Bug 804257 - Replace deprecated JSS method/class calls in PKI 'master' GIT repo . . .
Replace deprecated JSS method/class calls in PKI 'master' GIT repo . . .
Status: NEW
Product: Dogtag Certificate System
Classification: Community
Component: JSS (Show other bugs)
10.0
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Christina Fu
Ben Levenson
:
Depends On:
Blocks: 530474
  Show dependency treegraph
 
Reported: 2012-03-16 22:42 EDT by Matthew Harmsen
Modified: 2015-01-04 19:28 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Matthew Harmsen 2012-03-16 22:42:08 EDT
Description of problem:

While wading through deprecated classes/methods in JSS, the following issues were discovered in Dogtag 10 GIT 'master' that PROBABLY need to be REPLACED:

(1) getUniqueID()

    ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/PrivateKey.java

        /**
         * Returns the unique ID of this key.  Unique IDs can be used to match
         * certificates to keys.
         *
         * @see org.mozilla.jss.crypto.TokenCertificate#getUniqueID
         * @deprecated This ID is based on an implementation that might change.
         *      If this functionality is required, it should be provided in
         *      another way, such as a function that directly matches a cert and
         *      key.
         */
        public byte[] getUniqueID() throws TokenException;

    ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/TokenCertificate.java

        /**
         * Returns the unique ID of this key.  Unique IDs can be used to match
         * certificates to keys.
         *
         * @see org.mozilla.jss.crypto.PrivateKey#getUniqueID
         * @deprecated This ID is based on an implementation that might change.
         *      If this functionality is required, it should be provided in
         *      another way, such as a function that directly matches a cert and
         *      key.
         */
        public abstract byte[] getUniqueID();

     pkigit 'master':

        # find . -exec grep getUniqueID /dev/null {} \;
        ./pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java:
                str = CryptoUtil.byte2string(privKey.getUniqueID());
        ./pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java:
            byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
        ./pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java:
            byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
        ./pki/base/java-tools/src/com/netscape/cmstools/DRMTool.java:
                if (arraysEqual(pk[i].getUniqueID(),
        ./pki/base/java-tools/src/com/netscape/cmstools/DRMTool.java:
                                    mUnwrapCert).getUniqueID())) {
        ./pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java:
                    if (arraysEqual(pk[i].getUniqueID(),
        ./pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java:
                            ((TokenCertificate) mCert).getUniqueID())) {
        ./pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java:
                    if (arraysEqual(pk[i].getUniqueID(),
        ./pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java:
                            ((TokenCertificate) mCert).getUniqueID())) {
        ./pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java:
                    if (compare(keys[i].getUniqueID(), id)) {




(2) getParameterClass()

    ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.java

        /**
         * The type of parameter that this algorithm expects.  Returns
         *   <code>null</code> if this algorithm does not take any parameters.
         * If the algorithm can accept more than one type of parameter,
         *   this method returns only one of them. It is better to call
         *   <tt>getParameterClasses()</tt>.
         * @deprecated Call <tt>getParameterClasses()</tt> instead.
         */
        public Class getParameterClass() {

    pkigit 'master':

        # find . -exec grep getParameterClass /dev/null {} \;
        ./pki/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java:
        if (encAlg.getParameterClass().equals(IVParameterSpec.class)) {
        ./pki/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java:
        } else if (encAlg.getParameterClass().equals(




(3) BadPaddingException class

    ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/BadPaddingException.java

        /**
         * @deprecated Use javax.crypto.BadPaddingException.
         */
        public class BadPaddingException extends Exception {

    pkigit 'master':

        # find . -exec grep BadPaddingException /dev/null {} \;
        ./pki/base/kra/functional/src/com/netscape/cms/servlet/test/GeneratePKIArchiveOptions.java:
        import org.mozilla.jss.crypto.BadPaddingException;
        ./pki/base/kra/functional/src/com/netscape/cms/servlet/test/GeneratePKIArchiveOptions.java:
            IllegalStateException, TokenException, IOException, IllegalBlockSizeException, BadPaddingException,
        ./pki/base/kra/src/com/netscape/kra/EncryptionUnit.java:
        import org.mozilla.jss.crypto.BadPaddingException;
        ./pki/base/kra/src/com/netscape/kra/EncryptionUnit.java:
        } catch (BadPaddingException e) {
        ./pki/base/kra/src/com/netscape/kra/EncryptionUnit.java:
        } catch (BadPaddingException e) {
        ./pki/base/kra/src/com/netscape/kra/EncryptionUnit.java:
        } catch (BadPaddingException e) {
        ./pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java:
        import org.mozilla.jss.crypto.BadPaddingException;
        ./pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java:
        } catch (BadPaddingException e) {
        ./pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java:
        } catch (BadPaddingException e) {
        ./pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java:
        import org.mozilla.jss.crypto.BadPaddingException;
        ./pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java:
            IllegalBlockSizeException, BadPaddingException {
        ./pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java:
            BadPaddingException,
        ./pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java:
            InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, IOException {
        ./pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java:
            BadPaddingException, InvalidBERException {
Comment 1 Matthew Harmsen 2012-03-30 18:34:20 EDT
Previously,it had been suggested to replace calls to 'BadPaddingException' with 'javax.crypto.BadPaddingException'.

After further investigation, it appears that 'javax.crypto.BadPaddingException'
is related to JCA, and subsequently, we have determined that this JSS class
should be un-deprecated as well.

As a consequence of this, 'Bugzilla Bug #783007 - Un-deprecate previously deprecated methods in JSS 4.2.6 . . .' will be used to address this issue.

Note You need to log in before you can comment on or make changes to this bug.