Fix OAEP config in CRSEnrollment.init()

Previously the CRSEnrollment.init() was trying to get the keyWrap.useOAEP param from the authority config, so it's actually trying to get a non-existent ca.keyWrap.useOAEP param. The code has been fixed to get the param from the engine config instead which should return the correct param.
dogtagpki · May 2, 2023 · a6e0b32 · a6e0b32
1 parent 3344ed2
commit a6e0b32
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/base/ca/src/main/java/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/base/ca/src/main/java/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java
@@ -48,6 +48,7 @@
 import org.dogtagpki.server.authentication.AuthToken;
 import org.dogtagpki.server.ca.CAConfig;
 import org.dogtagpki.server.ca.CAEngine;
+import org.dogtagpki.server.ca.CAEngineConfig;
 import org.mozilla.jss.CryptoManager;
 import org.mozilla.jss.NoSuchTokenException;
 import org.mozilla.jss.NotInitializedException;
@@ -260,6 +261,7 @@ public void init(ServletConfig sc) {
             crsCA = "ca";
 
         CAEngine engine = CAEngine.getInstance();
+        CAEngineConfig cs = engine.getConfig();
         JssSubsystem jssSubsystem = engine.getJSSSubsystem();
 
         mAuthority = (CertificateAuthority) engine.getSubsystem(crsCA);
@@ -273,7 +275,7 @@ public void init(ServletConfig sc) {
             CAConfig authorityConfig = mAuthority.getConfig();
             ConfigStore scepConfig = authorityConfig.getSubStore("scep", ConfigStore.class);
             mEnabled = scepConfig.getBoolean("enable", false);
-            mUseOAEPKeyWrap = authorityConfig.getBoolean("keyWrap.useOAEP",false);
+            mUseOAEPKeyWrap = cs.getBoolean("keyWrap.useOAEP", false);
             if (sc.getServletName().equals(SERVLET_NAME_DYN_PROFILE)) {
                 mIsDynamicProfileId = true;
                 logger.debug("CRSEnrollment: init: expecting dynamic ProfileId in URL");