SignatureException; import java.util.Date; -import netscape.security.pkcs.PKCS10; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertImpl; - import org.mozilla.jss.CryptoManager; import org.mozilla.jss.asn1.ANY; import org.mozilla.jss.asn1.INTEGER; @@ -64,8 +60,13 @@ import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; import org.mozilla.jss.pkix.primitive.Name; import org.mozilla.jss.util.Password; +import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.Utils; +import netscape.security.pkcs.PKCS10; +import netscape.security.x509.X500Name; +import netscape.security.x509.X509CertImpl; + /** * Tool for signing PKCS #10 , return CMC enrollment request * @@ -94,7 +95,7 @@ public class CMCEnroll { CryptoManager manager = CryptoManager.getInstance(); CryptoToken token = null; - if (tokenname.equals("internal")) { + if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { token = manager.getInternalKeyStorageToken(); } else { token = manager.getTokenByName(tokenname); @@ -134,7 +135,7 @@ public class CMCEnroll { static String getCMCBlob(X509Certificate signerCert, CryptoManager manager, String nValue, String rValue) { String asciiBASE64Blob = rValue; // input pkcs10 blob - String tokenname = "internal"; + String tokenname = CryptoUtil.INTERNAL_TOKEN_NAME; try { diff --git a/base/java-tools/src/com/netscape/cmstools/TestCRLSigning.java b/base/java-tools/src/com/netscape/cmstools/TestCRLSigning.java index 0f41e0fc714c98a7326a83592ea1bb9afcb910d6..24a51f8eef00ce7c2e3342eef63f90cf4713a921 100644 --- a/base/java-tools/src/com/netscape/cmstools/TestCRLSigning.java +++ b/base/java-tools/src/com/netscape/cmstools/TestCRLSigning.java @@ -22,17 +22,19 @@ import java.security.KeyPair; import java.util.Date; import java.util.Hashtable; -import netscape.security.x509.RevokedCertImpl; -import netscape.security.x509.RevokedCertificate; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CRLImpl; - import org.mozilla.jss.CryptoManager; import org.mozilla.jss.crypto.CryptoToken; import org.mozilla.jss.crypto.KeyPairAlgorithm; import org.mozilla.jss.crypto.KeyPairGenerator; import org.mozilla.jss.util.Password; +import com.netscape.cmsutil.crypto.CryptoUtil; + +import netscape.security.x509.RevokedCertImpl; +import netscape.security.x509.RevokedCertificate; +import netscape.security.x509.X500Name; +import netscape.security.x509.X509CRLImpl; + /** * Tool used to test out signing a CRL * @@ -61,7 +63,7 @@ public class TestCRLSigning { // Login to token CryptoToken token = null; - if (tokenname.equals("internal")) { + if (tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { token = cm.getInternalKeyStorageToken(); } else { token = cm.getTokenByName(tokenname); diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java index ed1e26bc2c72c0cdeb4122571f42fd2f9ea321d7..21d16b537ebab9739cc3b05e8d9a8ac01891d27d 100644 --- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java @@ -55,6 +55,7 @@ import com.netscape.cmstools.key.KeyCLI; import com.netscape.cmstools.pkcs12.PKCS12CLI; import com.netscape.cmstools.system.SecurityDomainCLI; import com.netscape.cmstools.user.UserCLI; +import com.netscape.cmsutil.crypto.CryptoUtil; /** * @author Endi S. Dewata @@ -234,7 +235,7 @@ public class MainCLI extends CLI { // Check for undefined 'token' if (tokenPassword[0].isEmpty()) { // Set default 'token' - tokenPassword[0] = "internal"; + tokenPassword[0] = CryptoUtil.INTERNAL_TOKEN_NAME; } // Check for undefined 'password' @@ -243,7 +244,7 @@ public class MainCLI extends CLI { } } else { // Set default 'token' - tokenPassword[0] = "internal"; + tokenPassword[0] = CryptoUtil.INTERNAL_TOKEN_NAME; // Set simple 'password' (do not trim leading/trailing whitespace) tokenPassword[1] = line; diff --git a/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java b/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java index f05aa471f0c5d7a435ab45e88f25b9e8eea8574e..d07a972db5d47d5bb125a50003905664ecae466f 100644 --- a/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java +++ b/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java @@ -324,7 +324,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove if (mStorageKeyUnit.getToken() != null) { try { String storageToken = mStorageKeyUnit.getToken().getName(); - if (!storageToken.equals("internal")) { + if (!storageToken.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { CMS.debug("Auto set serverKeygenTokenName to " + storageToken); serverKeygenTokenName = storageToken; } @@ -333,7 +333,7 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove } } if (serverKeygenTokenName == null) { - serverKeygenTokenName = "internal"; + serverKeygenTokenName = CryptoUtil.INTERNAL_TOKEN_NAME; } if (serverKeygenTokenName.equalsIgnoreCase(CryptoUtil.INTERNAL_TOKEN_NAME)) serverKeygenTokenName = CryptoUtil.INTERNAL_TOKEN_NAME; diff --git a/base/kra/src/com/netscape/kra/RecoveryService.java b/base/kra/src/com/netscape/kra/RecoveryService.java index 771445d668d9e0747f51d03eba08314d15365d02..a5e9e78dfe5baf83e94763df1e96d401f99a3e68 100644 --- a/base/kra/src/com/netscape/kra/RecoveryService.java +++ b/base/kra/src/com/netscape/kra/RecoveryService.java @@ -29,12 +29,6 @@ import java.security.cert.X509Certificate; import java.util.Hashtable; import java.util.Random; -import netscape.security.util.BigInt; -import netscape.security.util.DerInputStream; -import netscape.security.util.DerValue; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509Key; - import org.mozilla.jss.CryptoManager; import org.mozilla.jss.asn1.ASN1Util; import org.mozilla.jss.asn1.ASN1Value; @@ -70,6 +64,13 @@ import com.netscape.certsrv.security.IStorageKeyUnit; import com.netscape.certsrv.util.IStatsSubsystem; import com.netscape.cmscore.dbs.KeyRecord; import com.netscape.cmscore.util.Debug; +import com.netscape.cmsutil.crypto.CryptoUtil; + +import netscape.security.util.BigInt; +import netscape.security.util.DerInputStream; +import netscape.security.util.DerValue; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509Key; /** * A class represents recovery request processor. There @@ -137,8 +138,8 @@ public class RecoveryService implements IService { try { cm = CryptoManager.getInstance(); config = CMS.getConfigStore(); - tokName = config.getString("kra.storageUnit.hardware", "internal"); - if (tokName.equals("internal")) { + tokName = config.getString("kra.storageUnit.hardware", CryptoUtil.INTERNAL_TOKEN_NAME); + if (tokName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { CMS.debug("RecoveryService: serviceRequest: use internal token "); ct = cm.getInternalCryptoToken(); } else { diff --git a/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java b/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java index 67938af5d1820c7403221af9fc832f8bc61da785..3f46d918d9a087ca2009f11cbd8a082572dab756 100644 --- a/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java +++ b/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java @@ -36,15 +36,8 @@ import java.util.Hashtable; import java.util.Locale; import java.util.Vector; -import netscape.security.pkcs.PKCS10; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; -import netscape.security.x509.X509Key; import org.mozilla.jss.CryptoManager; import org.mozilla.jss.CryptoManager.NotInitializedException; -import org.mozilla.jss.crypto.CryptoToken; -import org.mozilla.jss.crypto.PrivateKey; import org.mozilla.jss.asn1.ASN1Util; import org.mozilla.jss.asn1.INTEGER; import org.mozilla.jss.asn1.InvalidBERException; @@ -52,10 +45,12 @@ import org.mozilla.jss.asn1.OBJECT_IDENTIFIER; import org.mozilla.jss.asn1.OCTET_STRING; import org.mozilla.jss.asn1.SEQUENCE; import org.mozilla.jss.asn1.SET; +import org.mozilla.jss.crypto.CryptoToken; import org.mozilla.jss.crypto.DigestAlgorithm; +import org.mozilla.jss.crypto.PrivateKey; import org.mozilla.jss.pkcs10.CertificationRequest; -import org.mozilla.jss.pkcs11.PK11PubKey; import org.mozilla.jss.pkcs11.PK11ECPublicKey; +import org.mozilla.jss.pkcs11.PK11PubKey; import org.mozilla.jss.pkix.cert.Certificate; import org.mozilla.jss.pkix.cert.CertificateInfo; import org.mozilla.jss.pkix.cmc.PKIData; @@ -91,8 +86,15 @@ import com.netscape.certsrv.profile.IProfileAuthenticator; import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; +import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.Utils; +import netscape.security.pkcs.PKCS10; +import netscape.security.x509.X500Name; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; +import netscape.security.x509.X509Key; + //import com.netscape.cmscore.util.*; ////////////////////// // class definition // @@ -515,9 +517,9 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, cm = CryptoManager.getInstance(); if (sigver == true) { String tokenName = - CMS.getConfigStore().getString("ca.requestVerify.token", "internal"); + CMS.getConfigStore().getString("ca.requestVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME); savedToken = cm.getThreadToken(); - if (tokenName.equals("internal")) { + if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { signToken = cm.getInternalCryptoToken(); } else { signToken = cm.getTokenByName(tokenName); @@ -914,7 +916,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, CMS.debug("CMCAuth: signing key alg=EC"); keyType = PrivateKey.EC; byte publicKeyData[] = ((X509Key) signKey).getEncoded(); - pubK = (PK11PubKey) PK11ECPublicKey.fromSPKI(/*keyType,*/ publicKeyData); + pubK = PK11ECPublicKey.fromSPKI(/*keyType,*/ publicKeyData); } else if (alg.equals("DSA")) { CMS.debug("CMCAuth: signing key alg=DSA"); keyType = PrivateKey.DSA; @@ -922,9 +924,9 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, } String tokenName = - CMS.getConfigStore().getString("ca.requestVerify.token", "internal"); + CMS.getConfigStore().getString("ca.requestVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME); // by default JSS will use internal crypto token - if (!tokenName.equals("internal")) { + if (!tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { savedToken = cm.getThreadToken(); signToken = cm.getTokenByName(tokenName); if(signToken != null) { diff --git a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java index fbb98262929f1c5e12ab54a7514c15297364e971..47e88636183ab3fbf54a6ec6a08cabf6698e81d1 100644 --- a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java +++ b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java @@ -74,6 +74,7 @@ import com.netscape.certsrv.profile.IEnrollProfile; import com.netscape.certsrv.profile.IProfileContext; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; +import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.HMACDigest; import netscape.security.pkcs.PKCS10; @@ -699,9 +700,9 @@ public abstract class EnrollProfile extends BasicProfile cm = CryptoManager.getInstance(); if (sigver == true) { String tokenName = - CMS.getConfigStore().getString("ca.requestVerify.token", "internal"); + CMS.getConfigStore().getString("ca.requestVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME); savedToken = cm.getThreadToken(); - if (tokenName.equals("internal")) { + if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { signToken = cm.getInternalCryptoToken(); } else { signToken = cm.getTokenByName(tokenName); @@ -1054,10 +1055,10 @@ public abstract class EnrollProfile extends BasicProfile sigver = CMS.getConfigStore().getBoolean("ca.requestVerify.enabled", true); if (sigver) { CMS.debug("EnrollProfile: parsePKCS10: signature verification enabled"); - String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", "internal"); + String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME); savedToken = cm.getThreadToken(); CryptoToken signToken = null; - if (tokenName.equals("internal")) { + if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { CMS.debug("EnrollProfile: parsePKCS10: use internal token"); signToken = cm.getInternalCryptoToken(); } else { @@ -1507,8 +1508,8 @@ public abstract class EnrollProfile extends BasicProfile try { CryptoManager cm = CryptoManager.getInstance(); CryptoToken verifyToken = null; - String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", "internal"); - if (tokenName.equals("internal")) { + String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME); + if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { CMS.debug("POP verification using internal token"); certReqMsg.verify(); } else { diff --git a/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java b/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java index b4ed31223ac99d7c55463cb8e201928c16c362fc..3ec74eda2b504bdc0b8158eda898c89866f2cca9 100644 --- a/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java +++ b/base/server/cms/src/com/netscape/cms/profile/input/EnrollInput.java @@ -39,6 +39,7 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; +import com.netscape.cmsutil.crypto.CryptoUtil; /** * This class implements the base enrollment input. @@ -206,8 +207,8 @@ public abstract class EnrollInput implements IProfileInput { CryptoManager cm = CryptoManager.getInstance(); CryptoToken verifyToken = null; - String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", "internal"); - if (tokenName.equals("internal")) { + String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME); + if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { CMS.debug("POP verification using internal token"); certReqMsg.verify(); } else { diff --git a/base/server/cms/src/com/netscape/cms/publish/publishers/OCSPPublisher.java b/base/server/cms/src/com/netscape/cms/publish/publishers/OCSPPublisher.java index bfdcc7530d8ac3dc8da28f032dbcb69ce52c3ed0..45aae249501e8a4e6fb469c77e6836867e3b6563 100644 --- a/base/server/cms/src/com/netscape/cms/publish/publishers/OCSPPublisher.java +++ b/base/server/cms/src/com/netscape/cms/publish/publishers/OCSPPublisher.java @@ -145,7 +145,7 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { try { nickname = config.getString("ca.subsystem.nickname", ""); String tokenname = config.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals("internal") && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) nickname = tokenname + ":" + nickname; } catch (Exception e) { } diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java index 5acedbc0d457e24c1eda32f2702db9a73da2c9ba..d652963b11df1869bfa7426c699b03e210cd724f 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java @@ -764,7 +764,7 @@ public class CertUtil { String fullnickname = nickname; - if (!tokenname.equals("internal") && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { fullnickname = tokenname + ":" + nickname; } diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index c7014a2a4e58e8f208a30e47e711520d1fde5a9c..65bd371eb092eecf56a9bad659ece42ea8ec8cec 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -998,7 +998,7 @@ public class ConfigurationUtils { String name1 = "preop.master." + tag + ".nickname"; String nickname = cs.getString(name1, ""); if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && - !tokenname.equals("internal")) + !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) nickname = tokenname + ":" + nickname; CMS.debug("ConfigurationUtils.verifySystemCertificates(): checking certificate " + nickname); @@ -2342,7 +2342,7 @@ public class ConfigurationUtils { CryptoManager cm = CryptoManager.getInstance(); if (token != null) { - if (!token.equals("internal") && !token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!token.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !token.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) nickname = token + ":" + nickname; } @@ -3332,7 +3332,7 @@ public class ConfigurationUtils { if (certTag.equals("signing") && subsystem.equals("ca")) { String NickName = nickname; - if (!tokenname.equals("internal") && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) NickName = tokenname + ":" + nickname; CMS.debug("handleCerts(): set trust on CA signing cert " + NickName); @@ -3375,7 +3375,7 @@ public class ConfigurationUtils { String fullnickname = nickname; boolean hardware = false; - if (!tokenname.equals("internal") && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { + if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) { hardware = true; fullnickname = tokenname + ":" + nickname; } @@ -3439,7 +3439,7 @@ public class ConfigurationUtils { String fullnickname = nickname; if (!tokenname.equals("") && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && - !tokenname.equals("internal")) + !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) fullnickname = tokenname + ":" + nickname; CMS.debug("deleteCert: nickname=" + fullnickname); @@ -3999,7 +3999,7 @@ public class ConfigurationUtils { if (!tokenname.equals("") && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && - !tokenname.equals("internal")) { + !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { nickname = tokenname + ":" + nickname; } CMS.debug("updateDomainXML() nickname=" + nickname); @@ -4574,7 +4574,7 @@ public class ConfigurationUtils { String nickname = cs.getString("preop.cert.subsystem.nickname", ""); String tokenname = cs.getString("preop.module.token", ""); - if (!tokenname.equals("internal") && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) + if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && !tokenname.equals("")) { nickname = tokenname + ":" + nickname; } diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java index aa5c830a36faa472bfdedc32b5a9595f04d58527..6bb0746b7809158ac291f79ea041d6dc81913682 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java @@ -70,7 +70,7 @@ public class GetSubsystemCert extends CMSServlet { try { nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals("internal") && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) nickname = tokenname + ":" + nickname; } catch (Exception e) { } diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java index 12bb3d41be96eb238f85c6b4f82885fdd53c7b34..d5b552be82fc17138feb5131409f3552ad564072 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java @@ -108,7 +108,7 @@ public class UpdateOCSPConfig extends CMSServlet { try { nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals("internal") && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) nickname = tokenname + ":" + nickname; } catch (Exception e) { } diff --git a/base/server/cms/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java b/base/server/cms/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java index ac1aad373d0575c2c787db2f1cea8641fda8abe9..d4e8f92b6ffdc03d55cc796ea73d909385b14587 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java @@ -29,10 +29,6 @@ import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import netscape.security.x509.X509CRLImpl; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509ExtensionException; - import org.mozilla.jss.CryptoManager; import org.mozilla.jss.crypto.CryptoToken; @@ -54,8 +50,13 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; +import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.Cert; +import netscape.security.x509.X509CRLImpl; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509ExtensionException; + /** * Update the OCSP responder with a new CRL * @@ -353,9 +354,9 @@ public class AddCRLServlet extends CMSServlet { CMS.debug("AddCRLServlet: start verify"); String tokenName = - CMS.getConfigStore().getString("ocsp.crlVerify.token", "internal"); + CMS.getConfigStore().getString("ocsp.crlVerify.token", CryptoUtil.INTERNAL_TOKEN_NAME); savedToken = cmanager.getThreadToken(); - if (tokenName.equals("internal")) { + if (tokenName.equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { verToken = cmanager.getInternalCryptoToken(); } else { verToken = cmanager.getTokenByName(tokenName); diff --git a/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java b/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java index 6dfd1d2a2573cff94a2fce2904fc90da5b1c3a92..a5cae347b5935e5bb56f5dc6a8ce4891a69790de 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java +++ b/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java @@ -27,12 +27,12 @@ import org.mozilla.jss.crypto.SymmetricKey.NotExtractableException; import org.mozilla.jss.crypto.SymmetricKeyDeriver; import org.mozilla.jss.crypto.TokenException; -import sun.security.pkcs11.wrapper.PKCS11Constants; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.cmsutil.crypto.CryptoUtil; +import sun.security.pkcs11.wrapper.PKCS11Constants; + public class SecureChannelProtocol { static String sharedSecretKeyName = null; @@ -218,7 +218,7 @@ public class SecureChannelProtocol { try { cm = CryptoManager.getInstance(); token = returnTokenByName(selectedToken, cm); - internalToken = returnTokenByName("internal", cm); + internalToken = returnTokenByName(CryptoUtil.INTERNAL_TOKEN_NAME, cm); } catch (NotInitializedException e) { CMS.debug(method + " " + e); throw new EBaseException(e); @@ -376,7 +376,7 @@ public class SecureChannelProtocol { CryptoManager cm = null; try { cm = CryptoManager.getInstance(); - internalToken = returnTokenByName("internal", cm); + internalToken = returnTokenByName(CryptoUtil.INTERNAL_TOKEN_NAME, cm); finalToken = internalToken; } catch (NotInitializedException e) { CMS.debug(method + " " + e); diff --git a/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java b/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java index a2a797534587d586641d5985cf3c6b4555b9168d..39cd429dfb039bcba272ed9472a9bc1e3f2278ff 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/tks/TokenServlet.java @@ -471,7 +471,7 @@ public class TokenServlet extends CMSServlet { String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); if (mappingValue == null) { selectedToken = - CMS.getConfigStore().getString("tks.defaultSlot", "internal"); + CMS.getConfigStore().getString("tks.defaultSlot", CryptoUtil.INTERNAL_TOKEN_NAME); keyNickName = rKeyInfo; } else { StringTokenizer st = new StringTokenizer(mappingValue, ":"); @@ -491,7 +491,7 @@ public class TokenServlet extends CMSServlet { if (mappingValue == null) { try { selectedToken = - CMS.getConfigStore().getString("tks.defaultSlot", "internal"); + CMS.getConfigStore().getString("tks.defaultSlot", CryptoUtil.INTERNAL_TOKEN_NAME); } catch (EBaseException e) { e.printStackTrace(); @@ -597,7 +597,7 @@ public class TokenServlet extends CMSServlet { if (useSoftToken_s.equals("true")) { CMS.debug("TokenServlet.computeSessionKeySCP02: key encryption key generated on internal"); - desKey = SessionKey.GenerateSymkey("internal"); + desKey = SessionKey.GenerateSymkey(CryptoUtil.INTERNAL_TOKEN_NAME); } else { CMS.debug("TokenServlet.computeSessionKeySCP02: key encryption key generated on " @@ -1075,7 +1075,7 @@ public class TokenServlet extends CMSServlet { String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); if (mappingValue == null) { selectedToken = - CMS.getConfigStore().getString("tks.defaultSlot", "internal"); + CMS.getConfigStore().getString("tks.defaultSlot", CryptoUtil.INTERNAL_TOKEN_NAME); keyNickName = rKeyInfo; } else { StringTokenizer st = new StringTokenizer(mappingValue, ":"); @@ -1179,7 +1179,7 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet: key encryption key generated on internal"); //cfu audit here? sym key gen - desKey = protocol.generateSymKey("internal"); + desKey = protocol.generateSymKey(CryptoUtil.INTERNAL_TOKEN_NAME); //cfu audit here? sym key gen done } else { CMS.debug("TokenServlet: key encryption key generated on " + selectedToken); @@ -1772,7 +1772,7 @@ public class TokenServlet extends CMSServlet { String oldMappingValue = CMS.getConfigStore().getString(oldKeyInfoMap, null); String oldSelectedToken = null; if (oldMappingValue == null) { - oldSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); + oldSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", CryptoUtil.INTERNAL_TOKEN_NAME); oldKeyNickName = req.getParameter(IRemoteRequest.TOKEN_KEYINFO); } else { StringTokenizer st = new StringTokenizer(oldMappingValue, ":"); @@ -1784,7 +1784,7 @@ public class TokenServlet extends CMSServlet { String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null); String newSelectedToken = null; if (newMappingValue == null) { - newSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); + newSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", CryptoUtil.INTERNAL_TOKEN_NAME); newKeyNickName = rnewKeyInfo; } else { StringTokenizer st = new StringTokenizer(newMappingValue, ":"); @@ -2108,7 +2108,7 @@ public class TokenServlet extends CMSServlet { String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); if (mappingValue == null) { - selectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); + selectedToken = CMS.getConfigStore().getString("tks.defaultSlot", CryptoUtil.INTERNAL_TOKEN_NAME); keyNickName = rKeyInfo; } else { StringTokenizer st = new StringTokenizer(mappingValue, ":"); @@ -2451,7 +2451,7 @@ public class TokenServlet extends CMSServlet { String symmKeys = null; boolean keyPresent = false; try { - symmKeys = SessionKey.ListSymmetricKeys("internal"); + symmKeys = SessionKey.ListSymmetricKeys(CryptoUtil.INTERNAL_TOKEN_NAME); CMS.debug("TokenServlet.getSharedSecretTransportKey: symmKeys List: " + symmKeys); } catch (Exception e) { // TODO Auto-generated catch block diff --git a/base/tps/src/org/dogtagpki/server/tps/TPSSubsystem.java b/base/tps/src/org/dogtagpki/server/tps/TPSSubsystem.java index 013e9984d66f5924e8ede98210fddf7ba64a85f2..402718f2600276f663c5d5c595bb4b8a4019d261 100644 --- a/base/tps/src/org/dogtagpki/server/tps/TPSSubsystem.java +++ b/base/tps/src/org/dogtagpki/server/tps/TPSSubsystem.java @@ -367,7 +367,7 @@ public class TPSSubsystem implements IAuthority, ISubsystem { IConfigStore cs = CMS.getConfigStore(); String nickname = cs.getString("tps.subsystem.nickname", ""); String tokenname = cs.getString("tps.subsystem.tokenname", ""); - if (!tokenname.equals("internal") && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) + if (!tokenname.equals(CryptoUtil.INTERNAL_TOKEN_NAME) && !tokenname.equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME)) nickname = tokenname + ":" + nickname; CryptoManager cm = CryptoManager.getInstance(); diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java index d8f9c4f1835b50c8a855a2b6ce681450575bcc4a..825df3f2378f676abf3f1e2e5146d7ce711f0f44 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java @@ -2859,7 +2859,7 @@ public class TPSProcessor { boolean keyPresent = false; try { - symmKeys = SessionKey.ListSymmetricKeys("internal"); + symmKeys = SessionKey.ListSymmetricKeys(CryptoUtil.INTERNAL_TOKEN_NAME); CMS.debug("TPSProcessor.getSharedSecretTransportKey: symmKeys List: " + symmKeys); } catch (Exception e) { // TODO Auto-generated catch block diff --git a/base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java b/base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java index 7a22288793fba1a9214ea0717cd138f2e6ac1a26..823b0d7bfaf331d1f9c1f9b8466dd89804c9de79 100644 --- a/base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java +++ b/base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java @@ -52,7 +52,7 @@ public class TPSInstallerService extends SystemConfigService { // get token prefix, if applicable String tokPrefix = ""; if (!request.getToken().equals(CryptoUtil.INTERNAL_TOKEN_FULL_NAME) && - !request.getToken().equals("internal")) { + !request.getToken().equals(CryptoUtil.INTERNAL_TOKEN_NAME)) { tokPrefix = request.getToken() + ":"; } diff --git a/base/util/src/com/netscape/cmsutil/password/NuxwdogPasswordStore.java b/base/util/src/com/netscape/cmsutil/password/NuxwdogPasswordStore.java index 6db2079394b9004680e5482233be7aecb4a2ccd6..847a74508d684f2a79bc6ec8a487e68b4a27beaa 100644 --- a/base/util/src/com/netscape/cmsutil/password/NuxwdogPasswordStore.java +++ b/base/util/src/com/netscape/cmsutil/password/NuxwdogPasswordStore.java @@ -11,6 +11,7 @@ import java.util.Properties; import org.apache.commons.lang.StringUtils; +import com.netscape.cmsutil.crypto.CryptoUtil; import com.redhat.nuxwdog.WatchdogClient; public class NuxwdogPasswordStore implements IPasswordStore { @@ -54,7 +55,7 @@ public class NuxwdogPasswordStore implements IPasswordStore { InputStream in = new FileInputStream(confFile); props.load(in); - tags.add("internal"); + tags.add(CryptoUtil.INTERNAL_TOKEN_NAME); String tokenList = props.getProperty("cms.tokenList"); if (StringUtils.isNotEmpty(tokenList)) { -- 2.5.5
_______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
