summaryrefslogtreecommitdiffstats
path: root/base
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2012-03-28 18:29:19 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2012-03-30 12:29:36 -0500
commit70fdf22f76494a84b6cbef10598ed897a48f0798 (patch)
treea485bd6042097c219df845f83886cbd403d1c922 /base
parentc7437995ea2b9d1a67f73cce8b5705b7e77ac7ab (diff)
downloadpki-70fdf22f76494a84b6cbef10598ed897a48f0798.tar.gz
pki-70fdf22f76494a84b6cbef10598ed897a48f0798.tar.xz
pki-70fdf22f76494a84b6cbef10598ed897a48f0798.zip
Replaced deprecated PK11PubKey.fromRaw().
The deprecated fromRaw() method in PK11PubKey has been replaced with fromSPKI(). Ticket #3
Diffstat (limited to 'base')
-rw-r--r--base/common/src/com/netscape/cms/authentication/CMCAuth.java50
-rw-r--r--base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java28
-rw-r--r--base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java40
3 files changed, 38 insertions, 80 deletions
diff --git a/base/common/src/com/netscape/cms/authentication/CMCAuth.java b/base/common/src/com/netscape/cms/authentication/CMCAuth.java
index 06d4eaa0f..d15f445f3 100644
--- a/base/common/src/com/netscape/cms/authentication/CMCAuth.java
+++ b/base/common/src/com/netscape/cms/authentication/CMCAuth.java
@@ -28,7 +28,6 @@ package com.netscape.cms.authentication;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
-import java.io.OutputStream;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.PublicKey;
@@ -52,7 +51,6 @@ import org.mozilla.jss.asn1.OCTET_STRING;
import org.mozilla.jss.asn1.SEQUENCE;
import org.mozilla.jss.asn1.SET;
import org.mozilla.jss.crypto.DigestAlgorithm;
-import org.mozilla.jss.crypto.PrivateKey;
import org.mozilla.jss.pkcs10.CertificationRequest;
import org.mozilla.jss.pkcs11.PK11PubKey;
import org.mozilla.jss.pkix.cert.Certificate;
@@ -100,7 +98,7 @@ import com.netscape.cmsutil.util.Utils;
/**
* UID/CMC authentication plug-in
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
@@ -198,7 +196,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
/**
* Initializes the CMCAuth authentication plug-in.
* <p>
- *
+ *
* @param name The name for this authentication plug-in instance.
* @param implName The name of the authentication plug-in.
* @param config - The configuration store for this instance.
@@ -217,12 +215,12 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
* Authenticates user by their CMC;
* resulting AuthToken sets a TOKEN_SUBJECT for the subject name.
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY used when CMC (agent-pre-signed) cert
* requests or revocation requests are submitted and signature is verified
* </ul>
- *
+ *
* @param authCred Authentication credentials, CRED_UID and CRED_CMC.
* @return an AuthToken
* @exception com.netscape.certsrv.authentication.EMissingCredential
@@ -246,7 +244,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
try {
// get the CMC.
- Object argblock = (Object) (authCred.getArgBlock());
+ Object argblock = authCred.getArgBlock();
Object returnVal = null;
if (argblock == null) {
returnVal = authCred.get("cert_request");
@@ -682,7 +680,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
* The list is passed to the configuration console so instances of
* this implementation can be configured through the console.
* <p>
- *
+ *
* @return String array of configuration parameter names.
*/
public String[] getConfigParams() {
@@ -693,7 +691,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
* gets the configuration substore used by this authentication
* plug-in
* <p>
- *
+ *
* @return configuration store
*/
public IConfigStore getConfigStore() {
@@ -717,7 +715,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
/**
* get the list of required credentials.
* <p>
- *
+ *
* @return list of required credentials as strings.
*/
public String[] getRequiredCreds() {
@@ -737,7 +735,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
/**
* Activate the help system.
* <p>
- *
+ *
* @return help messages
*/
public String[] getExtendedPluginInfo() {
@@ -758,7 +756,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
/**
* Logs a message for this class in the system log file.
* <p>
- *
+ *
* @param level The log level.
* @param msg The message to log.
* @see com.netscape.certsrv.logging.ILogger
@@ -807,13 +805,13 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
org.mozilla.jss.pkix.cms.SignerInfo si = (org.mozilla.jss.pkix.cms.SignerInfo) sis.elementAt(i);
String name = si.getDigestAlgorithm().toString();
- byte[] digest = (byte[]) digs.get(name);
+ byte[] digest = digs.get(name);
if (digest == null) {
MessageDigest md = MessageDigest.getInstance(name);
ByteArrayOutputStream ostream = new ByteArrayOutputStream();
- pkiData.encode((OutputStream) ostream);
+ pkiData.encode(ostream);
digest = md.digest(ostream.toByteArray());
}
@@ -862,15 +860,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
si.verify(digest, id);
} else {
PublicKey signKey = cert.getPublicKey();
- PrivateKey.Type keyType = null;
- String alg = signKey.getAlgorithm();
-
- if (alg.equals("RSA")) {
- keyType = PrivateKey.RSA;
- } else if (alg.equals("DSA")) {
- keyType = PrivateKey.DSA;
- }
- PK11PubKey pubK = PK11PubKey.fromRaw(keyType, ((X509Key) signKey).getKey());
+ PK11PubKey pubK = PK11PubKey.fromSPKI(((X509Key) signKey).getKey());
CMS.debug("CMCAuth: verifying signature with public key");
si.verify(digest, id, pubK);
@@ -891,7 +881,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
IAuthToken tempToken = agentAuth.authenticate(agentCred);
netscape.security.x509.X500Name tempPrincipal = (X500Name) x509Certs[0].getSubjectDN();
- String CN = (String) tempPrincipal.getCommonName();//tempToken.get("userid");
+ String CN = tempPrincipal.getCommonName(); //tempToken.get("userid");
BigInteger agentCertSerial = x509Certs[0].getSerialNumber();
authToken.set(IAuthManager.CRED_SSL_CLIENT_CERT, agentCertSerial.toString());
@@ -905,7 +895,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
// find from certDB
si.verify(digest, id);
- } //
+ } //
}
} catch (InvalidBERException e) {
CMS.debug("CMCAuth: " + e.toString());
@@ -914,7 +904,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
} catch (Exception e) {
throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
- return (IAuthToken) null;
+ return null;
}
@@ -979,10 +969,10 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
/**
* Signed Audit Log
- *
+ *
* This method is called to store messages to the signed audit log.
* <P>
- *
+ *
* @param msg signed audit log message
*/
private void audit(String msg) {
@@ -1002,11 +992,11 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
/**
* Signed Audit Log Subject ID
- *
+ *
* This method is called to obtain the "SubjectID" for
* a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message SubjectID
*/
private String auditSubjectID() {
diff --git a/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java b/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java
index 38fcf24f9..f1320f44a 100644
--- a/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java
+++ b/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java
@@ -53,7 +53,6 @@ import org.mozilla.jss.asn1.SEQUENCE;
import org.mozilla.jss.asn1.SET;
import org.mozilla.jss.asn1.UTF8String;
import org.mozilla.jss.crypto.DigestAlgorithm;
-import org.mozilla.jss.crypto.PrivateKey;
import org.mozilla.jss.crypto.SignatureAlgorithm;
import org.mozilla.jss.pkcs11.PK11PubKey;
import org.mozilla.jss.pkix.cert.Certificate;
@@ -93,7 +92,7 @@ import com.netscape.certsrv.request.RequestStatus;
/**
* Utility CMCOutputTemplate
- *
+ *
* @version $ $, $Date$
*/
public class CMCOutputTemplate {
@@ -420,7 +419,7 @@ public class CMCOutputTemplate {
ByteArrayOutputStream ostream = new ByteArrayOutputStream();
- respBody.encode((OutputStream) ostream);
+ respBody.encode(ostream);
digest = msgDigest.digest(ostream.toByteArray());
SignerInfo signInfo = new
@@ -532,7 +531,7 @@ public class CMCOutputTemplate {
CMCCertId cmcCertId =
(CMCCertId) (ASN1Util.decode(CMCCertId.getTemplate(),
ASN1Util.encode(values.elementAt(0))));
- BigInteger serialno = (BigInteger) (cmcCertId.getSerial());
+ BigInteger serialno = cmcCertId.getSerial();
SEQUENCE issuers = cmcCertId.getIssuer();
//ANY issuer = (ANY)issuers.elementAt(0);
ANY issuer =
@@ -546,8 +545,7 @@ public class CMCOutputTemplate {
boolean confirmAccepted = false;
if (n.toString().equalsIgnoreCase(caName.toString())) {
CMS.debug("CMCOutputTemplate: Issuer names are equal");
- ICertificateRepository repository =
- (ICertificateRepository) ca.getCertificateRepository();
+ ICertificateRepository repository = ca.getCertificateRepository();
try {
repository.getX509Certificate(serialno);
} catch (EBaseException ee) {
@@ -590,8 +588,8 @@ public class CMCOutputTemplate {
GetCert getCert =
(GetCert) (ASN1Util.decode(GetCert.getTemplate(),
ASN1Util.encode(vals.elementAt(0))));
- BigInteger serialno = (BigInteger) (getCert.getSerialNumber());
- ANY issuer = (ANY) getCert.getIssuer();
+ BigInteger serialno = getCert.getSerialNumber();
+ ANY issuer = getCert.getIssuer();
byte b[] = issuer.getEncoded();
X500Name n = new X500Name(b);
ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
@@ -601,7 +599,7 @@ public class CMCOutputTemplate {
throw new EBaseException("Certificate is not found");
}
ICertificateRepository repository =
- (ICertificateRepository) ca.getCertificateRepository();
+ ca.getCertificateRepository();
X509CertImpl impl = repository.getX509Certificate(serialno);
byte[] bin = impl.getEncoded();
Certificate.Template certTemplate = new Certificate.Template();
@@ -795,7 +793,7 @@ public class CMCOutputTemplate {
}
revoke = true;
- // check shared secret
+ // check shared secret
} else {
ISharedToken tokenClass = null;
boolean sharedSecretFound = true;
@@ -878,7 +876,7 @@ public class CMCOutputTemplate {
if (revoke) {
ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
- ICertificateRepository repository = (ICertificateRepository) ca.getCertificateRepository();
+ ICertificateRepository repository = ca.getCertificateRepository();
ICertRecord record = null;
try {
record = repository.readCertificateRecord(revokeSerial);
@@ -1060,7 +1058,7 @@ public class CMCOutputTemplate {
if (digest == null) {
MessageDigest md = MessageDigest.getInstance(name);
ByteArrayOutputStream ostream = new ByteArrayOutputStream();
- revRequest.encode((OutputStream) ostream);
+ revRequest.encode(ostream);
digest = md.digest(ostream.toByteArray());
}
SignerIdentifier sid = si.getSignerIdentifier();
@@ -1092,11 +1090,7 @@ public class CMCOutputTemplate {
if (cert != null) {
PublicKey pbKey = cert.getPublicKey();
- String type = ((X509Key) pbKey).getAlgorithm();
- PrivateKey.Type kType = PrivateKey.RSA;
- if (type.equals("DSA"))
- kType = PrivateKey.DSA;
- PK11PubKey pubK = PK11PubKey.fromRaw(kType, ((X509Key) pbKey).getKey());
+ PK11PubKey pubK = PK11PubKey.fromSPKI(((X509Key) pbKey).getKey());
si.verify(digest, ci.getContentType(), pubK);
return true;
}
diff --git a/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java b/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java
index 53c13510d..f9b5b3f0f 100644
--- a/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java
+++ b/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java
@@ -20,7 +20,6 @@ package com.netscape.cms.servlet.processors;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
-import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.PublicKey;
@@ -43,7 +42,6 @@ import org.mozilla.jss.asn1.OCTET_STRING;
import org.mozilla.jss.asn1.SEQUENCE;
import org.mozilla.jss.asn1.SET;
import org.mozilla.jss.crypto.DigestAlgorithm;
-import org.mozilla.jss.crypto.PrivateKey;
import org.mozilla.jss.pkcs10.CertificationRequest;
import org.mozilla.jss.pkcs11.PK11PubKey;
import org.mozilla.jss.pkix.cert.Certificate;
@@ -74,7 +72,7 @@ import com.netscape.cms.servlet.common.ECMSGWException;
/**
* Process CMC messages according to RFC 2797
* See http://www.ietf.org/rfc/rfc2797.txt
- *
+ *
* @version $Revision$, $Date$
*/
public class CMCProcessor extends PKIProcessor {
@@ -228,13 +226,13 @@ public class CMCProcessor extends PKIProcessor {
sis.elementAt(i);
String name = si.getDigestAlgorithm().toString();
- byte[] digest = (byte[]) digs.get(name);
+ byte[] digest = digs.get(name);
if (digest == null) {
MessageDigest md = MessageDigest.getInstance(name);
ByteArrayOutputStream ostream = new ByteArrayOutputStream();
- pkiData.encode((OutputStream) ostream);
+ pkiData.encode(ostream);
digest = md.digest(ostream.toByteArray());
}
@@ -282,19 +280,7 @@ public class CMCProcessor extends PKIProcessor {
si.verify(digest, id);
} else {
PublicKey signKey = cert.getPublicKey();
- PrivateKey.Type keyType = null;
- String alg = signKey.getAlgorithm();
-
- if (alg.equals("RSA")) {
- keyType = PrivateKey.RSA;
- } else if (alg.equals("DSA")) {
- keyType = PrivateKey.DSA;
- } else {
- }
- PK11PubKey pubK =
- PK11PubKey.fromRaw(keyType,
- ((X509Key) signKey).getKey());
-
+ PK11PubKey pubK = PK11PubKey.fromSPKI(((X509Key) signKey).getKey());
si.verify(digest, id, pubK);
}
@@ -322,19 +308,7 @@ public class CMCProcessor extends PKIProcessor {
throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR",
"SubjectKeyIdentifier in SignerInfo does not match any publicKey in the request."));
} else {
- PrivateKey.Type keyType = null;
- String alg = signKey.getAlgorithm();
-
- if (alg.equals("RSA")) {
- keyType = PrivateKey.RSA;
- } else if (alg.equals("DSA")) {
- keyType = PrivateKey.DSA;
- } else {
- }
- PK11PubKey pubK = PK11PubKey.fromRaw(
- keyType,
- ((X509Key) signKey).getKey());
-
+ PK11PubKey pubK = PK11PubKey.fromSPKI(((X509Key) signKey).getKey());
si.verify(digest, id, pubK);
}
}
@@ -362,7 +336,7 @@ public class CMCProcessor extends PKIProcessor {
for (int j = 0; j < numVals; j++) {
ANY val = (ANY)
values.elementAt(j);
- INTEGER transId = (INTEGER) ((ANY) val).decodeWith(
+ INTEGER transId = (INTEGER) val.decodeWith(
INTEGER.getTemplate());
if (transId != null) {
@@ -380,7 +354,7 @@ public class CMCProcessor extends PKIProcessor {
ANY val = (ANY)
values.elementAt(j);
OCTET_STRING nonce = (OCTET_STRING)
- ((ANY) val).decodeWith(OCTET_STRING.getTemplate());
+ val.decodeWith(OCTET_STRING.getTemplate());
if (nonce != null) {
vals[j] = new String(nonce.toByteArray());