Bug 804250 - CMC code uses deprecated code for DSA and ECC key types . . .
CMC code uses deprecated code for DSA and ECC key types . . .
Status: NEW
Product: Dogtag Certificate System
Classification: Community
Component: ECC (Show other bugs)
10.0
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Christina Fu
Ben Levenson
:
Depends On:
Blocks: 530474
  Show dependency treegraph
 
Reported: 2012-03-16 20:59 EDT by Matthew Harmsen
Modified: 2015-01-04 19:28 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Matthew Harmsen 2012-03-16 20:59:22 EDT
Description of problem:

While wading through methods that have been deprecated by JSS, the following method was discovered:

    ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.java

         @deprecated This method works for RSA keys but not DSA or EC keys.
                     Use fromSPKI() instead.
         public static PK11PubKey fromRaw(PrivateKey.Type type, byte[] rawKey)
         throws InvalidKeyFormatException

In performing a top-level search for "fromRaw()" in Dogtag 10 (located on the GIT "master"):

    # find . -exec grep fromRaw /dev/null {} \;
    ./pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java:
    PK11PubKey pubK = PK11PubKey.fromRaw(keyType, ((X509Key) signKey).getKey());

    ./pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java:
    PK11PubKey pubK = PK11PubKey.fromRaw(kType, ((X509Key) pbKey).getKey());

    ./pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java:
    PK11PubKey.fromRaw(keyType,

    ./pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java:
    PK11PubKey pubK = PK11PubKey.fromRaw(

Note You need to log in before you can comment on or make changes to this bug.