Bug 480111 - Applet changes needed for Safenet 330J
Summary: Applet changes needed for Safenet 330J
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Dogtag Certificate System
Classification: Retired
Component: TPS
Version: 1.0
Hardware: All
OS: All
high
high
Target Milestone: ---
Assignee: Jack Magne
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 443788
TreeView+ depends on / blocked
 
Reported: 2009-01-15 04:42 UTC by Jack Magne
Modified: 2015-01-04 23:35 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-07-22 23:31:08 UTC
Embargoed:


Attachments (Terms of Use)
Patch to allow the safenet token to enroll. (2.68 KB, patch)
2009-01-15 04:44 UTC, Jack Magne
no flags Details | Diff
Actual patch to work around this problem (2.53 KB, patch)
2009-01-15 04:53 UTC, Jack Magne
no flags Details | Diff

Description Jack Magne 2009-01-15 04:42:39 UTC
Description of problem:

Performing an enrollment with the Safenet 330J token does not work. The enrollment process blows up in random places leading us to a resource issue.




Additional info:

It turns out that we are using too much volatile memory.
The following attachment will contain some code to work around this problem for this token.

Comment 1 Jack Magne 2009-01-15 04:43:53 UTC
To clarify, the resource problem takes place in the applet component of TPS.

Comment 2 Jack Magne 2009-01-15 04:44:41 UTC
Created attachment 329063 [details]
Patch to allow the safenet token to enroll.

Comment 3 Jack Magne 2009-01-15 04:53:53 UTC
Created attachment 329066 [details]
Actual patch to work around this problem

Comment 4 Jack Magne 2009-01-15 04:54:41 UTC
rrelyea can you review 329066?

Comment 5 Bob Relyea 2009-01-21 18:57:37 UTC
Comment on attachment 329066 [details]
Actual patch to work around this problem

r+ with the following caveat.

This patch should only be used for the Safenet 330J, and here's why:

This moves the iobuf from volatile to non-volatile memory. This has the following downsides:

1) access to non-volatile memory is expensive. We use iobuf as a temp in many places, including signing, so this can affect the performance of the card (you may notice enrollment is a bit slower, as well as signing).

2) bigger issue: non-volatile memory only has a limitted number of write cycles. Each write reduces the overall lifetime of the card. IOBUF is a scratch area that is written to every time you do a signature.

This patch should be checked in as a branch and applets produced for it should only apply to this card. In addition we should recommend that the vendor create cards with more Transient memory for any deployment if possible.

bob

Comment 6 Jack Magne 2009-01-24 00:54:42 UTC
Checking in CardEdge.java;
/cvs/dirsec/coolkey/applet/src/com/redhat/ckey/applet/CardEdge.java,v  <--  CardEdge.java
new revision: 1.4.2.1; previous revision: 1.4

Comment 7 Asha Akkiangady 2009-06-10 18:15:22 UTC
Verified.

Tested enrollment with applet upgrade from version 1.3.44724DDE to 1.4.499dc06c on Safenet 330J, works fine.  We have a separate bug for the applet downgrade issue (https://bugzilla.redhat.com/show_bug.cgi?id=493211).


Note You need to log in before you can comment on or make changes to this bug.