Add EngineConfig.getUseOAEPKeyWrap()

The EngineConfig.getUseOAEPKeyWrap() has been added to read
the keyWrap.useOAEP param from CS.cfg. All code that reads this
param has been modified to use this method.

base/ca/src/main/java/com/netscape/ca/KeyRetrieverRunner.java

@@ -54,7 +54,7 @@ public KeyRetrieverRunner(KeyRetriever keyRetriever, CertificateAuthority certif
         CAEngine engine = CAEngine.getInstance();
         CAEngineConfig cs = engine.getConfig();
         try {
-            this.useOAEPKeyWrap = cs.getBoolean("keyWrap.useOAEP",false);
+            this.useOAEPKeyWrap = cs.getUseOAEPKeyWrap();
         } catch (EBaseException e1) {
             throw new RuntimeException("Invalid value for keyWrap.useOAEP: " + e1);
         }

base/ca/src/main/java/com/netscape/cms/authentication/SharedSecret.java

@@ -186,7 +186,7 @@ public void init(
             mShrTokAttr = DEF_SharedToken_ATTR;
         }
 
-        boolean useOAEP = cs.getBoolean("keyWrap.useOAEP",false);
+        boolean useOAEP = cs.getUseOAEPKeyWrap();
         logger.debug(method + " keyWrap.useOAEP: " + useOAEP );
 
         if(useOAEP == true) {

base/ca/src/main/java/com/netscape/cms/profile/common/EnrollProfile.java

@@ -506,7 +506,7 @@ public void setPOPchallenge(Request req) throws EBaseException {
             String tokenName = cs.getString("cmc.token", CryptoUtil.INTERNAL_TOKEN_NAME);
             token = CryptoUtil.getCryptoToken(tokenName);
 
-            boolean useOAEP = cs.getBoolean("keyWrap.useOAEP",false);
+            boolean useOAEP = cs.getUseOAEPKeyWrap();
 
             byte[] iv = CryptoUtil.getNonceData(EncryptionAlgorithm.AES_128_CBC.getIVLength());
             IVParameterSpec ivps = new IVParameterSpec(iv);
@@ -1317,7 +1317,7 @@ private BigInteger verifyDecryptedPOP(Locale locale,
             token = CryptoUtil.getKeyStorageToken(tokenName);
 
             KeyWrapAlgorithm wrapAlg = KeyWrapAlgorithm.RSA;
-            boolean useOAEP = cs.getBoolean("keyWrap.useOAEP", false);
+            boolean useOAEP = cs.getUseOAEPKeyWrap();
             if (useOAEP) {
                 wrapAlg = KeyWrapAlgorithm.RSA_OAEP;
             }

base/ca/src/main/java/com/netscape/cms/profile/def/ServerKeygenUserKeyDefault.java

@@ -326,7 +326,7 @@ public void populate(Request request, X509CertInfo info)
                         EncryptionAlgorithm.AES_128_CBC_PAD;
 
                 CAEngineConfig caCfg = engine.getConfig();
-                boolean useOAEP = caCfg.getBoolean("keyWrap.useOAEP",false);
+                boolean useOAEP = caCfg.getUseOAEPKeyWrap();
 
                 KeyWrapAlgorithm wrapAlgorithm = KeyWrapAlgorithm.RSA;
                 if(useOAEP == true) {

base/ca/src/main/java/org/dogtagpki/server/rest/CAInfoService.java

@@ -218,7 +218,7 @@ private static String getCaRsaPublicKeyWrapAlgorithm() throws EBaseException {
         CAEngine engine = CAEngine.getInstance();
         CAEngineConfig cs = engine.getConfig();
 
-        boolean useOAEP = cs.getBoolean("keyWrap.useOAEP", false);
+        boolean useOAEP = cs.getUseOAEPKeyWrap();
 
         return useOAEP ? "RSA_OAEP" : "RSA";
     }

base/kra/src/main/java/com/netscape/kra/NetkeyKeygenService.java

@@ -168,7 +168,7 @@ public boolean serviceRequest(Request request)
         KRAEngineConfig configStore = engine.getConfig();
         boolean allowEncDecrypt_archival = configStore.getBoolean("kra.allowEncDecrypt.archival", false);
 
-        boolean useOAEPKeyWrap = configStore.getBoolean("keyWrap.useOAEP",false);
+        boolean useOAEPKeyWrap = configStore.getUseOAEPKeyWrap();
         wrapped_des_key = null;
         boolean archive = true;
         byte[] publicKeyData = null;

base/kra/src/main/java/com/netscape/kra/RecoveryService.java

@@ -157,7 +157,7 @@ public boolean serviceRequest(Request request) throws EBaseException {
             cm = CryptoManager.getInstance();
             config = engine.getConfig();
             tokName = config.getString("kra.storageUnit.hardware", CryptoUtil.INTERNAL_TOKEN_NAME);
-            boolean useOAEPKeyWrap = config.getBoolean("keyWrap.useOAEP",false);
+            boolean useOAEPKeyWrap = config.getUseOAEPKeyWrap();
 
             // default to "KRA transport certificate" would require one to
             // change the nickname for existing KRA transport cert

base/kra/src/main/java/com/netscape/kra/SecurityDataProcessor.java

@@ -109,7 +109,7 @@ public boolean archive(Request request)
         try {
             config = engine.getConfig();
             allowEncDecrypt_archival = config.getBoolean("kra.allowEncDecrypt.archival", false);
-            useOAEPKeyWrap = config.getBoolean("keyWrap.useOAEP", false);
+            useOAEPKeyWrap = config.getUseOAEPKeyWrap();
         } catch (Exception e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
         }
@@ -380,7 +380,7 @@ public boolean recover(Request request)
         try {
             config = engine.getConfig();
             allowEncDecrypt_recovery = config.getBoolean("kra.allowEncDecrypt.recovery", false);
-            useOAEPKeyWrap = config.getBoolean("keyWrap.useOAEP", false);
+            useOAEPKeyWrap = config.getUseOAEPKeyWrap();
         } catch (Exception e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
         }

base/kra/src/main/java/com/netscape/kra/StorageKeyUnit.java

@@ -242,7 +242,7 @@ public void init(ConfigStore config, boolean keySplitting)
         KRAEngineConfig kraCfg = null;
         kraCfg  = engine.getConfig();
 
-        useOAEPKeyWrap = kraCfg.getBoolean("keyWrap.useOAEP",false);
+        useOAEPKeyWrap = kraCfg.getUseOAEPKeyWrap();
         logger.debug("StorageKeyUnit.init: keyWrap.useOAEP" + useOAEPKeyWrap);
         try {
             mManager = CryptoManager.getInstance();

base/kra/src/main/java/com/netscape/kra/TokenKeyRecoveryService.java

@@ -198,7 +198,7 @@ public synchronized boolean serviceRequest(Request request) throws EBaseExceptio
         try {
             config = engine.getConfig();
             allowEncDecrypt_recovery = config.getBoolean("kra.allowEncDecrypt.recovery", false);
-            useOAEPKeyWrap = config.getBoolean("keyWrap.useOAEP",false);
+            useOAEPKeyWrap = config.getUseOAEPKeyWrap();
         } catch (Exception e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
         }

base/kra/src/main/java/com/netscape/kra/TransportKeyUnit.java

@@ -91,7 +91,7 @@ public void init(ConfigStore config) throws EBaseException {
             KRAEngineConfig kraCfg = null;
             kraCfg  = engine.getConfig();
 
-            boolean useOAEPKeyWrap = kraCfg.getBoolean("keyWrap.useOAEP",false);
+            boolean useOAEPKeyWrap = kraCfg.getUseOAEPKeyWrap();
             logger.debug("TransportKeyUnit: keyWrap.useOAEP:  " + useOAEPKeyWrap);
             if(useOAEPKeyWrap == true) {
                 this.rsaKeyWrapAlg = KeyWrapAlgorithm.RSA_OAEP;

base/kra/src/main/java/org/dogtagpki/server/rest/KRAInfoService.java

@@ -120,7 +120,7 @@ String getRsaPublicKeyWrapAlgorithm() throws EBaseException {
         KRAEngine engine = KRAEngine.getInstance();
         KRAEngineConfig cs = engine.getConfig();
 
-        boolean useOAEP = cs.getBoolean("keyWrap.useOAEP", false);
+        boolean useOAEP = cs.getUseOAEPKeyWrap();
 
         return useOAEP ? "RSA_OAEP" : "RSA";
     }

base/server/src/main/java/com/netscape/cmscore/apps/EngineConfig.java

@@ -141,4 +141,11 @@ public JobsSchedulerConfig getJobsSchedulerConfig() {
     public LoggingConfig getLoggingConfig() {
         return getSubStore("log", LoggingConfig.class);
     }
+
+    /**
+     * Returns keyWrap.useOAEP parameter.
+     */
+    public boolean getUseOAEPKeyWrap() throws EBaseException {
+        return getBoolean("keyWrap.useOAEP", false);
+    }
 }

base/tks/src/main/java/org/dogtagpki/server/tks/servlet/TokenServlet.java

@@ -663,7 +663,7 @@ private void processComputeSessionKeySCP02(HttpServletRequest req, HttpServletRe
                         keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.AES_ECB);
                         keyWrapper.initWrap(pubKey, null);
                     } else {
-                        boolean useOAEP = config.getBoolean("keyWrap.useOAEP",false);
+                        boolean useOAEP = config.getUseOAEPKeyWrap();
                         KeyWrapAlgorithm wrapAlg = KeyWrapAlgorithm.RSA;
                         if(useOAEP == true) {
                             wrapAlg = KeyWrapAlgorithm.RSA_OAEP;
@@ -1237,7 +1237,7 @@ private void processComputeSessionKey(HttpServletRequest req,
                             keyWrapper.initWrap(pubKey, null);
                         } else {
 
-                            boolean useOAEP = config.getBoolean("keyWrap.useOAEP",false);
+                            boolean useOAEP = config.getUseOAEPKeyWrap();
                             KeyWrapAlgorithm wrapAlg = KeyWrapAlgorithm.RSA;
                             if(useOAEP == true) {
                                 wrapAlg = KeyWrapAlgorithm.RSA_OAEP;
@@ -3147,7 +3147,7 @@ private ArrayList<String> calculateServerSideKeygenValues(String useSoftToken, S
                 keyWrapper.initWrap(pubKey, null);
             } else {
 
-                boolean useOAEP = config.getBoolean("keyWrap.useOAEP",false);
+                boolean useOAEP = config.getUseOAEPKeyWrap();
                 KeyWrapAlgorithm wrapAlg = KeyWrapAlgorithm.RSA;
                 if(useOAEP == true) {
                     wrapAlg = KeyWrapAlgorithm.RSA_OAEP;