commit 5efd691e71f32b350737d95fe08f470164e60192
Author: Ade Lee <a...@redhat.com>
Date: Thu May 12 00:35:41 2016 +0200
Fix existing ca setup to work with HSM
If the existing CA keys are in an HSM, the code fails to
load the keys becauseit does not take into account the full nickname.
This small fix addresses this bug.
Please review,
Thanks,
Ade
From 5efd691e71f32b350737d95fe08f470164e60192 Mon Sep 17 00:00:00 2001
From: Ade Lee <a...@redhat.com>
Date: Thu, 12 May 2016 00:35:41 +0200
Subject: [PATCH] Fix existing ca setup to work with HSM
If the existing CA keys are in an HSM, the code fails to
load the keys becauseit does not take into account the full nickname.
This small fix addresses this bug.
---
.../src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java | 7 ++++++-
.../cms/src/org/dogtagpki/server/rest/SystemConfigService.java | 2 +-
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index c0f0ce1f405dd63232f1be6c15f8bd8d1a8d3c4b..527ed826ee8d7505354f523c36e3ad110219723b 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -2268,12 +2268,17 @@ public class ConfigurationUtils {
certObj.setCertChain(certChainStr);
}
- public static KeyPair loadKeyPair(String nickname) throws Exception {
+ public static KeyPair loadKeyPair(String nickname, String token) throws Exception {
CMS.debug("ConfigurationUtils: loadKeyPair(" + nickname + ")");
CryptoManager cm = CryptoManager.getInstance();
+ if (token != null) {
+ if (!token.equals("internal") && !token.equals("Internal Key Storage Token"))
+ nickname = token + ":" + nickname;
+ }
+
X509Certificate cert = cm.findCertByNickname(nickname);
PublicKey publicKey = cert.getPublicKey();
PrivateKey privateKey = cm.findPrivKeyByCert(cert);
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
index f9415f520eb264fece8846339ed9da2904c7dbfa..3ed28bc7281814fe1be6b7c33e120ef5844ef412 100644
--- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
+++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
@@ -424,7 +424,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
if (request.isExternal() && tag.equals("signing")) { // external/existing CA
// load key pair for existing and externally-signed signing cert
CMS.debug("SystemConfigService: loading signing cert key pair");
- KeyPair pair = ConfigurationUtils.loadKeyPair(certData.getNickname());
+ KeyPair pair = ConfigurationUtils.loadKeyPair(certData.getNickname(), certData.getToken());
ConfigurationUtils.storeKeyPair(cs, tag, pair);
} else if (!request.getStepTwo()) {
--
1.8.3.1
_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel