Resolve: pkispawn does not change default ecc key size from nistp256 …

…when nistp384 is specified in spawn config Ticket #2552. This fix turned out simple. The client was correctly setting the required data, but it was putting the curveName in the "keySize" field of the SystemCertData object sent to the back end. The configuration routine was trying to find the name in the "curveName" field when its really in the "keySize" field. This issue is restricted to the ECC case. It is fine to simply fix this in the server, since the "keySize" is a string anyway and it makes decent sense.
dogtagpki · Dec 9, 2016 · ae350a3 · ae350a3
1 parent e84e4a3
commit ae350a3
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
@@ -34,6 +34,8 @@
 import javax.ws.rs.core.Request;
 import javax.ws.rs.core.UriInfo;
 
+import netscape.security.x509.X509CertImpl;
+
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang.mutable.MutableBoolean;
 import org.mozilla.jss.CryptoManager;
@@ -66,8 +68,6 @@
 import com.netscape.cmsutil.crypto.CryptoUtil;
 import com.netscape.cmsutil.util.Utils;
 
-import netscape.security.x509.X509CertImpl;
-
 /**
  * @author alee
  *
@@ -453,8 +453,8 @@ public void processCert(
 
         } else if (!request.getStepTwo()) {
             if (keytype.equals("ecc")) {
-                String curvename = certData.getKeyCurveName() != null ?
-                        certData.getKeyCurveName() : cs.getString("keys.ecc.curve.default");
+                String curvename = certData.getKeySize() != null ?
+                        certData.getKeySize() : cs.getString("keys.ecc.curve.default");
                 cs.putString("preop.cert." + tag + ".curvename.name", curvename);
                 ConfigurationUtils.createECCKeyPair(token, curvename, cs, tag);