Fix OAEP config in CRSEnrollment

Previously the CRSEnrollment was trying to get the keyWrap.useOAEP param from the authority config, but it's actually reading a non-existent ca.keyWrap.useOAEP param. To fix the problem the code has been modified to call the EngineConfig.getUseOAEPKeyWrap().
dogtagpki · May 3, 2023 · 955856b · 955856b
1 parent e9f5e07
commit 955856b
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/base/ca/src/main/java/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/base/ca/src/main/java/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java
@@ -48,6 +48,7 @@
 import org.dogtagpki.server.authentication.AuthToken;
 import org.dogtagpki.server.ca.CAConfig;
 import org.dogtagpki.server.ca.CAEngine;
+import org.dogtagpki.server.ca.CAEngineConfig;
 import org.mozilla.jss.CryptoManager;
 import org.mozilla.jss.NoSuchTokenException;
 import org.mozilla.jss.NotInitializedException;
@@ -260,6 +261,7 @@ public void init(ServletConfig sc) {
             crsCA = "ca";
 
         CAEngine engine = CAEngine.getInstance();
+        CAEngineConfig cs = engine.getConfig();
         JssSubsystem jssSubsystem = engine.getJSSSubsystem();
 
         mAuthority = (CertificateAuthority) engine.getSubsystem(crsCA);
@@ -273,7 +275,7 @@ public void init(ServletConfig sc) {
             CAConfig authorityConfig = mAuthority.getConfig();
             ConfigStore scepConfig = authorityConfig.getSubStore("scep", ConfigStore.class);
             mEnabled = scepConfig.getBoolean("enable", false);
-            mUseOAEPKeyWrap = authorityConfig.getBoolean("keyWrap.useOAEP",false);
+            mUseOAEPKeyWrap = cs.getUseOAEPKeyWrap();
             if (sc.getServletName().equals(SERVLET_NAME_DYN_PROFILE)) {
                 mIsDynamicProfileId = true;
                 logger.debug("CRSEnrollment: init: expecting dynamic ProfileId in URL");