|
|
cf0227 |
# HG changeset patch
|
|
|
cf0227 |
# User mbalao
|
|
|
cf0227 |
# Date 1630103180 -3600
|
|
|
cf0227 |
# Fri Aug 27 23:26:20 2021 +0100
|
|
|
cf0227 |
# Node ID b3bd3119fab9bc5adfd7073377aca12bb1af80b3
|
|
|
cf0227 |
# Parent c90394a76ee02a689f95199559d5724824b4b25e
|
|
|
cf0227 |
RH1996182: Login to the NSS Software Token in FIPS Mode
|
|
|
cf0227 |
|
|
|
cf0227 |
diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
|
|
|
cf0227 |
--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
|
|
|
cf0227 |
+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
|
|
|
cf0227 |
@@ -42,6 +42,8 @@
|
|
|
cf0227 |
import javax.security.auth.callback.PasswordCallback;
|
|
|
cf0227 |
import javax.security.auth.callback.TextOutputCallback;
|
|
|
cf0227 |
|
|
|
cf0227 |
+import sun.misc.SharedSecrets;
|
|
|
cf0227 |
+
|
|
|
cf0227 |
import sun.security.util.Debug;
|
|
|
cf0227 |
import sun.security.util.ResourcesMgr;
|
|
|
cf0227 |
|
|
|
cf0227 |
@@ -58,6 +60,9 @@
|
|
|
cf0227 |
*/
|
|
|
cf0227 |
public final class SunPKCS11 extends AuthProvider {
|
|
|
cf0227 |
|
|
|
cf0227 |
+ private static final boolean systemFipsEnabled = SharedSecrets
|
|
|
cf0227 |
+ .getJavaSecuritySystemConfiguratorAccess().isSystemFipsEnabled();
|
|
|
cf0227 |
+
|
|
|
cf0227 |
private static final long serialVersionUID = -1354835039035306505L;
|
|
|
cf0227 |
|
|
|
cf0227 |
static final Debug debug = Debug.getInstance("sunpkcs11");
|
|
|
cf0227 |
@@ -368,6 +373,24 @@
|
|
|
cf0227 |
if (nssModule != null) {
|
|
|
cf0227 |
nssModule.setProvider(this);
|
|
|
cf0227 |
}
|
|
|
cf0227 |
+ if (systemFipsEnabled) {
|
|
|
cf0227 |
+ // The NSS Software Token in FIPS 140-2 mode requires a user
|
|
|
cf0227 |
+ // login for most operations. See sftk_fipsCheck. The NSS DB
|
|
|
cf0227 |
+ // (/etc/pki/nssdb) PIN is empty.
|
|
|
cf0227 |
+ Session session = null;
|
|
|
cf0227 |
+ try {
|
|
|
cf0227 |
+ session = token.getOpSession();
|
|
|
cf0227 |
+ p11.C_Login(session.id(), CKU_USER, new char[] {});
|
|
|
cf0227 |
+ } catch (PKCS11Exception p11e) {
|
|
|
cf0227 |
+ if (debug != null) {
|
|
|
cf0227 |
+ debug.println("Error during token login: " +
|
|
|
cf0227 |
+ p11e.getMessage());
|
|
|
cf0227 |
+ }
|
|
|
cf0227 |
+ throw p11e;
|
|
|
cf0227 |
+ } finally {
|
|
|
cf0227 |
+ token.releaseSession(session);
|
|
|
cf0227 |
+ }
|
|
|
cf0227 |
+ }
|
|
|
cf0227 |
} catch (Exception e) {
|
|
|
cf0227 |
if (config.getHandleStartupErrors() == Config.ERR_IGNORE_ALL) {
|
|
|
cf0227 |
throw new UnsupportedOperationException
|