From 61f9c830bc47c574b1d58e017c2007bed788126c Mon Sep 17 00:00:00 2001
From: ludovicp <ludovicp@localhost>
Date: Mon, 05 Jul 2010 09:34:28 +0000
Subject: [PATCH] Fix issue #2448. Improves error messages with password storage schemes when attempting to set a key length greater than allowed by the "Strong juridiction" policy files.

---
 opends/src/messages/messages/core.properties                      |    3 +++
 opends/src/server/org/opends/server/crypto/CryptoManagerImpl.java |   12 +++++++++++-
 2 files changed, 14 insertions(+), 1 deletions(-)

diff --git a/opends/src/messages/messages/core.properties b/opends/src/messages/messages/core.properties
index 2038de5..eb43ec8 100644
--- a/opends/src/messages/messages/core.properties
+++ b/opends/src/messages/messages/core.properties
@@ -1834,3 +1834,6 @@
 MILD_ERR_RDN_MISSING_ATTRIBUTE_VALUE_727=Unable to decode the provided string "%s" \
  as a relative distinguished name because it does not contain a value \
  for attribute type %s
+MILD_ERR_CRYPTOMGR_INVALID_SYMMETRIC_KEY_LENGTH_728=CryptoManager failed to \
+ initialize because the specified cipher key length "%d" is beyond the \
+ allowed cryptography strength "%d" in jurisdiction policy files
diff --git a/opends/src/server/org/opends/server/crypto/CryptoManagerImpl.java b/opends/src/server/org/opends/server/crypto/CryptoManagerImpl.java
index 7e6a94c..039da6c 100644
--- a/opends/src/server/org/opends/server/crypto/CryptoManagerImpl.java
+++ b/opends/src/server/org/opends/server/crypto/CryptoManagerImpl.java
@@ -22,7 +22,7 @@
  * CDDL HEADER END
  *
  *
- *      Copyright 2006-2009 Sun Microsystems, Inc.
+ *      Copyright 2006-2010 Sun Microsystems, Inc.
  *      Portions Copyright 2009 Parametric Technology Corporation (PTC)
  */
 package org.opends.server.crypto;
@@ -1526,14 +1526,24 @@
     public SecretKeyEntry(final String algorithm, final int keyLengthBits)
     throws CryptoManagerException {
       KeyGenerator keyGen;
+      int maxAllowedKeyLengthBits;
       try {
         keyGen = KeyGenerator.getInstance(algorithm);
+        maxAllowedKeyLengthBits = Cipher.getMaxAllowedKeyLength(algorithm);
       }
       catch (NoSuchAlgorithmException ex) {
         throw new CryptoManagerException(
                ERR_CRYPTOMGR_INVALID_SYMMETRIC_KEY_ALGORITHM.get(
                        algorithm, getExceptionMessage(ex)), ex);
       }
+      //See if key length is beyond the permissible value.
+      if(maxAllowedKeyLengthBits < keyLengthBits)
+      {
+        throw new CryptoManagerException(
+                ERR_CRYPTOMGR_INVALID_SYMMETRIC_KEY_LENGTH.get(keyLengthBits,
+                maxAllowedKeyLengthBits));
+      }
+
       keyGen.init(keyLengthBits, secureRandom);
       final byte[] key = keyGen.generateKey().getEncoded();
 

--
Gitblit v1.10.0