From eb106cb46aaea07ddc3c46db63f99ab41b2cd835 Mon Sep 17 00:00:00 2001 From: Jack Magne Date: Thu, 20 Oct 2016 15:18:12 -0700 Subject: [PATCH] TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. Ticket #2513. Simple fix allows the TPS and TKS the ability to obtain the proper internal token, even in FiPS mode. (cherry picked from commit cb2cc3c7fd93e1a0519a0b530cbc2edbab7741cc) (cherry picked from commit 7fae5790584855ea84b9c6ecf73058b6f0dfc1aa) --- .../cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java b/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java index db42cab..6dfd1d2 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java +++ b/base/server/cms/src/com/netscape/cms/servlet/tks/SecureChannelProtocol.java @@ -31,6 +31,7 @@ import sun.security.pkcs11.wrapper.PKCS11Constants; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; +import com.netscape.cmsutil.crypto.CryptoUtil; public class SecureChannelProtocol { @@ -688,10 +689,11 @@ public class SecureChannelProtocol { public CryptoToken returnTokenByName(String name, CryptoManager manager) throws NoSuchTokenException { + CMS.debug("returnTokenByName: requested name: " + name); if (name == null || manager == null) throw new NoSuchTokenException(); - if (name.equals("internal") || name.equals("Internal KeyStorage Token")) { + if(CryptoUtil.isInternalToken(name)) { return manager.getInternalKeyStorageToken(); } else { return manager.getTokenByName(name); -- 1.8.3.1