From f5ffc69f79e4e0f4989094561ab0fd5ff5536d14 Mon Sep 17 00:00:00 2001
From: Christina Fu <cfu@redhat.com>
Date: Thu, 12 Jul 2018 10:24:33 -0700
Subject: [PATCH 1/2] Bugzilla 1548203 LDAP password from console update in
audit
This patch replace ldap passwords with "(sensitive)" in audit log.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1548203
Change-Id: I6271ec1da4164f731dd3a61534b0e511097a845a
(cherry picked from commit cf9c23a842000755d872202777b0a280bda7f1a1)
---
.../server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java
index 769e8e4..2b8cec7 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java
@@ -991,7 +991,11 @@ public class AdminServlet extends HttpServlet {
if (name.equals(Constants.OP_TYPE)) continue;
if (name.equals(Constants.RS_ID)) continue;
- String value = req.getParameter(name);
+ String value = null;
+ if (name.equalsIgnoreCase("PASSWORD_CACHE_ADD"))
+ value = "(sensitive)";
+ else
+ value = req.getParameter(name);
params.put(name, value);
}
--
1.8.3.1
From 46e808e86bb393848cca6434cc06c79a14611fa9 Mon Sep 17 00:00:00 2001
From: Jack Magne <jmagne@redhat.com>
Date: Mon, 15 Jan 2018 13:59:33 -0800
Subject: [PATCH 2/2] Test fix for TPS server side key gen for only identity
cert problem.
Change-Id: I15fc1b8a3fa92568aca853f0e89b9e87bbad463d
(cherry picked from commit c87d7820f7b1af97134197a23543e9fc4be1aa39)
(cherry picked from commit c1314749b7b3a2a6647aadd6945186833e539da8)
---
.../server/tps/cms/TKSRemoteRequestHandler.java | 26 +++++++++++++++++-----
1 file changed, 21 insertions(+), 5 deletions(-)
diff --git a/base/tps/src/org/dogtagpki/server/tps/cms/TKSRemoteRequestHandler.java b/base/tps/src/org/dogtagpki/server/tps/cms/TKSRemoteRequestHandler.java
index 65d0ed0..8155f90 100644
--- a/base/tps/src/org/dogtagpki/server/tps/cms/TKSRemoteRequestHandler.java
+++ b/base/tps/src/org/dogtagpki/server/tps/cms/TKSRemoteRequestHandler.java
@@ -103,7 +103,8 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler
String tokenType)
throws EBaseException {
- CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): begins.");
+ String method = "TKSRemoteRequestHandler: computeSessionKey(): ";
+ CMS.debug(method + " begins.");
if (cuid == null || kdd == null || keyInfo == null || card_challenge == null
|| card_cryptogram == null || host_challenge == null) {
throw new EBaseException("TKSRemoteRequestHandler: computeSessionKey(): input parameter null.");
@@ -111,10 +112,25 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler
IConfigStore conf = CMS.getConfigStore();
- boolean serverKeygen =
- conf.getBoolean("op.enroll." +
- tokenType + ".keyGen.encryption.serverKeygen.enable",
- false);
+ boolean serverKeygen = false;
+
+ //Try out all the currently supported cert types to see if we are doing server side keygen here
+ String[] keygenStrings = { "identity", "signing", "encryption", "authentication", "auth"};
+ for (String keygenString : keygenStrings) {
+ boolean enabled = conf.getBoolean("op.enroll." +
+ tokenType + ".keyGen." +
+ keygenString + ".serverKeygen.enable", false);
+
+ CMS.debug(method + " serverkegGen enabled for " + keygenString + " : " + enabled);
+ if (enabled) {
+ serverKeygen = true;
+ break;
+ }
+ }
+
+
+
+
if (keySet == null)
keySet = conf.getString("tps.connector." + connid + ".keySet", "defKeySet");
--
1.8.3.1