Bug 804257

Summary: Replace deprecated JSS method/class calls in PKI 'master' GIT repo . . .
Product: [Retired] Dogtag Certificate System Reporter: Matthew Harmsen <mharmsen>
Component: JSSAssignee: Christina Fu <cfu>
Status: CLOSED EOL QA Contact: Ben Levenson <benl>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 10.0CC: alee, dpal, edewata, jmagne, mharmsen, nkinder, rrelyea
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-27 18:37:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 530474    

Description Matthew Harmsen 2012-03-17 02:42:08 UTC 
Description of problem:

While wading through deprecated classes/methods in JSS, the following issues were discovered in Dogtag 10 GIT 'master' that PROBABLY need to be REPLACED:

(1) getUniqueID()

    ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/PrivateKey.java

        /**
         * Returns the unique ID of this key.  Unique IDs can be used to match
         * certificates to keys.
         *
         * @see org.mozilla.jss.crypto.TokenCertificate#getUniqueID
         * @deprecated This ID is based on an implementation that might change.
         *      If this functionality is required, it should be provided in
         *      another way, such as a function that directly matches a cert and
         *      key.
         */
        public byte[] getUniqueID() throws TokenException;

    ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/TokenCertificate.java

        /**
         * Returns the unique ID of this key.  Unique IDs can be used to match
         * certificates to keys.
         *
         * @see org.mozilla.jss.crypto.PrivateKey#getUniqueID
         * @deprecated This ID is based on an implementation that might change.
         *      If this functionality is required, it should be provided in
         *      another way, such as a function that directly matches a cert and
         *      key.
         */
        public abstract byte[] getUniqueID();

     pkigit 'master':

        # find . -exec grep getUniqueID /dev/null {} \;
        ./pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java:
                str = CryptoUtil.byte2string(privKey.getUniqueID());
        ./pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java:
            byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
        ./pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java:
            byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
        ./pki/base/java-tools/src/com/netscape/cmstools/DRMTool.java:
                if (arraysEqual(pk[i].getUniqueID(),
        ./pki/base/java-tools/src/com/netscape/cmstools/DRMTool.java:
                                    mUnwrapCert).getUniqueID())) {
        ./pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java:
                    if (arraysEqual(pk[i].getUniqueID(),
        ./pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java:
                            ((TokenCertificate) mCert).getUniqueID())) {
        ./pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java:
                    if (arraysEqual(pk[i].getUniqueID(),
        ./pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java:
                            ((TokenCertificate) mCert).getUniqueID())) {
        ./pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java:
                    if (compare(keys[i].getUniqueID(), id)) {




(2) getParameterClass()

    ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.java

        /**
         * The type of parameter that this algorithm expects.  Returns
         *   <code>null</code> if this algorithm does not take any parameters.
         * If the algorithm can accept more than one type of parameter,
         *   this method returns only one of them. It is better to call
         *   <tt>getParameterClasses()</tt>.
         * @deprecated Call <tt>getParameterClasses()</tt> instead.
         */
        public Class getParameterClass() {

    pkigit 'master':

        # find . -exec grep getParameterClass /dev/null {} \;
        ./pki/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java:
        if (encAlg.getParameterClass().equals(IVParameterSpec.class)) {
        ./pki/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java:
        } else if (encAlg.getParameterClass().equals(




(3) BadPaddingException class

    ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/BadPaddingException.java

        /**
         * @deprecated Use javax.crypto.BadPaddingException.
         */
        public class BadPaddingException extends Exception {

    pkigit 'master':

        # find . -exec grep BadPaddingException /dev/null {} \;
        ./pki/base/kra/functional/src/com/netscape/cms/servlet/test/GeneratePKIArchiveOptions.java:
        import org.mozilla.jss.crypto.BadPaddingException;
        ./pki/base/kra/functional/src/com/netscape/cms/servlet/test/GeneratePKIArchiveOptions.java:
            IllegalStateException, TokenException, IOException, IllegalBlockSizeException, BadPaddingException,
        ./pki/base/kra/src/com/netscape/kra/EncryptionUnit.java:
        import org.mozilla.jss.crypto.BadPaddingException;
        ./pki/base/kra/src/com/netscape/kra/EncryptionUnit.java:
        } catch (BadPaddingException e) {
        ./pki/base/kra/src/com/netscape/kra/EncryptionUnit.java:
        } catch (BadPaddingException e) {
        ./pki/base/kra/src/com/netscape/kra/EncryptionUnit.java:
        } catch (BadPaddingException e) {
        ./pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java:
        import org.mozilla.jss.crypto.BadPaddingException;
        ./pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java:
        } catch (BadPaddingException e) {
        ./pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java:
        } catch (BadPaddingException e) {
        ./pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java:
        import org.mozilla.jss.crypto.BadPaddingException;
        ./pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java:
            IllegalBlockSizeException, BadPaddingException {
        ./pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java:
            BadPaddingException,
        ./pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java:
            InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, IOException {
        ./pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java:
            BadPaddingException, InvalidBERException {
Comment 1 Matthew Harmsen 2012-03-30 22:34:20 UTC 
Previously,it had been suggested to replace calls to 'BadPaddingException' with 'javax.crypto.BadPaddingException'.

After further investigation, it appears that 'javax.crypto.BadPaddingException'
is related to JCA, and subsequently, we have determined that this JSS class
should be un-deprecated as well.

As a consequence of this, 'Bugzilla Bug #783007 - Un-deprecate previously deprecated methods in JSS 4.2.6 . . .' will be used to address this issue.