[Pki-devel] [Patch] elimination of CA crash
Andrew Wnuk
awnuk at redhat.com
Tue Jul 24 00:50:55 UTC 2012
This patch eliminates CA crash caused by default Android browser.
Bug: 819123.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120723/073e62ff/attachment.htm>
-------------- next part --------------
Index: pki/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSelect.template
===================================================================
--- pki/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSelect.template (revision 2439)
+++ pki/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSelect.template (working copy)
@@ -212,7 +212,7 @@
keyTransportCert = transportCert;
}
// generate keys for nsm.
- if (typeof(crypto.version) != "undefined") {
+ if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") {
var encKeyType = "rsa-ex";
var signKeyType = "rsa-sign";
var dualKeyType = "rsa-dual-use";
@@ -314,7 +314,7 @@
document.writeln("<OBJECT classid='clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1' CODEBASE='/xenroll.dll' id='Enroll'></OBJECT>");
}
document.writeln('<form name="ReqForm" onSubmit="if (checkRequest()) {return true;} else {window.location.reload(); return false;}" method="post" action="' + uri + '">');
- } else if (typeof(crypto.version) != "undefined") {
+ } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") {
document.writeln('<form name="ReqForm" onSubmit="return validate();" method="post" action="' + uri + '">');
} else {
document.writeln('<form name="ReqForm" method="post" action="' + uri + '">');
@@ -588,7 +588,7 @@
} else if (inputListSet[n].inputSyntax == 'dual_keygen_request') {
if (navigator.appName == "Microsoft Internet Explorer") {
document.writeln('<input type=hidden name=' + inputListSet[n].inputId + '>');
- } else if (typeof(crypto.version) != "undefined") {
+ } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") {
document.write('<SELECT NAME="encKeyParam">'+keyLengthsCurvesOptions("encryption")+'</SELECT>');
document.write('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif"> ');
document.write(keyTypeOptions("encryption")+' (Encryption), </FONT>');
@@ -606,7 +606,7 @@
if (navigator.appName == "Microsoft Internet Explorer") {
document.writeln('<input type=hidden name=' + inputListSet[n].inputId + '>');
document.writeln('<SELECT NAME="keyLength">'+keyLengthsCurvesOptions("")+'</SELECT> <SELECT NAME=\"cryptprovider\"></SELECT>');
- } else if (typeof(crypto.version) != "undefined") {
+ } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") {
document.write('<SELECT NAME="keyParam">'+keyLengthsCurvesOptions("")+'</SELECT>');
document.write('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.write(' '+keyTypeOptions("")+' ');
@@ -627,7 +627,7 @@
keygen_request = 'true';
if (navigator.appName == "Microsoft Internet Explorer") {
document.writeln('Not Supported<input type=hidden name=' + inputListSet[n].inputId + ' value=>');
- } else if (typeof(crypto.version) != "undefined") {
+ } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") {
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">crmf</FONT><input type=hidden name=' + inputListSet[n].inputId + ' value=crmf>');
} else {
document.writeln('Not Supported<input type=hidden name=' + inputListSet[n].inputId + ' value=>');
@@ -638,7 +638,7 @@
keygen_request = 'true';
if (navigator.appName == "Microsoft Internet Explorer") {
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">pkcs10</FONT><input type=hidden name=' + inputListSet[n].inputId + ' value=pkcs10>');
- } else if (typeof(crypto.version) != "undefined") {
+ } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") {
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">crmf</FONT><input type=hidden name=' + inputListSet[n].inputId + ' value=crmf>');
} else {
document.writeln('keygen<input type=hidden name=' + inputListSet[n].inputId + ' value=keygen>');
@@ -670,7 +670,7 @@
} else {
document.writeln('<input type=submit value="Submit">');
}
- } else if (typeof(crypto.version) != "undefined") {
+ } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") {
document.writeln('<input type=submit value="Submit">');
} else {
document.writeln('<input type=submit value="Submit">');
Index: pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java
===================================================================
--- pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java (revision 2439)
+++ pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java (working copy)
@@ -107,6 +107,11 @@
"CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
""));
}
+ if (keygen_request == null) {
+ CMS.debug("KeyGenInput: populate - invalid certificate request");
+ throw new EProfileException(CMS.getUserMessage(
+ getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+ }
if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) {
PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request);
Index: pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java
===================================================================
--- pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java (revision 2439)
+++ pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java (working copy)
@@ -96,6 +96,11 @@
X509CertInfo info =
request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+ if (cert_request == null) {
+ CMS.debug("CMCCertReqInput: populate - invalid certificate request");
+ throw new EProfileException(CMS.getUserMessage(
+ getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+ }
TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request);
if (msgs == null) {
Index: pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java
===================================================================
--- pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java (revision 2439)
+++ pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java (working copy)
@@ -105,6 +105,11 @@
"CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
""));
}
+ if (keygen_request == null) {
+ CMS.debug("DualKeyGenInput: populate - invalid certificate request");
+ throw new EProfileException(CMS.getUserMessage(
+ getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+ }
if (keygen_request_type.startsWith("pkcs10")) {
PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request);
Index: pki/base/common/src/com/netscape/cms/profile/input/EncryptionKeyGenInput.java
===================================================================
--- pki/base/common/src/com/netscape/cms/profile/input/EncryptionKeyGenInput.java (revision 2439)
+++ pki/base/common/src/com/netscape/cms/profile/input/EncryptionKeyGenInput.java (working copy)
@@ -107,6 +107,11 @@
"CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
""));
}
+ if (keygen_request == null) {
+ CMS.debug("EncryptionKeyGenInput: populate - invalid certificate request");
+ throw new EProfileException(CMS.getUserMessage(
+ getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+ }
if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) {
PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request);
Index: pki/base/common/src/com/netscape/cms/profile/input/SigningKeyGenInput.java
===================================================================
--- pki/base/common/src/com/netscape/cms/profile/input/SigningKeyGenInput.java (revision 2439)
+++ pki/base/common/src/com/netscape/cms/profile/input/SigningKeyGenInput.java (working copy)
@@ -107,6 +107,11 @@
"CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
""));
}
+ if (keygen_request == null) {
+ CMS.debug("SigningKeyGenInput: populate - invalid certificate request");
+ throw new EProfileException(CMS.getUserMessage(
+ getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+ }
if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) {
PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request);
Index: pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java
===================================================================
--- pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java (revision 2439)
+++ pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java (working copy)
@@ -106,6 +106,11 @@
"CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
""));
}
+ if (cert_request == null) {
+ CMS.debug("CertReqInput: populate - invalid certificate request");
+ throw new EProfileException(CMS.getUserMessage(
+ getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+ }
if (cert_request_type.equals(EnrollProfile.REQ_TYPE_PKCS10)) {
PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), cert_request);
More information about the Pki-devel
mailing list