Description of problem: While wading through deprecated classes/methods in JSS, the following issues were discovered in Dogtag 10 GIT 'master' that PROBABLY need to be REPLACED: (1) getUniqueID() ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/PrivateKey.java /** * Returns the unique ID of this key. Unique IDs can be used to match * certificates to keys. * * @see org.mozilla.jss.crypto.TokenCertificate#getUniqueID * @deprecated This ID is based on an implementation that might change. * If this functionality is required, it should be provided in * another way, such as a function that directly matches a cert and * key. */ public byte[] getUniqueID() throws TokenException; ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/TokenCertificate.java /** * Returns the unique ID of this key. Unique IDs can be used to match * certificates to keys. * * @see org.mozilla.jss.crypto.PrivateKey#getUniqueID * @deprecated This ID is based on an implementation that might change. * If this functionality is required, it should be provided in * another way, such as a function that directly matches a cert and * key. */ public abstract byte[] getUniqueID(); pkigit 'master': # find . -exec grep getUniqueID /dev/null {} \; ./pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java: str = CryptoUtil.byte2string(privKey.getUniqueID()); ./pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java: byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); ./pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java: byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); ./pki/base/java-tools/src/com/netscape/cmstools/DRMTool.java: if (arraysEqual(pk[i].getUniqueID(), ./pki/base/java-tools/src/com/netscape/cmstools/DRMTool.java: mUnwrapCert).getUniqueID())) { ./pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java: if (arraysEqual(pk[i].getUniqueID(), ./pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java: ((TokenCertificate) mCert).getUniqueID())) { ./pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java: if (arraysEqual(pk[i].getUniqueID(), ./pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java: ((TokenCertificate) mCert).getUniqueID())) { ./pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java: if (compare(keys[i].getUniqueID(), id)) { (2) getParameterClass() ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.java /** * The type of parameter that this algorithm expects. Returns * <code>null</code> if this algorithm does not take any parameters. * If the algorithm can accept more than one type of parameter, * this method returns only one of them. It is better to call * <tt>getParameterClasses()</tt>. * @deprecated Call <tt>getParameterClasses()</tt> instead. */ public Class getParameterClass() { pkigit 'master': # find . -exec grep getParameterClass /dev/null {} \; ./pki/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java: if (encAlg.getParameterClass().equals(IVParameterSpec.class)) { ./pki/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java: } else if (encAlg.getParameterClass().equals( (3) BadPaddingException class ./jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/BadPaddingException.java /** * @deprecated Use javax.crypto.BadPaddingException. */ public class BadPaddingException extends Exception { pkigit 'master': # find . -exec grep BadPaddingException /dev/null {} \; ./pki/base/kra/functional/src/com/netscape/cms/servlet/test/GeneratePKIArchiveOptions.java: import org.mozilla.jss.crypto.BadPaddingException; ./pki/base/kra/functional/src/com/netscape/cms/servlet/test/GeneratePKIArchiveOptions.java: IllegalStateException, TokenException, IOException, IllegalBlockSizeException, BadPaddingException, ./pki/base/kra/src/com/netscape/kra/EncryptionUnit.java: import org.mozilla.jss.crypto.BadPaddingException; ./pki/base/kra/src/com/netscape/kra/EncryptionUnit.java: } catch (BadPaddingException e) { ./pki/base/kra/src/com/netscape/kra/EncryptionUnit.java: } catch (BadPaddingException e) { ./pki/base/kra/src/com/netscape/kra/EncryptionUnit.java: } catch (BadPaddingException e) { ./pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java: import org.mozilla.jss.crypto.BadPaddingException; ./pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java: } catch (BadPaddingException e) { ./pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java: } catch (BadPaddingException e) { ./pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java: import org.mozilla.jss.crypto.BadPaddingException; ./pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java: IllegalBlockSizeException, BadPaddingException { ./pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java: BadPaddingException, ./pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java: InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, IOException { ./pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java: BadPaddingException, InvalidBERException {
Previously,it had been suggested to replace calls to 'BadPaddingException' with 'javax.crypto.BadPaddingException'. After further investigation, it appears that 'javax.crypto.BadPaddingException' is related to JCA, and subsequently, we have determined that this JSS class should be un-deprecated as well. As a consequence of this, 'Bugzilla Bug #783007 - Un-deprecate previously deprecated methods in JSS 4.2.6 . . .' will be used to address this issue.