Bug 804250

Summary:	CMC code uses deprecated code for DSA and ECC key types . . .
Product:	[Retired] Dogtag Certificate System	Reporter:	Matthew Harmsen <mharmsen>
Component:	ECC	Assignee:	Christina Fu <cfu>
Status:	CLOSED EOL	QA Contact:	Ben Levenson <benl>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	10.0	CC:	alee, dpal, jmagne, mharmsen, nkinder, rrelyea
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2020-03-27 18:37:27 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	530474

Description Matthew Harmsen 2012-03-17 00:59:22 UTC

Description of problem:

While wading through methods that have been deprecated by JSS, the following method was discovered:

    ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.java

         @deprecated This method works for RSA keys but not DSA or EC keys.
                     Use fromSPKI() instead.
         public static PK11PubKey fromRaw(PrivateKey.Type type, byte[] rawKey)
         throws InvalidKeyFormatException

In performing a top-level search for "fromRaw()" in Dogtag 10 (located on the GIT "master"):

    # find . -exec grep fromRaw /dev/null {} \;
    ./pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java:
    PK11PubKey pubK = PK11PubKey.fromRaw(keyType, ((X509Key) signKey).getKey());

    ./pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java:
    PK11PubKey pubK = PK11PubKey.fromRaw(kType, ((X509Key) pbKey).getKey());

    ./pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java:
    PK11PubKey.fromRaw(keyType,

    ./pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java:
    PK11PubKey pubK = PK11PubKey.fromRaw(