rpms / java-1.8.0-openjdk

Clone
Source Code
GIT

Blame SOURCES/rh1996182-login_to_nss_software_token.patch

c7 c7-alt c7-armhfp c7-beta c8 c8-beta c8-containeronly-stream-flatpak c8s c9 c9-beta
  1.   1e4414020059e85df0e32597b6b1b770df8f56cb
  2.   SOURCES
  3.   rh1996182-login_to_nss_software_token.patch
Blob History Raw
582aaf 
# HG changeset patch
582aaf 
# User mbalao
582aaf 
# Date 1630103180 -3600
582aaf 
#      Fri Aug 27 23:26:20 2021 +0100
582aaf 
# Node ID b3bd3119fab9bc5adfd7073377aca12bb1af80b3
582aaf 
# Parent  c90394a76ee02a689f95199559d5724824b4b25e
582aaf 
RH1996182: Login to the NSS Software Token in FIPS Mode
582aaf
582aaf 
diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
582aaf 
--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
582aaf 
+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
582aaf 
@@ -42,6 +42,8 @@
582aaf 
 import javax.security.auth.callback.PasswordCallback;
582aaf 
 import javax.security.auth.callback.TextOutputCallback;
582aaf
582aaf 
+import sun.misc.SharedSecrets;
582aaf 
+
582aaf 
 import sun.security.util.Debug;
582aaf 
 import sun.security.util.ResourcesMgr;
582aaf
582aaf 
@@ -58,6 +60,9 @@
582aaf 
  */
582aaf 
 public final class SunPKCS11 extends AuthProvider {
582aaf
582aaf 
+    private static final boolean systemFipsEnabled = SharedSecrets
582aaf 
+            .getJavaSecuritySystemConfiguratorAccess().isSystemFipsEnabled();
582aaf 
+
582aaf 
     private static final long serialVersionUID = -1354835039035306505L;
582aaf
582aaf 
     static final Debug debug = Debug.getInstance("sunpkcs11");
582aaf 
@@ -368,6 +373,24 @@
582aaf 
             if (nssModule != null) {
582aaf 
                 nssModule.setProvider(this);
582aaf 
             }
582aaf 
+            if (systemFipsEnabled) {
582aaf 
+                // The NSS Software Token in FIPS 140-2 mode requires a user
582aaf 
+                // login for most operations. See sftk_fipsCheck. The NSS DB
582aaf 
+                // (/etc/pki/nssdb) PIN is empty.
582aaf 
+                Session session = null;
582aaf 
+                try {
582aaf 
+                    session = token.getOpSession();
582aaf 
+                    p11.C_Login(session.id(), CKU_USER, new char[] {});
582aaf 
+                } catch (PKCS11Exception p11e) {
582aaf 
+                    if (debug != null) {
582aaf 
+                        debug.println("Error during token login: " +
582aaf 
+                                p11e.getMessage());
582aaf 
+                    }
582aaf 
+                    throw p11e;
582aaf 
+                } finally {
582aaf 
+                    token.releaseSession(session);
582aaf 
+                }
582aaf 
+            }
582aaf 
         } catch (Exception e) {
582aaf 
             if (config.getHandleStartupErrors() == Config.ERR_IGNORE_ALL) {
582aaf 
                 throw new UnsupportedOperationException

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation