Formatting (no line wrap in comments or code)

author: Ade Lee <alee@redhat.com> 2012-01-11 12:57:53 -0500
committer: Ade Lee <alee@redhat.com> 2012-01-11 13:49:04 -0500
commit: 10cfe7756e967ac91c66d33b392aeab9cf3780fb (patch)
tree: d5ac9b58442265d2ce5ef60e31f041ddacba1b4f /pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java
parent: edcb24f65cc3700e75d0a1d14dc2483f210b0ee4 (diff)
download: pki-10cfe7756e967ac91c66d33b392aeab9cf3780fb.tar.gz
pki-10cfe7756e967ac91c66d33b392aeab9cf3780fb.tar.xz
pki-10cfe7756e967ac91c66d33b392aeab9cf3780fb.zip
1 files changed, 66 insertions, 65 deletions
diff --git a/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java
index 3092d00a1..8a2a43ab4 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 import java.security.Principal;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
@@ -47,15 +46,14 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.usrgrp.Certificates;
 
-
 /**
- * Certificate server SSL client authentication.  
- *
+ * Certificate server SSL client authentication.
+ * 
  * @author Christina Fu
- * <P>
- *
+ *         <P>
+ * 
  */
-public class SSLclientCertAuthentication implements IAuthManager, 
+public class SSLclientCertAuthentication implements IAuthManager,
         IProfileAuthenticator {
 
     /* result auth token attributes */
@@ -86,19 +84,19 @@ public class SSLclientCertAuthentication implements IAuthManager,
     /**
      * initializes the SSLClientCertAuthentication auth manager
      * <p>
-     * called by AuthSubsystem init() method, when initializing
-     * all available authentication managers.
+     * called by AuthSubsystem init() method, when initializing all available authentication managers.
+     * 
      * @param name The name of this authentication manager instance.
      * @param implName The name of the authentication manager plugin.
      * @param config The configuration store for this authentication manager.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
     }
- 
+
     /**
      * Gets the name of this authentication manager.
      */
@@ -112,7 +110,7 @@ public class SSLclientCertAuthentication implements IAuthManager,
     public String getImplName() {
         return mImplName;
     }
- 
+
     public boolean isSSLClientRequired() {
         return true;
     }
@@ -120,29 +118,29 @@ public class SSLclientCertAuthentication implements IAuthManager,
     /**
      * authenticates user by certificate
      * <p>
-     * called by other subsystems or their servlets to authenticate
-     *	 users
+     * called by other subsystems or their servlets to authenticate users
+     * 
      * @param authCred - authentication credential that contains
-     *	 an usrgrp.Certificates of the user (agent)
+     *            an usrgrp.Certificates of the user (agent)
      * @return the authentication token that contains the following
-     *
+     * 
      * @exception EMissingCredential If a required credential for this
-     * authentication manager is missing.
+     *                authentication manager is missing.
      * @exception EInvalidCredentials If credentials cannot be authenticated.
      * @exception EBaseException If an internal error occurred.
      * @see com.netscape.certsrv.authentication.AuthToken
      * @see com.netscape.certsrv.usrgrp.Certificates
      */
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
-      
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
+
         CMS.debug("SSLclientCertAuthentication: start");
-        CMS.debug("authenticator instance name is "+getName());
+        CMS.debug("authenticator instance name is " + getName());
 
         // force SSL handshake
         SessionContext context = SessionContext.getExistingContext();
         ISSLClientCertProvider provider = (ISSLClientCertProvider)
-            context.get("sslClientCertProvider");
+                context.get("sslClientCertProvider");
 
         if (provider == null) {
             CMS.debug("SSLclientCertAuthentication: No SSL Client Cert Provider Found");
@@ -173,7 +171,7 @@ public class SSLclientCertAuthentication implements IAuthManager,
                 // find out which one is the leaf cert
                 clientCert = ci[i];
 
-                byte [] extBytes = clientCert.getExtensionValue("2.5.29.19");
+                byte[] extBytes = clientCert.getExtensionValue("2.5.29.19");
                 // try to see if this is a leaf cert
                 // look for BasicConstraint extension
                 if (extBytes == null) {
@@ -186,24 +184,24 @@ public class SSLclientCertAuthentication implements IAuthManager,
                     // so it's not likely to be a leaf cert,
                     // however, check the isCA field regardless
                     try {
-                      BasicConstraintsExtension bce =
-                        new BasicConstraintsExtension(true, extBytes);
-                      if (bce != null) {
-                          if (!(Boolean)bce.get("is_ca")) {
-                            CMS.debug("SSLclientCertAuthentication: authenticate: found CA cert in chain");
-                            break;
-                          } // else found a ca cert, continue
-                      }
-                   } catch (Exception e) {
-                     CMS.debug("SSLclientCertAuthentication: authenticate: exception:"+
+                        BasicConstraintsExtension bce =
+                                new BasicConstraintsExtension(true, extBytes);
+                        if (bce != null) {
+                            if (!(Boolean) bce.get("is_ca")) {
+                                CMS.debug("SSLclientCertAuthentication: authenticate: found CA cert in chain");
+                                break;
+                            } // else found a ca cert, continue
+                        }
+                    } catch (Exception e) {
+                        CMS.debug("SSLclientCertAuthentication: authenticate: exception:" +
                                  e.toString());
-                     throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-                   }
-               }
+                        throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+                    }
+                }
             }
             if (clientCert == null) {
-              CMS.debug("SSLclientCertAuthentication: authenticate: client cert not found");
-              throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+                CMS.debug("SSLclientCertAuthentication: authenticate: client cert not found");
+                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
             }
         } catch (CertificateException e) {
             CMS.debug(e.toString());
@@ -213,15 +211,15 @@ public class SSLclientCertAuthentication implements IAuthManager,
         // check if certificate(s) is revoked
         boolean checkRevocation = true;
         try {
-           checkRevocation = mConfig.getBoolean("checkRevocation", true);
+            checkRevocation = mConfig.getBoolean("checkRevocation", true);
         } catch (EBaseException e) {
-           // do nothing; default to true
+            // do nothing; default to true
         }
         if (checkRevocation) {
-          if (CMS.isRevoked(ci)) {
-             CMS.debug("SSLclientCertAuthentication: certificate revoked");
-             throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-          }
+            if (CMS.isRevoked(ci)) {
+                CMS.debug("SSLclientCertAuthentication: certificate revoked");
+                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+            }
         }
         Certificates certs = new Certificates(ci);
         Principal p_dn = clientCert.getSubjectDN();
@@ -232,13 +230,13 @@ public class SSLclientCertAuthentication implements IAuthManager,
             authToken.set(TOKEN_UID, uid);
             authToken.set(TOKEN_USERID, uid);
         }
-/*
-        authToken.set(TOKEN_USER_DN, user.getUserDN());
-        authToken.set(TOKEN_USERID, user.getUserID());
-        authToken.set(TOKEN_UID, user.getUserID());
-        authToken.set(TOKEN_GROUP, groupname);
-*/
-        authToken.set(CRED_CERT, certs);  
+        /*
+                authToken.set(TOKEN_USER_DN, user.getUserDN());
+                authToken.set(TOKEN_USERID, user.getUserID());
+                authToken.set(TOKEN_UID, user.getUserID());
+                authToken.set(TOKEN_GROUP, groupname);
+        */
+        authToken.set(CRED_CERT, certs);
 
         CMS.debug("SSLclientCertAuthentication: authenticated ");
 
@@ -257,7 +255,7 @@ public class SSLclientCertAuthentication implements IAuthManager,
             String n = t.substring(0, i);
             if (n.equalsIgnoreCase("uid")) {
                 String v = t.substring(i + 1);
-                CMS.debug("SSLclientCertAuthentication: getUidFromDN(): uid found:"+v);
+                CMS.debug("SSLclientCertAuthentication: getUidFromDN(): uid found:" + v);
                 return v;
             } else {
                 continue;
@@ -268,10 +266,11 @@ public class SSLclientCertAuthentication implements IAuthManager,
 
     /**
      * get the list of authentication credential attribute names
-     *	 required by this authentication manager. Generally used by
-     *	 the servlets that handle agent operations to authenticate its
-     *	 users.  It calls this method to know which are the
-     *	 required credentials from the user (e.g. Javascript form data)
+     * required by this authentication manager. Generally used by
+     * the servlets that handle agent operations to authenticate its
+     * users. It calls this method to know which are the
+     * required credentials from the user (e.g. Javascript form data)
+     * 
      * @return attribute names in Vector
      */
     public String[] getRequiredCreds() {
@@ -280,14 +279,15 @@ public class SSLclientCertAuthentication implements IAuthManager,
 
     /**
      * get the list of configuration parameter names
-     *	 required by this authentication manager.  Generally used by
-     *	 the Certificate Server Console to display the table for
-     *	 configuration purposes.  CertUserDBAuthentication is currently not
-     *	 exposed in this case, so this method is not to be used.
+     * required by this authentication manager. Generally used by
+     * the Certificate Server Console to display the table for
+     * configuration purposes. CertUserDBAuthentication is currently not
+     * exposed in this case, so this method is not to be used.
+     * 
      * @return configuration parameter names in Hashtable of Vectors
-     *	 where each hashtable entry's key is the substore name, value is a
-     * Vector of parameter names.  If no substore, the parameter name
-     *	 is the Hashtable key itself, with value same as key.
+     *         where each hashtable entry's key is the substore name, value is a
+     *         Vector of parameter names. If no substore, the parameter name
+     *         is the Hashtable key itself, with value same as key.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
@@ -301,7 +301,8 @@ public class SSLclientCertAuthentication implements IAuthManager,
 
     /**
      * gets the configuretion substore used by this authentication
-     *  manager
+     * manager
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -311,7 +312,7 @@ public class SSLclientCertAuthentication implements IAuthManager,
     // Profile-related methods
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
@@ -348,7 +349,7 @@ public class SSLclientCertAuthentication implements IAuthManager,
     }
 
     public void populate(IAuthToken token, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
                 token.getInString(TOKEN_USERDN));
         request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
author	Ade Lee <alee@redhat.com>	2012-01-11 12:57:53 -0500
committer	Ade Lee <alee@redhat.com>	2012-01-11 13:49:04 -0500
commit	10cfe7756e967ac91c66d33b392aeab9cf3780fb (patch)
tree	d5ac9b58442265d2ce5ef60e31f041ddacba1b4f /pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java
parent	edcb24f65cc3700e75d0a1d14dc2483f210b0ee4 (diff)
download	pki-10cfe7756e967ac91c66d33b392aeab9cf3780fb.tar.gz pki-10cfe7756e967ac91c66d33b392aeab9cf3780fb.tar.xz pki-10cfe7756e967ac91c66d33b392aeab9cf3780fb.zip