[Fix Bug 2251981] Part 3

For RSA key pair generation usage mask was set only if custom usage was provided. The check is removed and they are set in any case.
dogtagpki · Dec 20, 2023 · 8444e0e · 8444e0e
1 parent 15685d6
commit 8444e0e
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 6 deletions.
diff --git a/base/server/src/main/java/com/netscape/cms/servlet/csadmin/Configurator.java b/base/server/src/main/java/com/netscape/cms/servlet/csadmin/Configurator.java
@@ -326,7 +326,7 @@ public KeyPair createRSAKeyPair(String tag, CryptoToken token, String keySize, S
 
         int size = Integer.parseInt(keySize);
 
-        logger.error("Configurator.createRSAKeyPair: tag " + tag);
+        logger.info("Configurator.createRSAKeyPair: tag " + tag);
         KeyPair pair = null;
         do {
             KeyPairGeneratorSpi.Usage[] rsaUsage = null;

diff --git a/base/util/src/main/java/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/main/java/com/netscape/cmsutil/crypto/CryptoUtil.java
@@ -51,6 +51,7 @@
 import java.util.List;
 import java.util.StringTokenizer;
 import java.util.Vector;
+import java.util.stream.Stream;
 
 import javax.crypto.BadPaddingException;
 import javax.crypto.SecretKeyFactory;
@@ -665,11 +666,15 @@ public static KeyPair generateRSAKeyPair(CryptoToken token, int keysize, boolean
             org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages[],
             org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[]) throws Exception {
         KeyPairGenerator kg = token.getKeyPairGenerator(KeyPairAlgorithm.RSA);
-
-        if(usages != null) {
-            System.out.println("CryptoUtil: generateRSAKeyPair: calling kg.setKeyPairUsages");
-            kg.setKeyPairUsages(usages, usages_mask);
+        if(usages!=null) {
+            String usageList = String.join(",", Stream.of(usages).map(org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage::name).toArray(String[]::new));
+            logger.info("CryptoUtil: generateRSAKeyPair with key usage {}", usageList);
+        }
+        if(usages_mask!=null) {
+            String usageMaskList = String.join(",", Stream.of(usages_mask).map(org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage::name).toArray(String[]::new));
+            logger.info("CryptoUtil: generateRSAKeyPair with key usage {}", usageMaskList);
         }
+        kg.setKeyPairUsages(usages, usages_mask);
 
         if(extractable == true)
             kg.extractablePairs(true);
@@ -733,7 +738,14 @@ public static KeyPair generateECCKeyPair(
 
         KeyPairAlgorithm alg = KeyPairAlgorithm.EC;
         KeyPairGenerator keygen = token.getKeyPairGenerator(alg);
-
+        if(usage_ops!=null) {
+            String usageList = String.join(",", Stream.of(usage_ops).map(org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage::name).toArray(String[]::new));
+            logger.info("CryptoUtil: generateECCKeyPair with key usage {}", usageList);
+        }
+        if(usage_mask!=null) {
+            String usageMaskList = String.join(",", Stream.of(usage_mask).map(org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage::name).toArray(String[]::new));
+            logger.info("CryptoUtil: generateECCKeyPair with key usage {}", usageMaskList);
+        }
         keygen.setKeyPairUsages(usage_ops, usage_mask);
         keygen.initialize(keysize);
         keygen.setKeyPairUsages(usage_ops, usage_mask);