summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/profile/common
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2011-12-08 21:15:59 -0500
committerAde Lee <alee@redhat.com>2011-12-08 21:15:59 -0500
commit171aaece4f23709d33d180cf36eb3af5e454b0c9 (patch)
tree1485f9f0a7bd10de4ff25030db575dbb8dafae74 /pki/base/common/src/com/netscape/cms/profile/common
parentadad2fcee8a29fdb82376fbce07dedb11fccc182 (diff)
downloadpki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.gz
pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.xz
pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.zip
Revert "Formatting"
This reverts commit 32150d3ee32f8ac27118af7c792794b538c78a2f.
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/profile/common')
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java444
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java107
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java140
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java748
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java12
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java4
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java12
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java29
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java100
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java122
10 files changed, 890 insertions, 828 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java
index 578324869..acaf9772a 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.common;
+
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Locale;
@@ -48,9 +49,10 @@ import com.netscape.certsrv.registry.IPluginRegistry;
import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.RequestStatus;
+
/**
* This class implements a basic profile.
- *
+ *
* @version $Revision$, $Date$
*/
public abstract class BasicProfile implements IProfile {
@@ -74,8 +76,8 @@ public abstract class BasicProfile implements IProfile {
public static final String PROP_NAME = "name";
public static final String PROP_DESC = "desc";
public static final String PROP_NO_DEFAULT = "noDefaultImpl";
- public static final String PROP_NO_CONSTRAINT = "noConstraintImpl";
- public static final String PROP_GENERIC_EXT_DEFAULT = "genericExtDefaultImpl";
+ public static final String PROP_NO_CONSTRAINT= "noConstraintImpl";
+ public static final String PROP_GENERIC_EXT_DEFAULT= "genericExtDefaultImpl";
protected IProfileSubsystem mOwner = null;
protected IConfigStore mConfig = null;
@@ -142,19 +144,21 @@ public abstract class BasicProfile implements IProfile {
public IProfileAuthenticator getAuthenticator() throws EProfileException {
try {
- IAuthSubsystem authSub = (IAuthSubsystem) CMS
- .getSubsystem(CMS.SUBSYSTEM_AUTH);
- IProfileAuthenticator auth = (IProfileAuthenticator) authSub
- .get(mAuthInstanceId);
-
- if (mAuthInstanceId != null && mAuthInstanceId.length() > 0
- && auth == null) {
- throw new EProfileException("Cannot load " + mAuthInstanceId);
+ IAuthSubsystem authSub = (IAuthSubsystem)
+ CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+ IProfileAuthenticator auth = (IProfileAuthenticator)
+ authSub.get(mAuthInstanceId);
+
+ if (mAuthInstanceId != null && mAuthInstanceId.length() > 0
+ && auth == null) {
+ throw new EProfileException("Cannot load " +
+ mAuthInstanceId);
}
return auth;
} catch (Exception e) {
if (mAuthInstanceId != null) {
- throw new EProfileException("Cannot load " + mAuthInstanceId);
+ throw new EProfileException("Cannot load " +
+ mAuthInstanceId);
}
return null;
}
@@ -163,7 +167,7 @@ public abstract class BasicProfile implements IProfile {
public String getRequestorDN(IRequest request) {
return null;
}
-
+
public String getAuthenticatorId() {
return mAuthInstanceId;
}
@@ -181,7 +185,7 @@ public abstract class BasicProfile implements IProfile {
* Initializes this profile.
*/
public void init(IProfileSubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
CMS.debug("BasicProfile: start init");
mOwner = owner;
mConfig = config;
@@ -200,19 +204,17 @@ public abstract class BasicProfile implements IProfile {
// policy.p1.default.class=com.netscape.cms.profile.defaults.SubjectName
// policy.p1.default.params.x1=x1
// policy.p1.default.params.x2=x2
- // policy.p1.constraint.class= ...
- // .cms.profile.constraints.ValidityRange
+ // policy.p1.constraint.class= ... .cms.profile.constraints.ValidityRange
// policy.p1.constraint.params.x1=x1
// policy.p1.constraint.params.x2=x2
- // handle profile authentication plugins
+ // handle profile authentication plugins
try {
- mAuthInstanceId = config
- .getString("auth." + PROP_INSTANCE_ID, null);
+ mAuthInstanceId = config.getString("auth." + PROP_INSTANCE_ID, null);
mAuthzAcl = config.getString("authz.acl", "");
} catch (EBaseException e) {
- CMS.debug("BasicProfile: authentication class not found "
- + e.toString());
+ CMS.debug("BasicProfile: authentication class not found " +
+ e.toString());
}
// handle profile input plugins
@@ -222,8 +224,8 @@ public abstract class BasicProfile implements IProfile {
while (input_st.hasMoreTokens()) {
String input_id = (String) input_st.nextToken();
- String inputClassId = inputStore.getString(input_id + "."
- + PROP_CLASS_ID);
+ String inputClassId = inputStore.getString(input_id + "." +
+ PROP_CLASS_ID);
IPluginInfo inputInfo = mRegistry.getPluginInfo("profileInput",
inputClassId);
String inputClass = inputInfo.getClassName();
@@ -231,12 +233,13 @@ public abstract class BasicProfile implements IProfile {
IProfileInput input = null;
try {
- input = (IProfileInput) Class.forName(inputClass).newInstance();
+ input = (IProfileInput)
+ Class.forName(inputClass).newInstance();
} catch (Exception e) {
// throw Exception
- CMS.debug("BasicProfile: input plugin Class.forName "
- + inputClass + " " + e.toString());
- throw new EBaseException(e.toString());
+ CMS.debug("BasicProfile: input plugin Class.forName " +
+ inputClass + " " + e.toString());
+ throw new EBaseException( e.toString() );
}
IConfigStore inputConfig = inputStore.getSubStore(input_id);
input.init(this, inputConfig);
@@ -252,8 +255,8 @@ public abstract class BasicProfile implements IProfile {
while (output_st.hasMoreTokens()) {
String output_id = (String) output_st.nextToken();
- String outputClassId = outputStore.getString(output_id + "."
- + PROP_CLASS_ID);
+ String outputClassId = outputStore.getString(output_id + "." +
+ PROP_CLASS_ID);
IPluginInfo outputInfo = mRegistry.getPluginInfo("profileOutput",
outputClassId);
String outputClass = outputInfo.getClassName();
@@ -261,13 +264,13 @@ public abstract class BasicProfile implements IProfile {
IProfileOutput output = null;
try {
- output = (IProfileOutput) Class.forName(outputClass)
- .newInstance();
+ output = (IProfileOutput)
+ Class.forName(outputClass).newInstance();
} catch (Exception e) {
// throw Exception
- CMS.debug("BasicProfile: output plugin Class.forName "
- + outputClass + " " + e.toString());
- throw new EBaseException(e.toString());
+ CMS.debug("BasicProfile: output plugin Class.forName " +
+ outputClass + " " + e.toString());
+ throw new EBaseException( e.toString() );
}
IConfigStore outputConfig = outputStore.getSubStore(output_id);
output.init(this, outputConfig);
@@ -283,22 +286,22 @@ public abstract class BasicProfile implements IProfile {
while (updater_st.hasMoreTokens()) {
String updater_id = (String) updater_st.nextToken();
- String updaterClassId = updaterStore.getString(updater_id + "."
- + PROP_CLASS_ID);
+ String updaterClassId = updaterStore.getString(updater_id + "." +
+ PROP_CLASS_ID);
IPluginInfo updaterInfo = mRegistry.getPluginInfo("profileUpdater",
- updaterClassId);
+ updaterClassId);
String updaterClass = updaterInfo.getClassName();
IProfileUpdater updater = null;
try {
- updater = (IProfileUpdater) Class.forName(updaterClass)
- .newInstance();
+ updater = (IProfileUpdater)
+ Class.forName(updaterClass).newInstance();
} catch (Exception e) {
// throw Exception
- CMS.debug("BasicProfile: updater plugin Class.forName "
- + updaterClass + " " + e.toString());
- throw new EBaseException(e.toString());
+ CMS.debug("BasicProfile: updater plugin Class.forName " +
+ updaterClass + " " + e.toString());
+ throw new EBaseException( e.toString() );
}
IConfigStore updaterConfig = updaterStore.getSubStore(updater_id);
updater.init(this, updaterConfig);
@@ -322,15 +325,15 @@ public abstract class BasicProfile implements IProfile {
String id = (String) st1.nextToken();
String defaultRoot = id + "." + PROP_DEFAULT;
- String defaultClassId = policyStore.getString(defaultRoot + "."
- + PROP_CLASS_ID);
+ String defaultClassId = policyStore.getString(defaultRoot + "." +
+ PROP_CLASS_ID);
String constraintRoot = id + "." + PROP_CONSTRAINT;
- String constraintClassId = policyStore.getString(constraintRoot
- + "." + PROP_CLASS_ID);
+ String constraintClassId =
+ policyStore.getString(constraintRoot + "." + PROP_CLASS_ID);
- createProfilePolicy(setId, id, defaultClassId,
- constraintClassId, false);
+ createProfilePolicy(setId, id, defaultClassId,
+ constraintClassId, false);
}
}
CMS.debug("BasicProfile: done init");
@@ -377,20 +380,20 @@ public abstract class BasicProfile implements IProfile {
}
public String getInput(String name, Locale locale, IRequest request)
- throws EProfileException {
+ throws EProfileException {
return null;
}
public void setInput(String name, Locale locale, IRequest request,
- String value) throws EProfileException {
+ String value) throws EProfileException {
}
public Enumeration getProfilePolicySetIds() {
return mPolicySet.keys();
}
- public void deleteProfilePolicy(String setId, String policyId)
- throws EProfileException {
+ public void deleteProfilePolicy(String setId, String policyId)
+ throws EProfileException {
Vector policies = (Vector) mPolicySet.get(setId);
if (policies == null) {
@@ -433,28 +436,26 @@ public abstract class BasicProfile implements IProfile {
policies.removeElementAt(i);
if (size == 1) {
mPolicySet.remove(setId);
- String setlist = policySetSubStore.getString(
- PROP_POLICY_LIST, null);
+ String setlist = policySetSubStore.getString(PROP_POLICY_LIST, null);
StringTokenizer st1 = new StringTokenizer(setlist, ",");
String newlist1 = "";
while (st1.hasMoreTokens()) {
String e = st1.nextToken();
- if (!e.equals(setId))
+ if (!e.equals(setId))
newlist1 = newlist1 + e + ",";
}
- if (!newlist1.equals(""))
- newlist1 = newlist1.substring(0,
- newlist1.length() - 1);
+ if (!newlist1.equals(""))
+ newlist1 = newlist1.substring(0, newlist1.length() - 1);
policySetSubStore.putString(PROP_POLICY_LIST, newlist1);
}
break;
}
}
- mConfig.putString("lastModified",
- Long.toString(CMS.getCurrentDate().getTime()));
+ mConfig.putString("lastModified",
+ Long.toString(CMS.getCurrentDate().getTime()));
mConfig.commit(false);
} catch (Exception e) {
}
@@ -495,8 +496,8 @@ public abstract class BasicProfile implements IProfile {
mInputs.remove(inputId);
mConfig.putString("input." + PROP_INPUT_LIST, newlist);
- mConfig.putString("lastModified",
- Long.toString(CMS.getCurrentDate().getTime()));
+ mConfig.putString("lastModified",
+ Long.toString(CMS.getCurrentDate().getTime()));
mConfig.commit(false);
} catch (Exception e) {
}
@@ -536,22 +537,24 @@ public abstract class BasicProfile implements IProfile {
mOutputs.remove(outputId);
mConfig.putString("output." + PROP_OUTPUT_LIST, newlist);
- mConfig.putString("lastModified",
- Long.toString(CMS.getCurrentDate().getTime()));
+ mConfig.putString("lastModified",
+ Long.toString(CMS.getCurrentDate().getTime()));
mConfig.commit(false);
} catch (Exception e) {
}
}
- public IProfileOutput createProfileOutput(String id, String outputId,
- NameValuePairs nvps) throws EProfileException {
- return createProfileOutput(id, outputId, nvps, true);
+ public IProfileOutput createProfileOutput(String id, String outputId,
+ NameValuePairs nvps)
+ throws EProfileException {
+ return createProfileOutput(id, outputId, nvps, true);
}
public IProfileOutput createProfileOutput(String id, String outputId,
- NameValuePairs nvps, boolean createConfig)
+ NameValuePairs nvps, boolean createConfig)
- throws EProfileException {
+
+ throws EProfileException {
IConfigStore outputStore = mConfig.getSubStore("output");
String output_list = null;
@@ -573,7 +576,8 @@ public abstract class BasicProfile implements IProfile {
IProfileOutput output = null;
try {
- output = (IProfileOutput) Class.forName(outputClass).newInstance();
+ output = (IProfileOutput)
+ Class.forName(outputClass).newInstance();
} catch (Exception e) {
// throw Exception
CMS.debug(e.toString());
@@ -606,8 +610,7 @@ public abstract class BasicProfile implements IProfile {
String pid = st1.nextToken();
if (pid.equals(id)) {
- throw new EProfileException("Duplicate output id: "
- + id);
+ throw new EProfileException("Duplicate output id: " + id);
}
}
outputStore.putString(PROP_OUTPUT_LIST, list + "," + id);
@@ -615,7 +618,7 @@ public abstract class BasicProfile implements IProfile {
String prefix = id + ".";
outputStore.putString(prefix + "name",
- outputInfo.getName(Locale.getDefault()));
+ outputInfo.getName(Locale.getDefault()));
outputStore.putString(prefix + "class_id", outputId);
Enumeration enum1 = nvps.getNames();
@@ -623,20 +626,19 @@ public abstract class BasicProfile implements IProfile {
while (enum1.hasMoreElements()) {
String name = (String) enum1.nextElement();
- outputStore.putString(prefix + "params." + name,
- nvps.getValue(name));
+ outputStore.putString(prefix + "params." + name, nvps.getValue(name));
try {
- if (output != null) {
- output.setConfig(name, nvps.getValue(name));
- }
+ if (output != null) {
+ output.setConfig(name, nvps.getValue(name));
+ }
} catch (EBaseException e) {
- CMS.debug(e.toString());
+ CMS.debug(e.toString());
}
}
try {
- mConfig.putString("lastModified",
- Long.toString(CMS.getCurrentDate().getTime()));
+ mConfig.putString("lastModified",
+ Long.toString(CMS.getCurrentDate().getTime()));
mConfig.commit(false);
} catch (EBaseException e) {
CMS.debug(e.toString());
@@ -646,13 +648,15 @@ public abstract class BasicProfile implements IProfile {
return output;
}
- public IProfileInput createProfileInput(String id, String inputId,
- NameValuePairs nvps) throws EProfileException {
- return createProfileInput(id, inputId, nvps, true);
+ public IProfileInput createProfileInput(String id, String inputId,
+ NameValuePairs nvps)
+ throws EProfileException {
+ return createProfileInput(id, inputId, nvps, true);
}
public IProfileInput createProfileInput(String id, String inputId,
- NameValuePairs nvps, boolean createConfig) throws EProfileException {
+ NameValuePairs nvps, boolean createConfig)
+ throws EProfileException {
IConfigStore inputStore = mConfig.getSubStore("input");
String input_list = null;
@@ -662,8 +666,8 @@ public abstract class BasicProfile implements IProfile {
} catch (Exception ee) {
}
- IPluginInfo inputInfo = mRegistry
- .getPluginInfo("profileInput", inputId);
+ IPluginInfo inputInfo = mRegistry.getPluginInfo("profileInput",
+ inputId);
if (inputInfo == null) {
CMS.debug("Cannot find " + inputId);
@@ -675,7 +679,8 @@ public abstract class BasicProfile implements IProfile {
IProfileInput input = null;
try {
- input = (IProfileInput) Class.forName(inputClass).newInstance();
+ input = (IProfileInput)
+ Class.forName(inputClass).newInstance();
} catch (Exception e) {
// throw Exception
CMS.debug(e.toString());
@@ -715,29 +720,28 @@ public abstract class BasicProfile implements IProfile {
}
String prefix = id + ".";
- inputStore.putString(prefix + "name",
- inputInfo.getName(Locale.getDefault()));
+ inputStore.putString(prefix + "name",
+ inputInfo.getName(Locale.getDefault()));
inputStore.putString(prefix + "class_id", inputId);
-
+
Enumeration enum1 = nvps.getNames();
while (enum1.hasMoreElements()) {
String name = (String) enum1.nextElement();
- inputStore.putString(prefix + "params." + name,
- nvps.getValue(name));
+ inputStore.putString(prefix + "params." + name, nvps.getValue(name));
try {
- if (input != null) {
- input.setConfig(name, nvps.getValue(name));
- }
+ if (input != null) {
+ input.setConfig(name, nvps.getValue(name));
+ }
} catch (EBaseException e) {
- CMS.debug(e.toString());
+ CMS.debug(e.toString());
}
}
try {
- mConfig.putString("lastModified",
- Long.toString(CMS.getCurrentDate().getTime()));
+ mConfig.putString("lastModified",
+ Long.toString(CMS.getCurrentDate().getTime()));
mConfig.commit(false);
} catch (EBaseException e) {
CMS.debug(e.toString());
@@ -750,25 +754,23 @@ public abstract class BasicProfile implements IProfile {
/**
* Creates a profile policy
*/
- public IProfilePolicy createProfilePolicy(String setId, String id,
- String defaultClassId, String constraintClassId)
- throws EProfileException {
- return createProfilePolicy(setId, id, defaultClassId,
+ public IProfilePolicy createProfilePolicy(String setId, String id,
+ String defaultClassId, String constraintClassId)
+ throws EProfileException {
+ return createProfilePolicy(setId, id, defaultClassId,
constraintClassId, true);
}
- public IProfilePolicy createProfilePolicy(String setId, String id,
- String defaultClassId, String constraintClassId,
- boolean createConfig) throws EProfileException {
-
+ public IProfilePolicy createProfilePolicy(String setId, String id,
+ String defaultClassId, String constraintClassId,
+ boolean createConfig)
+ throws EProfileException {
+
// String setId ex: policyset.set1
- // String id Id of policy : examples: p1,p2,p3
- // String defaultClassId : id of the default plugin ex:
- // validityDefaultImpl
- // String constraintClassId : if of the constraint plugin ex:
- // basicConstraintsExtConstraintImpl
- // boolean createConfig : true : being called from the console. false:
- // being called from server startup code
+ // String id Id of policy : examples: p1,p2,p3
+ // String defaultClassId : id of the default plugin ex: validityDefaultImpl
+ // String constraintClassId : if of the constraint plugin ex: basicConstraintsExtConstraintImpl
+ // boolean createConfig : true : being called from the console. false: being called from server startup code
Vector policies = (Vector) mPolicySet.get(setId);
@@ -776,9 +778,9 @@ public abstract class BasicProfile implements IProfile {
if (policies == null) {
policies = new Vector();
mPolicySet.put(setId, policies);
- if (createConfig) {
+ if (createConfig) {
// re-create policyset.list
- StringBuffer setlist = new StringBuffer();
+ StringBuffer setlist =new StringBuffer();
Enumeration keys = mPolicySet.keys();
while (keys.hasMoreElements()) {
@@ -792,64 +794,62 @@ public abstract class BasicProfile implements IProfile {
mConfig.putString("policyset.list", setlist.toString());
}
} else {
- String ids = null;
+ String ids = null;
- try {
- ids = policyStore.getString(PROP_POLICY_LIST, "");
- } catch (Exception ee) {
- }
+ try {
+ ids = policyStore.getString(PROP_POLICY_LIST, "");
+ } catch (Exception ee) {
+ }
- if (ids == null) {
- CMS.debug("BasicProfile::createProfilePolicy() - ids is null!");
- return null;
- }
+ if( ids == null ) {
+ CMS.debug("BasicProfile::createProfilePolicy() - ids is null!" );
+ return null;
+ }
- StringTokenizer st1 = new StringTokenizer(ids, ",");
- int appearances = 0;
- int appearancesTooMany = 0;
- if (createConfig)
- appearancesTooMany = 1;
- else
- appearancesTooMany = 2;
+ StringTokenizer st1 = new StringTokenizer(ids, ",");
+ int appearances = 0;
+ int appearancesTooMany = 0;
+ if (createConfig)
+ appearancesTooMany = 1;
+ else
+ appearancesTooMany = 2;
- while (st1.hasMoreTokens()) {
- String pid = st1.nextToken();
- if (pid.equals(id)) {
- appearances++;
- if (appearances >= appearancesTooMany) {
- CMS.debug("WARNING detected duplicate policy id: "
- + id + " Profile: " + mId);
- if (createConfig) {
- throw new EProfileException("Duplicate policy id: "
- + id);
+ while (st1.hasMoreTokens()) {
+ String pid = st1.nextToken();
+ if (pid.equals(id)) {
+ appearances++;
+ if (appearances >= appearancesTooMany) {
+ CMS.debug("WARNING detected duplicate policy id: " + id + " Profile: " + mId);
+ if (createConfig) {
+ throw new EProfileException("Duplicate policy id: " + id);
+ }
}
}
}
- }
}
// Now make sure we aren't trying to add a policy that already exists
IConfigStore policySetStore = mConfig.getSubStore("policyset");
- String setlist = null;
+ String setlist = null;
try {
setlist = policySetStore.getString("list", "");
} catch (Exception e) {
}
StringTokenizer st = new StringTokenizer(setlist, ",");
- int matches = 0;
+ int matches = 0;
while (st.hasMoreTokens()) {
String sId = (String) st.nextToken();
- // Only search the setId set. Ex: encryptionCertSet
+ //Only search the setId set. Ex: encryptionCertSet
if (!sId.equals(setId)) {
continue;
}
IConfigStore pStore = policySetStore.getSubStore(sId);
-
+
String list = null;
try {
- list = pStore.getString(PROP_POLICY_LIST, "");
+ list = pStore.getString(PROP_POLICY_LIST, "");
} catch (Exception e) {
CMS.debug("WARNING, can't get policy id list!");
}
@@ -862,48 +862,38 @@ public abstract class BasicProfile implements IProfile {
String defaultRoot = curId + "." + PROP_DEFAULT;
String curDefaultClassId = null;
try {
- curDefaultClassId = pStore.getString(defaultRoot + "."
- + PROP_CLASS_ID);
- } catch (Exception e) {
+ curDefaultClassId = pStore.getString(defaultRoot + "." +
+ PROP_CLASS_ID);
+ } catch(Exception e) {
CMS.debug("WARNING, can't get default plugin id!");
}
String constraintRoot = curId + "." + PROP_CONSTRAINT;
String curConstraintClassId = null;
try {
- curConstraintClassId = pStore.getString(constraintRoot
- + "." + PROP_CLASS_ID);
+ curConstraintClassId = pStore.getString(constraintRoot + "." + PROP_CLASS_ID);
} catch (Exception e) {
CMS.debug("WARNING, can't get constraint plugin id!");
}
- // Disallow duplicate defaults with the following exceptions:
+ //Disallow duplicate defaults with the following exceptions:
// noDefaultImpl, genericExtDefaultImpl
- if ((curDefaultClassId.equals(defaultClassId)
- && !curDefaultClassId.equals(PROP_NO_DEFAULT) && !curDefaultClassId
- .equals(PROP_GENERIC_EXT_DEFAULT))) {
+ if ((curDefaultClassId.equals(defaultClassId) &&
+ !curDefaultClassId.equals(PROP_NO_DEFAULT) &&
+ !curDefaultClassId.equals(PROP_GENERIC_EXT_DEFAULT)) ) {
matches++;
if (createConfig) {
if (matches == 1) {
- CMS.debug("WARNING attempt to add duplicate Policy "
- + defaultClassId
- + ":"
- + constraintClassId
- + " Contact System Administrator.");
- throw new EProfileException(
- "Attempt to add duplicate Policy : "
- + defaultClassId + ":"
- + constraintClassId);
+ CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId +
+ " Contact System Administrator.");
+ throw new EProfileException("Attempt to add duplicate Policy : " + defaultClassId + ":" + constraintClassId);
}
} else {
- if (matches > 1) {
- CMS.debug("WARNING attempt to add duplicate Policy "
- + defaultClassId
- + ":"
- + constraintClassId
- + " Contact System Administrator.");
+ if( matches > 1) {
+ CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId +
+ " Contact System Administrator.");
}
}
}
@@ -925,11 +915,12 @@ public abstract class BasicProfile implements IProfile {
IPolicyDefault def = null;
try {
- def = (IPolicyDefault) Class.forName(defaultClass).newInstance();
+ def = (IPolicyDefault)
+ Class.forName(defaultClass).newInstance();
} catch (Exception e) {
// throw Exception
- CMS.debug("BasicProfile: default policy " + defaultClass + " "
- + e.toString());
+ CMS.debug("BasicProfile: default policy " +
+ defaultClass + " " + e.toString());
}
if (def == null) {
CMS.debug("BasicProfile: failed to create " + defaultClass);
@@ -940,18 +931,18 @@ public abstract class BasicProfile implements IProfile {
def.init(this, defStore);
}
- IPluginInfo conInfo = mRegistry.getPluginInfo("constraintPolicy",
+ IPluginInfo conInfo = mRegistry.getPluginInfo("constraintPolicy",
constraintClassId);
String constraintClass = conInfo.getClassName();
IPolicyConstraint constraint = null;
try {
- constraint = (IPolicyConstraint) Class.forName(constraintClass)
- .newInstance();
+ constraint = (IPolicyConstraint)
+ Class.forName(constraintClass).newInstance();
} catch (Exception e) {
// throw Exception
- CMS.debug("BasicProfile: constraint policy " + constraintClass
- + " " + e.toString());
+ CMS.debug("BasicProfile: constraint policy " +
+ constraintClass + " " + e.toString());
}
ProfilePolicy policy = null;
if (constraint == null) {
@@ -977,20 +968,21 @@ public abstract class BasicProfile implements IProfile {
} else {
policyStore.putString(PROP_POLICY_LIST, list + "," + id);
}
- policyStore.putString(id + ".default.name",
- defInfo.getName(Locale.getDefault()));
- policyStore.putString(id + ".default.class_id", defaultClassId);
- policyStore.putString(id + ".constraint.name",
- conInfo.getName(Locale.getDefault()));
- policyStore.putString(id + ".constraint.class_id",
- constraintClassId);
+ policyStore.putString(id + ".default.name",
+ defInfo.getName(Locale.getDefault()));
+ policyStore.putString(id + ".default.class_id",
+ defaultClassId);
+ policyStore.putString(id + ".constraint.name",
+ conInfo.getName(Locale.getDefault()));
+ policyStore.putString(id + ".constraint.class_id",
+ constraintClassId);
try {
- mConfig.putString("lastModified",
- Long.toString(CMS.getCurrentDate().getTime()));
+ mConfig.putString("lastModified",
+ Long.toString(CMS.getCurrentDate().getTime()));
policyStore.commit(false);
} catch (EBaseException e) {
- CMS.debug("BasicProfile: commiting config store "
- + e.toString());
+ CMS.debug("BasicProfile: commiting config store " +
+ e.toString());
}
}
@@ -1046,7 +1038,7 @@ public abstract class BasicProfile implements IProfile {
* Creates request.
*/
public abstract IRequest[] createRequests(IProfileContext ctx, Locale locale)
- throws EProfileException;
+ throws EProfileException;
/**
* Returns the profile description.
@@ -1064,12 +1056,12 @@ public abstract class BasicProfile implements IProfile {
}
public void populateInput(IProfileContext ctx, IRequest request)
- throws EProfileException {
+ throws EProfileException {
Enumeration ids = getProfileInputIds();
while (ids.hasMoreElements()) {
String id = (String) ids.nextElement();
- IProfileInput input = getProfileInput(id);
+ IProfileInput input = getProfileInput(id);
input.populate(ctx, request);
}
@@ -1082,32 +1074,36 @@ public abstract class BasicProfile implements IProfile {
}
/**
- * Passes the request to the set of default policies that populate the
- * profile information against the profile.
- */
- public void populate(IRequest request) throws EProfileException {
+ * Passes the request to the set of default policies that
+ * populate the profile information against the profile.
+ */
+ public void populate(IRequest request)
+ throws EProfileException {
String setId = getPolicySetId(request);
Vector policies = getPolicies(setId);
- CMS.debug("BasicProfile: populate() policy setid =" + setId);
+ CMS.debug("BasicProfile: populate() policy setid ="+ setId);
for (int i = 0; i < policies.size(); i++) {
- ProfilePolicy policy = (ProfilePolicy) policies.elementAt(i);
+ ProfilePolicy policy = (ProfilePolicy)
+ policies.elementAt(i);
policy.getDefault().populate(request);
}
}
/**
- * Passes the request to the set of constraint policies that validate the
- * request against the profile.
- */
- public void validate(IRequest request) throws ERejectException {
+ * Passes the request to the set of constraint policies
+ * that validate the request against the profile.
+ */
+ public void validate(IRequest request)
+ throws ERejectException {
String setId = getPolicySetId(request);
- CMS.debug("BasicProfile: validate start on setId=" + setId);
+ CMS.debug("BasicProfile: validate start on setId="+ setId);
Vector policies = getPolicies(setId);
for (int i = 0; i < policies.size(); i++) {
- ProfilePolicy policy = (ProfilePolicy) policies.elementAt(i);
+ ProfilePolicy policy = (ProfilePolicy)
+ policies.elementAt(i);
policy.getConstraint().validate(request);
}
@@ -1133,23 +1129,25 @@ public abstract class BasicProfile implements IProfile {
Vector v = new Vector();
for (int i = 0; i < policies.size(); i++) {
- ProfilePolicy policy = (ProfilePolicy) policies.elementAt(i);
+ ProfilePolicy policy = (ProfilePolicy)
+ policies.elementAt(i);
- v.addElement(policy.getId());
+ v.addElement(policy.getId());
}
return v.elements();
}
- public void execute(IRequest request) throws EProfileException {
+ public void execute(IRequest request)
+ throws EProfileException {
}
/**
* Signed Audit Log
- *
- * This method is inherited by all extended "BasicProfile"s, and is called
- * to store messages to the signed audit log.
+ *
+ * This method is inherited by all extended "BasicProfile"s,
+ * and is called to store messages to the signed audit log.
* <P>
- *
+ *
* @param msg signed audit log message
*/
protected void audit(String msg) {
@@ -1160,17 +1158,21 @@ public abstract class BasicProfile implements IProfile {
return;
}
- mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null,
- ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg);
+ mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
+ null,
+ ILogger.S_SIGNED_AUDIT,
+ ILogger.LL_SECURITY,
+ msg);
}
/**
* Signed Audit Log Subject ID
- *
- * This method is inherited by all extended "BasicProfile"s, and is called
- * to obtain the "SubjectID" for a signed audit log message.
+ *
+ * This method is inherited by all extended "BasicProfile"s,
+ * and is called to obtain the "SubjectID" for
+ * a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message SubjectID
*/
protected String auditSubjectID() {
@@ -1185,7 +1187,8 @@ public abstract class BasicProfile implements IProfile {
SessionContext auditContext = SessionContext.getExistingContext();
if (auditContext != null) {
- subjectID = (String) auditContext.get(SessionContext.USER_ID);
+ subjectID = (String)
+ auditContext.get(SessionContext.USER_ID);
if (subjectID != null) {
subjectID = subjectID.trim();
@@ -1199,3 +1202,4 @@ public abstract class BasicProfile implements IProfile {
return subjectID;
}
}
+
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java
index f589e7efb..681f2b4a5 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.common;
+
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.common.NameValuePairs;
@@ -27,97 +28,103 @@ import com.netscape.certsrv.profile.IProfileInput;
import com.netscape.certsrv.profile.IProfileOutput;
import com.netscape.certsrv.profile.IProfilePolicy;
+
/**
- * This class implements a Certificate Manager enrollment profile for CA
- * Certificates.
- *
+ * This class implements a Certificate Manager enrollment
+ * profile for CA Certificates.
+ *
* @version $Revision$, $Date$
*/
-public class CACertCAEnrollProfile extends CAEnrollProfile implements
- IProfileEx {
+public class CACertCAEnrollProfile extends CAEnrollProfile
+ implements IProfileEx {
/**
- * Called after initialization. It populates default policies, inputs, and
- * outputs.
+ * Called after initialization. It populates default
+ * policies, inputs, and outputs.
*/
- public void populate() throws EBaseException {
+ public void populate() throws EBaseException
+ {
// create inputs
NameValuePairs inputParams1 = new NameValuePairs();
- IProfileInput input1 = createProfileInput("i1", "certReqInputImpl",
- inputParams1);
+ IProfileInput input1 =
+ createProfileInput("i1", "certReqInputImpl", inputParams1);
NameValuePairs inputParams2 = new NameValuePairs();
- IProfileInput input2 = createProfileInput("i2",
- "submitterInfoInputImpl", inputParams2);
+ IProfileInput input2 =
+ createProfileInput("i2", "submitterInfoInputImpl", inputParams2);
- // create outputs
+ // create outputs
NameValuePairs outputParams1 = new NameValuePairs();
- IProfileOutput output1 = createProfileOutput("o1", "certOutputImpl",
- outputParams1);
+ IProfileOutput output1 =
+ createProfileOutput("o1", "certOutputImpl", outputParams1);
// create policies
- IProfilePolicy policy1 = createProfilePolicy("set1", "p1",
- "userSubjectNameDefaultImpl", "noConstraintImpl");
+ IProfilePolicy policy1 =
+ createProfilePolicy("set1", "p1",
+ "userSubjectNameDefaultImpl", "noConstraintImpl");
IPolicyDefault def1 = policy1.getDefault();
IConfigStore defConfig1 = def1.getConfigStore();
IPolicyConstraint con1 = policy1.getConstraint();
IConfigStore conConfig1 = con1.getConfigStore();
- IProfilePolicy policy2 = createProfilePolicy("set1", "p2",
- "validityDefaultImpl", "noConstraintImpl");
+ IProfilePolicy policy2 =
+ createProfilePolicy("set1", "p2",
+ "validityDefaultImpl", "noConstraintImpl");
IPolicyDefault def2 = policy2.getDefault();
IConfigStore defConfig2 = def2.getConfigStore();
- defConfig2.putString("params.range", "180");
- defConfig2.putString("params.startTime", "0");
+ defConfig2.putString("params.range","180");
+ defConfig2.putString("params.startTime","0");
IPolicyConstraint con2 = policy2.getConstraint();
IConfigStore conConfig2 = con2.getConfigStore();
- IProfilePolicy policy3 = createProfilePolicy("set1", "p3",
- "userKeyDefaultImpl", "noConstraintImpl");
+ IProfilePolicy policy3 =
+ createProfilePolicy("set1", "p3",
+ "userKeyDefaultImpl", "noConstraintImpl");
IPolicyDefault def3 = policy3.getDefault();
IConfigStore defConfig3 = def3.getConfigStore();
- defConfig3.putString("params.keyType", "RSA");
- defConfig3.putString("params.keyMinLength", "512");
- defConfig3.putString("params.keyMaxLength", "4096");
+ defConfig3.putString("params.keyType","RSA");
+ defConfig3.putString("params.keyMinLength","512");
+ defConfig3.putString("params.keyMaxLength","4096");
IPolicyConstraint con3 = policy3.getConstraint();
IConfigStore conConfig3 = con3.getConfigStore();
- IProfilePolicy policy4 = createProfilePolicy("set1", "p4",
- "signingAlgDefaultImpl", "noConstraintImpl");
+ IProfilePolicy policy4 =
+ createProfilePolicy("set1", "p4",
+ "signingAlgDefaultImpl", "noConstraintImpl");
IPolicyDefault def4 = policy4.getDefault();
IConfigStore defConfig4 = def4.getConfigStore();
- defConfig4.putString("params.signingAlg", "-");
- defConfig4
- .putString(
- "params.signingAlgsAllowed",
- "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC");
+ defConfig4.putString("params.signingAlg","-");
+ defConfig4.putString("params.signingAlgsAllowed",
+ "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC");
IPolicyConstraint con4 = policy4.getConstraint();
IConfigStore conConfig4 = con4.getConfigStore();
// extensions
- IProfilePolicy policy5 = createProfilePolicy("set1", "p5",
- "keyUsageExtDefaultImpl", "noConstraintImpl");
+ IProfilePolicy policy5 =
+ createProfilePolicy("set1", "p5",
+ "keyUsageExtDefaultImpl", "noConstraintImpl");
IPolicyDefault def5 = policy5.getDefault();
IConfigStore defConfig5 = def5.getConfigStore();
- defConfig5.putString("params.keyUsageCritical", "true");
- defConfig5.putString("params.keyUsageCrlSign", "true");
- defConfig5.putString("params.keyUsageDataEncipherment", "false");
- defConfig5.putString("params.keyUsageDecipherOnly", "false");
- defConfig5.putString("params.keyUsageDigitalSignature", "true");
- defConfig5.putString("params.keyUsageEncipherOnly", "false");
- defConfig5.putString("params.keyUsageKeyAgreement", "false");
- defConfig5.putString("params.keyUsageKeyCertSign", "true");
- defConfig5.putString("params.keyUsageKeyEncipherment", "false");
- defConfig5.putString("params.keyUsageNonRepudiation", "true");
+ defConfig5.putString("params.keyUsageCritical","true");
+ defConfig5.putString("params.keyUsageCrlSign","true");
+ defConfig5.putString("params.keyUsageDataEncipherment","false");
+ defConfig5.putString("params.keyUsageDecipherOnly","false");
+ defConfig5.putString("params.keyUsageDigitalSignature","true");
+ defConfig5.putString("params.keyUsageEncipherOnly","false");
+ defConfig5.putString("params.keyUsageKeyAgreement","false");
+ defConfig5.putString("params.keyUsageKeyCertSign","true");
+ defConfig5.putString("params.keyUsageKeyEncipherment","false");
+ defConfig5.putString("params.keyUsageNonRepudiation","true");
IPolicyConstraint con5 = policy5.getConstraint();
IConfigStore conConfig5 = con5.getConfigStore();
- IProfilePolicy policy6 = createProfilePolicy("set1", "p6",
- "basicConstraintsExtDefaultImpl", "noConstraintImpl");
+ IProfilePolicy policy6 =
+ createProfilePolicy("set1", "p6",
+ "basicConstraintsExtDefaultImpl", "noConstraintImpl");
IPolicyDefault def6 = policy6.getDefault();
IConfigStore defConfig6 = def6.getConfigStore();
- defConfig6.putString("params.basicConstraintsPathLen", "-1");
- defConfig6.putString("params.basicConstraintsIsCA", "true");
- defConfig6.putString("params.basicConstraintsPathLen", "-1");
+ defConfig6.putString("params.basicConstraintsPathLen","-1");
+ defConfig6.putString("params.basicConstraintsIsCA","true");
+ defConfig6.putString("params.basicConstraintsPathLen","-1");
IPolicyConstraint con6 = policy6.getConstraint();
IConfigStore conConfig6 = con6.getConfigStore();
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java
index 20d5f4de3..32cd51b5f 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.common;
+
import java.util.Enumeration;
import netscape.security.x509.X500Name;
@@ -40,21 +41,27 @@ import com.netscape.certsrv.profile.IProfileUpdater;
import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.RequestStatus;
+
/**
- * This class implements a Certificate Manager enrollment profile.
- *
+ * This class implements a Certificate Manager enrollment
+ * profile.
+ *
* @version $Revision$, $Date$
*/
public class CAEnrollProfile extends EnrollProfile {
- private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4";
+ private final static String
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST =
+ "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4";
+
public CAEnrollProfile() {
super();
}
public IAuthority getAuthority() {
- IAuthority authority = (IAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ IAuthority authority = (IAuthority)
+ CMS.getSubsystem(CMS.SUBSYSTEM_CA);
if (authority == null)
return null;
@@ -62,17 +69,18 @@ public class CAEnrollProfile extends EnrollProfile {
}
public X500Name getIssuerName() {
- ICertificateAuthority ca = (ICertificateAuthority) CMS
- .getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateAuthority ca = (ICertificateAuthority)
+ CMS.getSubsystem(CMS.SUBSYSTEM_CA);
X500Name issuerName = ca.getX500Name();
return issuerName;
}
- public void execute(IRequest request) throws EProfileException {
+ public void execute(IRequest request)
+ throws EProfileException {
long startTime = CMS.getCurrentDate().getTime();
-
+
if (!isEnable()) {
CMS.debug("CAEnrollProfile: Profile Not Enabled");
throw new EProfileException("Profile Not Enabled");
@@ -83,13 +91,14 @@ public class CAEnrollProfile extends EnrollProfile {
String auditRequesterID = auditRequesterID(request);
String auditArchiveID = ILogger.UNIDENTIFIED;
+
String id = request.getRequestId().toString();
if (id != null) {
auditArchiveID = id.trim();
}
- CMS.debug("CAEnrollProfile: execute reqId="
- + request.getRequestId().toString());
+ CMS.debug("CAEnrollProfile: execute reqId=" +
+ request.getRequestId().toString());
ICertificateAuthority ca = (ICertificateAuthority) getAuthority();
ICAService caService = (ICAService) ca.getCAService();
@@ -99,59 +108,64 @@ public class CAEnrollProfile extends EnrollProfile {
// if PKI Archive Option present, send this request
// to DRM
- byte optionsData[] = request
- .getExtDataInByteArray(REQUEST_ARCHIVE_OPTIONS);
+ byte optionsData[] = request.getExtDataInByteArray(REQUEST_ARCHIVE_OPTIONS);
// do not archive keys for renewal requests
- if ((optionsData != null)
- && (!request.getRequestType().equals(IRequest.RENEWAL_REQUEST))) {
- PKIArchiveOptions options = (PKIArchiveOptions) toPKIArchiveOptions(optionsData);
+ if ((optionsData != null) && (!request.getRequestType().equals(IRequest.RENEWAL_REQUEST))) {
+ PKIArchiveOptions options = (PKIArchiveOptions)
+ toPKIArchiveOptions(optionsData);
if (options != null) {
- CMS.debug("CAEnrollProfile: execute found "
- + "PKIArchiveOptions");
+ CMS.debug("CAEnrollProfile: execute found " +
+ "PKIArchiveOptions");
try {
IConnector kraConnector = caService.getKRAConnector();
if (kraConnector == null) {
- CMS.debug("CAEnrollProfile: KRA connector "
- + "not configured");
+ CMS.debug("CAEnrollProfile: KRA connector " +
+ "not configured");
- auditMessage = CMS
- .getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
- auditSubjectID, ILogger.FAILURE,
- auditRequesterID, auditArchiveID);
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditArchiveID);
audit(auditMessage);
-
+
} else {
CMS.debug("CAEnrollProfile: execute send request");
kraConnector.send(request);
+
+
// check response
if (!request.isSuccess()) {
- auditMessage = CMS
- .getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
- auditSubjectID, ILogger.FAILURE,
- auditRequesterID, auditArchiveID);
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditArchiveID);
audit(auditMessage);
throw new ERejectException(
request.getError(getLocale(request)));
}
- auditMessage = CMS
- .getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
- auditSubjectID, ILogger.SUCCESS,
- auditRequesterID, auditArchiveID);
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditRequesterID,
+ auditArchiveID);
audit(auditMessage);
}
} catch (Exception e) {
+
if (e instanceof ERejectException) {
throw (ERejectException) e;
}
@@ -160,7 +174,9 @@ public class CAEnrollProfile extends EnrollProfile {
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
- auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
auditArchiveID);
audit(auditMessage);
@@ -173,17 +189,17 @@ public class CAEnrollProfile extends EnrollProfile {
X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO);
X509CertImpl theCert = null;
- // #615460 - added audit log (transaction)
+ // #615460 - added audit log (transaction)
SessionContext sc = SessionContext.getExistingContext();
sc.put("profileId", getId());
String setId = request.getExtDataInString("profileSetId");
if (setId != null) {
- sc.put("profileSetId", setId);
+ sc.put("profileSetId", setId);
}
try {
- theCert = caService
- .issueX509Cert(info, getId() /* profileId */, id /* requestId */);
+ theCert = caService.issueX509Cert(info, getId() /* profileId */,
+ id /* requestId */);
} catch (EBaseException e) {
CMS.debug(e.toString());
@@ -193,27 +209,26 @@ public class CAEnrollProfile extends EnrollProfile {
long endTime = CMS.getCurrentDate().getTime();
- String initiative = AuditFormat.FROMAGENT + " userID: "
- + (String) sc.get(SessionContext.USER_ID);
- String authMgr = (String) sc.get(SessionContext.AUTH_MANAGER_ID);
+ String initiative = AuditFormat.FROMAGENT
+ + " userID: "
+ + (String)sc.get(SessionContext.USER_ID);
+ String authMgr = (String)sc.get(SessionContext.AUTH_MANAGER_ID);
ILogger logger = CMS.getLogger();
- if (logger != null) {
- logger.log(
- ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- request.getRequestType(),
- request.getRequestId(),
- initiative,
- authMgr,
- "completed",
- theCert.getSubjectDN(),
- "cert issued serial number: 0x"
- + theCert.getSerialNumber().toString(16)
- + " time: " + (endTime - startTime) });
+ if( logger != null ) {
+ logger.log( ILogger.EV_AUDIT,
+ ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.FORMAT,
+ new Object[] {
+ request.getRequestType(),
+ request.getRequestId(),
+ initiative,
+ authMgr,
+ "completed",
+ theCert.getSubjectDN(),
+ "cert issued serial number: 0x" +
+ theCert.getSerialNumber().toString(16) +
+ " time: " + (endTime - startTime) }
+ );
}
request.setRequestStatus(RequestStatus.COMPLETE);
@@ -221,9 +236,9 @@ public class CAEnrollProfile extends EnrollProfile {
// notifies updater plugins
Enumeration updaterIds = getProfileUpdaterIds();
while (updaterIds.hasMoreElements()) {
- String updaterId = (String) updaterIds.nextElement();
- IProfileUpdater updater = getProfileUpdater(updaterId);
- updater.update(request, RequestStatus.COMPLETE);
+ String updaterId = (String)updaterIds.nextElement();
+ IProfileUpdater updater = getProfileUpdater(updaterId);
+ updater.update(request, RequestStatus.COMPLETE);
}
// set value for predicate value - checking in getRule
@@ -233,3 +248,4 @@ public class CAEnrollProfile extends EnrollProfile {
request.setExtData("isEncryptionCert", "false");
}
}
+
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java
index e0c86303e..95c360f8c 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.common;
+
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -99,19 +100,21 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.IRequestQueue;
import com.netscape.cmsutil.util.HMACDigest;
+
/**
* This class implements a generic enrollment profile.
- *
+ *
* @version $Revision$, $Date$
*/
-public abstract class EnrollProfile extends BasicProfile implements
- IEnrollProfile {
+public abstract class EnrollProfile extends BasicProfile
+ implements IEnrollProfile {
- private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5";
- private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
+ private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST =
+ "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5";
+ private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION =
+ "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
private PKIData mCMCData;
-
public EnrollProfile() {
super();
}
@@ -132,11 +135,11 @@ public abstract class EnrollProfile extends BasicProfile implements
* Creates request.
*/
public IRequest[] createRequests(IProfileContext context, Locale locale)
- throws EProfileException {
+ throws EProfileException {
EnrollProfileContext ctx = (EnrollProfileContext) context;
// determine how many requests should be created
- String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE);
+ String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE);
String cert_request = ctx.get(CTX_CERT_REQUEST);
String is_renewal = ctx.get(CTX_RENEWAL);
Integer renewal_seq_num = 0;
@@ -166,16 +169,17 @@ public abstract class EnrollProfile extends BasicProfile implements
num_requests = msgs.length;
}
- // only 1 request for renewal
+ // only 1 request for renewal
if ((is_renewal != null) && (is_renewal.equals("true"))) {
num_requests = 1;
String renewal_seq_num_str = ctx.get(CTX_RENEWAL_SEQ_NUM);
if (renewal_seq_num_str != null) {
renewal_seq_num = Integer.parseInt(renewal_seq_num_str);
} else {
- renewal_seq_num = 0;
+ renewal_seq_num =0;
}
}
+
// populate requests with appropriate content
IRequest result[] = new IRequest[num_requests];
@@ -183,7 +187,7 @@ public abstract class EnrollProfile extends BasicProfile implements
for (int i = 0; i < num_requests; i++) {
result[i] = createEnrollmentRequest();
if ((is_renewal != null) && (is_renewal.equals("true"))) {
- result[i].setExtData(REQUEST_SEQ_NUM, renewal_seq_num);
+ result[i].setExtData(REQUEST_SEQ_NUM,renewal_seq_num);
} else {
result[i].setExtData(REQUEST_SEQ_NUM, Integer.valueOf(i));
}
@@ -204,35 +208,36 @@ public abstract class EnrollProfile extends BasicProfile implements
// retrieve issuer name
X500Name issuerName = getIssuerName();
- byte[] dummykey = new byte[] { 48, 92, 48, 13, 6, 9, 42, -122, 72,
- -122, -9, 13, 1, 1, 1, 5, 0, 3, 75, 0, 48, 72, 2, 65, 0, -65,
- 121, -119, -59, 105, 66, -122, -78, -30, -64, 63, -47, 44, -48,
- -104, 103, -47, -108, 42, -38, 46, -8, 32, 49, -29, -26, -112,
- -29, -86, 71, 24, -104, 78, -31, -75, -128, 90, -92, -34, -51,
- -125, -13, 80, 101, -78, 39, -119, -38, 117, 28, 67, -19, -71,
- -124, -85, 105, -53, -103, -59, -67, -38, -83, 118, 65, 2, 3,
- 1, 0, 1 };
+ byte[] dummykey = new byte[] {
+ 48, 92, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5,
+ 0, 3, 75, 0, 48, 72, 2, 65, 0, -65, 121, -119, -59, 105, 66,
+ -122, -78, -30, -64, 63, -47, 44, -48, -104, 103, -47, -108,
+ 42, -38, 46, -8, 32, 49, -29, -26, -112, -29, -86,71, 24,
+ -104, 78, -31, -75, -128, 90, -92, -34, -51, -125, -13, 80, 101,
+ -78, 39, -119, -38, 117, 28, 67, -19, -71, -124, -85, 105, -53,
+ -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1};
// default values into x509 certinfo. This thing is
// not serializable by default
try {
- info.set(X509CertInfo.VERSION, new CertificateVersion(
- CertificateVersion.V3));
- info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
- new BigInteger("0")));
- info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuerName));
- info.set(
- X509CertInfo.KEY,
- new CertificateX509Key(X509Key
- .parse(new DerValue(dummykey))));
- info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
- issuerName));
- info.set(X509CertInfo.VALIDITY, new CertificateValidity(new Date(),
- new Date()));
- info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(
+ info.set(X509CertInfo.VERSION,
+ new CertificateVersion(CertificateVersion.V3));
+ info.set(X509CertInfo.SERIAL_NUMBER,
+ new CertificateSerialNumber(new BigInteger("0")));
+ info.set(X509CertInfo.ISSUER,
+ new CertificateIssuerName(issuerName));
+ info.set(X509CertInfo.KEY,
+ new CertificateX509Key(X509Key.parse(new DerValue(dummykey))));
+ info.set(X509CertInfo.SUBJECT,
+ new CertificateSubjectName(issuerName));
+ info.set(X509CertInfo.VALIDITY,
+ new CertificateValidity(new Date(), new Date()));
+ info.set(X509CertInfo.ALGORITHM_ID,
+ new CertificateAlgorithmId(
AlgorithmId.getAlgorithmId("MD5withRSA")));
// add default extension container
- info.set(X509CertInfo.EXTENSIONS, new CertificateExtensions());
+ info.set(X509CertInfo.EXTENSIONS,
+ new CertificateExtensions());
} catch (Exception e) {
// throw exception - add key to template
CMS.debug("EnrollProfile: Building X509CertInfo - " + e.toString());
@@ -241,7 +246,8 @@ public abstract class EnrollProfile extends BasicProfile implements
req.setExtData(REQUEST_CERTINFO, info);
}
- public IRequest createEnrollmentRequest() throws EProfileException {
+ public IRequest createEnrollmentRequest()
+ throws EProfileException {
IRequest req = null;
try {
@@ -250,20 +256,22 @@ public abstract class EnrollProfile extends BasicProfile implements
setDefaultCertInfo(req);
// put the certificate info into request
- req.setExtData(REQUEST_EXTENSIONS, new CertificateExtensions());
+ req.setExtData(REQUEST_EXTENSIONS,
+ new CertificateExtensions());
- CMS.debug("EnrollProfile: createRequest "
- + req.getRequestId().toString());
+ CMS.debug("EnrollProfile: createRequest " +
+ req.getRequestId().toString());
} catch (EBaseException e) {
// raise exception
- CMS.debug("EnrollProfile: create new enroll request "
- + e.toString());
+ CMS.debug("EnrollProfile: create new enroll request " +
+ e.toString());
}
return req;
}
- public abstract void execute(IRequest request) throws EProfileException;
+ public abstract void execute(IRequest request)
+ throws EProfileException;
/**
* Perform simple policy set assignment.
@@ -290,8 +298,8 @@ public abstract class EnrollProfile extends BasicProfile implements
X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO);
try {
- CertificateSubjectName sn = (CertificateSubjectName) info
- .get(X509CertInfo.SUBJECT);
+ CertificateSubjectName sn = (CertificateSubjectName)
+ info.get(X509CertInfo.SUBJECT);
return sn.toString();
} catch (Exception e) {
@@ -301,34 +309,35 @@ public abstract class EnrollProfile extends BasicProfile implements
}
/**
- * This method is called after the user submits the request from the
- * end-entity page.
+ * This method is called after the user submits the
+ * request from the end-entity page.
*/
public void submit(IAuthToken token, IRequest request)
- throws EDeferException, EProfileException {
+ throws EDeferException, EProfileException {
// Request Submission Logic:
//
// if (Authentication Failed) {
- // return Error
- // } else {
- // if (No Auth Token) {
- // queue request
+ // return Error
// } else {
- // process request
- // }
+ // if (No Auth Token) {
+ // queue request
+ // } else {
+ // process request
+ // }
// }
- IAuthority authority = (IAuthority) getAuthority();
+ IAuthority authority = (IAuthority)
+ getAuthority();
IRequestQueue queue = authority.getRequestQueue();
- // this profile queues request that is authenticated
- // by NoAuth
- try {
- queue.updateRequest(request);
- } catch (EBaseException e) {
- // save request to disk
- CMS.debug("EnrollProfile: Update request " + e.toString());
- }
+ // this profile queues request that is authenticated
+ // by NoAuth
+ try {
+ queue.updateRequest(request);
+ } catch (EBaseException e) {
+ // save request to disk
+ CMS.debug("EnrollProfile: Update request " + e.toString());
+ }
if (token == null) {
CMS.debug("EnrollProfile: auth token is null");
@@ -337,8 +346,7 @@ public abstract class EnrollProfile extends BasicProfile implements
try {
queue.updateRequest(request);
} catch (EBaseException e) {
- CMS.debug("EnrollProfile: Update request (after validation) "
- + e.toString());
+ CMS.debug("EnrollProfile: Update request (after validation) " + e.toString());
}
throw new EDeferException("defer request");
@@ -352,12 +360,12 @@ public abstract class EnrollProfile extends BasicProfile implements
}
public TaggedRequest[] parseCMC(Locale locale, String certreq)
- throws EProfileException {
+ throws EProfileException {
/* cert request must not be null */
if (certreq == null) {
CMS.debug("EnrollProfile: parseCMC() certreq null");
- throw new EProfileException(CMS.getUserMessage(locale,
- "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(
+ CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
}
CMS.debug("EnrollProfile: Start parseCMC(): " + certreq);
@@ -367,24 +375,22 @@ public abstract class EnrollProfile extends BasicProfile implements
String creq = normalizeCertReq(certreq);
try {
byte data[] = CMS.AtoB(creq);
- ByteArrayInputStream cmcBlobIn = new ByteArrayInputStream(data);
-
- org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) org.mozilla.jss.pkix.cms.ContentInfo
- .getTemplate().decode(cmcBlobIn);
- org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData) cmcReq
- .getInterpretedContent();
- org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq
- .getContentInfo();
+ ByteArrayInputStream cmcBlobIn =
+ new ByteArrayInputStream(data);
+
+ org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo)
+ org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
+ org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData)cmcReq.getInterpretedContent();
+ org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
OBJECT_IDENTIFIER id = ci.getContentType();
OCTET_STRING content = ci.getContent();
-
- ByteArrayInputStream s = new ByteArrayInputStream(
- content.toByteArray());
+
+ ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray());
PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s);
mCMCData = pkiData;
- // PKIData pkiData = (PKIData)
- // (new PKIData.Template()).decode(cmcBlobIn);
+ //PKIData pkiData = (PKIData)
+ // (new PKIData.Template()).decode(cmcBlobIn);
SEQUENCE controlSeq = pkiData.getControlSequence();
int numcontrols = controlSeq.size();
SEQUENCE reqSeq = pkiData.getReqSequence();
@@ -394,24 +400,22 @@ public abstract class EnrollProfile extends BasicProfile implements
if (numcontrols > 0) {
context.put("numOfControls", Integer.valueOf(numcontrols));
TaggedAttribute[] attributes = new TaggedAttribute[numcontrols];
- for (int i = 0; i < numcontrols; i++) {
- attributes[i] = (TaggedAttribute) controlSeq
- .elementAt(i);
+ for (int i=0; i<numcontrols; i++) {
+ attributes[i] = (TaggedAttribute)controlSeq.elementAt(i);
OBJECT_IDENTIFIER oid = attributes[i].getType();
if (oid.equals(OBJECT_IDENTIFIER.id_cmc_identityProof)) {
- boolean valid = verifyIdentityProof(attributes[i],
- reqSeq);
+ boolean valid = verifyIdentityProof(attributes[i],
+ reqSeq);
if (!valid) {
- SEQUENCE bpids = getRequestBpids(reqSeq);
+ SEQUENCE bpids = getRequestBpids(reqSeq);
context.put("identityProof", bpids);
return null;
}
- } else if (oid
- .equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkRandom)) {
+ } else if (oid.equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkRandom)) {
SET vals = attributes[i].getValues();
- OCTET_STRING ostr = (OCTET_STRING) (ASN1Util
- .decode(OCTET_STRING.getTemplate(),
- ASN1Util.encode(vals.elementAt(0))));
+ OCTET_STRING ostr =
+ (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(),
+ ASN1Util.encode(vals.elementAt(0))));
randomSeed = ostr.toByteArray();
} else {
context.put(attributes[i].getType(), attributes[i]);
@@ -419,19 +423,18 @@ public abstract class EnrollProfile extends BasicProfile implements
}
}
}
-
+
SEQUENCE otherMsgSeq = pkiData.getOtherMsgSequence();
int numOtherMsgs = otherMsgSeq.size();
if (!context.containsKey("numOfOtherMsgs")) {
context.put("numOfOtherMsgs", Integer.valueOf(numOtherMsgs));
- for (int i = 0; i < numOtherMsgs; i++) {
- OtherMsg omsg = (OtherMsg) (ASN1Util.decode(
- OtherMsg.getTemplate(),
- ASN1Util.encode(otherMsgSeq.elementAt(i))));
- context.put("otherMsg" + i, omsg);
+ for (int i=0; i<numOtherMsgs; i++) {
+ OtherMsg omsg =(OtherMsg)(ASN1Util.decode(OtherMsg.getTemplate(),
+ ASN1Util.encode(otherMsgSeq.elementAt(i))));
+ context.put("otherMsg"+i, omsg);
}
}
-
+
int nummsgs = reqSeq.size();
if (nummsgs > 0) {
msgs = new TaggedRequest[reqSeq.size()];
@@ -441,11 +444,10 @@ public abstract class EnrollProfile extends BasicProfile implements
msgs[i] = (TaggedRequest) reqSeq.elementAt(i);
if (!context.containsKey("POPLinkWitness")) {
if (randomSeed != null) {
- valid = verifyPOPLinkWitness(randomSeed, msgs[i],
- bpids);
+ valid = verifyPOPLinkWitness(randomSeed, msgs[i], bpids);
if (!valid || bpids.size() > 0) {
context.put("POPLinkWitness", bpids);
- return null;
+ return null;
}
}
}
@@ -456,13 +458,13 @@ public abstract class EnrollProfile extends BasicProfile implements
return msgs;
} catch (Exception e) {
CMS.debug("EnrollProfile: parseCMC " + e.toString());
- throw new EProfileException(CMS.getUserMessage(locale,
- "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(
+ CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
}
}
private boolean verifyPOPLinkWitness(byte[] randomSeed, TaggedRequest req,
- SEQUENCE bpids) {
+ SEQUENCE bpids) {
ISharedToken tokenClass = null;
boolean sharedSecretFound = true;
String name = null;
@@ -477,15 +479,15 @@ public abstract class EnrollProfile extends BasicProfile implements
}
try {
- tokenClass = (ISharedToken) Class.forName(name).newInstance();
+ tokenClass = (ISharedToken)Class.forName(name).newInstance();
} catch (ClassNotFoundException e) {
- CMS.debug("EnrollProfile: Failed to find class name: " + name);
+ CMS.debug("EnrollProfile: Failed to find class name: "+name);
sharedSecretFound = false;
} catch (InstantiationException e) {
- CMS.debug("EnrollProfile: Failed to instantiate class: " + name);
+ CMS.debug("EnrollProfile: Failed to instantiate class: "+name);
sharedSecretFound = false;
} catch (IllegalAccessException e) {
- CMS.debug("EnrollProfile: Illegal access: " + name);
+ CMS.debug("EnrollProfile: Illegal access: "+name);
sharedSecretFound = false;
}
@@ -494,7 +496,7 @@ public abstract class EnrollProfile extends BasicProfile implements
String sharedSecret = null;
if (tokenClass != null)
sharedSecret = tokenClass.getSharedToken(mCMCData);
- if (req.getType().equals(TaggedRequest.PKCS10)) {
+ if (req.getType().equals(TaggedRequest.PKCS10)) {
TaggedCertificationRequest tcr = req.getTcr();
if (!sharedSecretFound) {
bpids.addElement(tcr.getBodyPartID());
@@ -503,27 +505,25 @@ public abstract class EnrollProfile extends BasicProfile implements
CertificationRequest creq = tcr.getCertificationRequest();
CertificationRequestInfo cinfo = creq.getInfo();
SET attrs = cinfo.getAttributes();
- for (int j = 0; j < attrs.size(); j++) {
- Attribute pkcs10Attr = (Attribute) attrs.elementAt(j);
- if (pkcs10Attr.getType().equals(
- OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) {
+ for (int j=0; j<attrs.size(); j++) {
+ Attribute pkcs10Attr = (Attribute)attrs.elementAt(j);
+ if (pkcs10Attr.getType().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) {
SET witnessVal = pkcs10Attr.getValues();
if (witnessVal.size() > 0) {
try {
- OCTET_STRING str = (OCTET_STRING) (ASN1Util
- .decode(OCTET_STRING.getTemplate(),
- ASN1Util.encode(witnessVal
- .elementAt(0))));
+ OCTET_STRING str =
+ (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(),
+ ASN1Util.encode(witnessVal.elementAt(0))));
bv = str.toByteArray();
return verifyDigest(sharedSecret.getBytes(),
- randomSeed, bv);
+ randomSeed, bv);
} catch (InvalidBERException ex) {
return false;
}
}
- }
+ }
}
-
+
return false;
}
} else if (req.getType().equals(TaggedRequest.CRMF)) {
@@ -537,15 +537,14 @@ public abstract class EnrollProfile extends BasicProfile implements
for (int i = 0; i < certReq.numControls(); i++) {
AVA ava = certReq.controlAt(i);
- if (ava.getOID().equals(
- OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) {
+ if (ava.getOID().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) {
ASN1Value value = ava.getValue();
ByteArrayInputStream bis = new ByteArrayInputStream(
- ASN1Util.encode(value));
+ ASN1Util.encode(value));
OCTET_STRING ostr = null;
try {
- ostr = (OCTET_STRING) (new OCTET_STRING.Template())
- .decode(bis);
+ ostr = (OCTET_STRING)
+ (new OCTET_STRING.Template()).decode(bis);
bv = ostr.toByteArray();
} catch (Exception e) {
bpids.addElement(reqId);
@@ -553,7 +552,7 @@ public abstract class EnrollProfile extends BasicProfile implements
}
boolean valid = verifyDigest(sharedSecret.getBytes(),
- randomSeed, bv);
+ randomSeed, bv);
if (!valid) {
bpids.addElement(reqId);
return valid;
@@ -572,7 +571,7 @@ public abstract class EnrollProfile extends BasicProfile implements
MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1");
key = SHA1Digest.digest(sharedSecret);
} catch (NoSuchAlgorithmException ex) {
- CMS.debug("EnrollProfile: No such algorithm for this message digest.");
+ CMS.debug("EnrollProfile: No such algorithm for this message digest.");
return false;
}
@@ -583,7 +582,7 @@ public abstract class EnrollProfile extends BasicProfile implements
hmacDigest.update(text);
finalDigest = hmacDigest.digest();
} catch (NoSuchAlgorithmException ex) {
- CMS.debug("EnrollProfile: No such algorithm for this message digest.");
+ CMS.debug("EnrollProfile: No such algorithm for this message digest.");
return false;
}
@@ -592,9 +591,9 @@ public abstract class EnrollProfile extends BasicProfile implements
return false;
}
- for (int j = 0; j < bv.length; j++) {
+ for (int j=0; j<bv.length; j++) {
if (bv[j] != finalDigest[j]) {
- CMS.debug("EnrollProfile: The content of two HMAC digest are not the same.");
+ CMS.debug("EnrollProfile: The content of two HMAC digest are not the same.");
return false;
}
}
@@ -636,24 +635,23 @@ public abstract class EnrollProfile extends BasicProfile implements
else {
ISharedToken tokenClass = null;
try {
- tokenClass = (ISharedToken) Class.forName(name).newInstance();
+ tokenClass = (ISharedToken)Class.forName(name).newInstance();
} catch (ClassNotFoundException e) {
- CMS.debug("EnrollProfile: Failed to find class name: " + name);
+ CMS.debug("EnrollProfile: Failed to find class name: "+name);
return false;
} catch (InstantiationException e) {
- CMS.debug("EnrollProfile: Failed to instantiate class: " + name);
+ CMS.debug("EnrollProfile: Failed to instantiate class: "+name);
return false;
} catch (IllegalAccessException e) {
- CMS.debug("EnrollProfile: Illegal access: " + name);
+ CMS.debug("EnrollProfile: Illegal access: "+name);
return false;
}
-
+
String token = tokenClass.getSharedToken(mCMCData);
OCTET_STRING ostr = null;
try {
- ostr = (OCTET_STRING) (ASN1Util.decode(
- OCTET_STRING.getTemplate(),
- ASN1Util.encode(vals.elementAt(0))));
+ ostr = (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(),
+ ASN1Util.encode(vals.elementAt(0))));
} catch (InvalidBERException e) {
CMS.debug("EnrollProfile: Failed to decode the byte value.");
return false;
@@ -665,33 +663,35 @@ public abstract class EnrollProfile extends BasicProfile implements
}
}
- public void fillTaggedRequest(Locale locale, TaggedRequest tagreq,
- X509CertInfo info, IRequest req) throws EProfileException {
+ public void fillTaggedRequest(Locale locale, TaggedRequest tagreq, X509CertInfo info,
+ IRequest req)
+ throws EProfileException {
TaggedRequest.Type type = tagreq.getType();
- if (type.equals(TaggedRequest.PKCS10)) {
+ if (type.equals(TaggedRequest.PKCS10)) {
try {
- TaggedCertificationRequest tcr = tagreq.getTcr();
- CertificationRequest p10 = tcr.getCertificationRequest();
- ByteArrayOutputStream ostream = new ByteArrayOutputStream();
+ TaggedCertificationRequest tcr = tagreq.getTcr();
+ CertificationRequest p10 = tcr.getCertificationRequest();
+ ByteArrayOutputStream ostream = new ByteArrayOutputStream();
- p10.encode(ostream);
+ p10.encode(ostream);
PKCS10 pkcs10 = new PKCS10(ostream.toByteArray());
req.setExtData("bodyPartId", tcr.getBodyPartID());
fillPKCS10(locale, pkcs10, info, req);
} catch (Exception e) {
- CMS.debug("EnrollProfile: fillTaggedRequest " + e.toString());
+ CMS.debug("EnrollProfile: fillTaggedRequest " +
+ e.toString());
}
- } else if (type.equals(TaggedRequest.CRMF)) {
- CertReqMsg crm = tagreq.getCrm();
+ } else if (type.equals(TaggedRequest.CRMF)) {
+ CertReqMsg crm = tagreq.getCrm();
SessionContext context = SessionContext.getContext();
- Integer nums = (Integer) (context.get("numOfControls"));
+ Integer nums = (Integer)(context.get("numOfControls"));
// check if the LRA POP Witness Control attribute exists
if (nums != null && nums.intValue() > 0) {
- TaggedAttribute attr = (TaggedAttribute) (context
- .get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness));
+ TaggedAttribute attr =
+ (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness));
if (attr != null) {
parseLRAPopWitness(locale, crm, attr);
} else {
@@ -705,58 +705,53 @@ public abstract class EnrollProfile extends BasicProfile implements
fillCertReqMsg(locale, crm, info, req);
} else {
- throw new EProfileException(CMS.getUserMessage(locale,
- "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(
+ CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
}
}
- private void parseLRAPopWitness(Locale locale, CertReqMsg crm,
- TaggedAttribute attr) throws EProfileException {
+ private void parseLRAPopWitness(Locale locale, CertReqMsg crm,
+ TaggedAttribute attr) throws EProfileException {
SET vals = attr.getValues();
boolean donePOP = false;
INTEGER reqId = null;
if (vals.size() > 0) {
LraPopWitness lraPop = null;
try {
- lraPop = (LraPopWitness) (ASN1Util.decode(
- LraPopWitness.getTemplate(),
- ASN1Util.encode(vals.elementAt(0))));
+ lraPop = (LraPopWitness)(ASN1Util.decode(LraPopWitness.getTemplate(),
+ ASN1Util.encode(vals.elementAt(0))));
} catch (InvalidBERException e) {
- throw new EProfileException(CMS.getUserMessage(locale,
- "CMS_PROFILE_ENCODING_ERROR"));
+ throw new EProfileException(
+ CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR"));
}
SEQUENCE bodyIds = lraPop.getBodyIds();
reqId = crm.getCertReq().getCertReqId();
- for (int i = 0; i < bodyIds.size(); i++) {
- INTEGER num = (INTEGER) (bodyIds.elementAt(i));
+ for (int i=0; i<bodyIds.size(); i++) {
+ INTEGER num = (INTEGER)(bodyIds.elementAt(i));
if (num.toString().equals(reqId.toString())) {
donePOP = true;
- CMS.debug("EnrollProfile: skip POP for request: "
- + reqId.toString()
- + " because LRA POP Witness control is found.");
+ CMS.debug("EnrollProfile: skip POP for request: "+reqId.toString()+ " because LRA POP Witness control is found.");
break;
}
}
}
if (!donePOP) {
- CMS.debug("EnrollProfile: not skip POP for request: "
- + reqId.toString()
- + " because this request id is not part of the body list in LRA Pop witness control.");
+ CMS.debug("EnrollProfile: not skip POP for request: "+reqId.toString()+" because this request id is not part of the body list in LRA Pop witness control.");
verifyPOP(locale, crm);
}
}
public CertReqMsg[] parseCRMF(Locale locale, String certreq)
- throws EProfileException {
+ throws EProfileException {
/* cert request must not be null */
if (certreq == null) {
CMS.debug("EnrollProfile: parseCRMF() certreq null");
- throw new EProfileException(CMS.getUserMessage(locale,
- "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(
+ CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
}
CMS.debug("EnrollProfile: Start parseCRMF(): " + certreq);
@@ -764,9 +759,11 @@ public abstract class EnrollProfile extends BasicProfile implements
String creq = normalizeCertReq(certreq);
try {
byte data[] = CMS.AtoB(creq);
- ByteArrayInputStream crmfBlobIn = new ByteArrayInputStream(data);
- SEQUENCE crmfMsgs = (SEQUENCE) new SEQUENCE.OF_Template(
- new CertReqMsg.Template()).decode(crmfBlobIn);
+ ByteArrayInputStream crmfBlobIn =
+ new ByteArrayInputStream(data);
+ SEQUENCE crmfMsgs = (SEQUENCE)
+ new SEQUENCE.OF_Template(new
+ CertReqMsg.Template()).decode(crmfBlobIn);
int nummsgs = crmfMsgs.size();
if (nummsgs <= 0)
@@ -778,23 +775,24 @@ public abstract class EnrollProfile extends BasicProfile implements
return msgs;
} catch (Exception e) {
CMS.debug("EnrollProfile: parseCRMF " + e.toString());
- throw new EProfileException(CMS.getUserMessage(locale,
- "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(
+ CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
}
}
- private static final OBJECT_IDENTIFIER PKIARCHIVEOPTIONS_OID = new OBJECT_IDENTIFIER(
- new long[] { 1, 3, 6, 1, 5, 5, 7, 5, 1, 4 });
+ private static final OBJECT_IDENTIFIER PKIARCHIVEOPTIONS_OID =
+ new OBJECT_IDENTIFIER(new long[] {1, 3, 6, 1, 5, 5, 7, 5, 1, 4}
+ );
- protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) {
- ASN1Value archVal = ava.getValue();
+ protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) {
+ ASN1Value archVal = ava.getValue();
ByteArrayInputStream bis = new ByteArrayInputStream(
- ASN1Util.encode(archVal));
+ ASN1Util.encode(archVal));
PKIArchiveOptions archOpts = null;
- try {
- archOpts = (PKIArchiveOptions) (new PKIArchiveOptions.Template())
- .decode(bis);
+ try {
+ archOpts = (PKIArchiveOptions)
+ (new PKIArchiveOptions.Template()).decode(bis);
} catch (Exception e) {
CMS.debug("EnrollProfile: getPKIArchiveOptions " + e.toString());
}
@@ -805,21 +803,22 @@ public abstract class EnrollProfile extends BasicProfile implements
ByteArrayInputStream bis = new ByteArrayInputStream(options);
PKIArchiveOptions archOpts = null;
- try {
- archOpts = (PKIArchiveOptions) (new PKIArchiveOptions.Template())
- .decode(bis);
+ try {
+ archOpts = (PKIArchiveOptions)
+ (new PKIArchiveOptions.Template()).decode(bis);
} catch (Exception e) {
CMS.debug("EnrollProfile: toPKIArchiveOptions " + e.toString());
}
return archOpts;
}
- public byte[] toByteArray(PKIArchiveOptions options) {
+ public byte[] toByteArray(PKIArchiveOptions options) {
return ASN1Util.encode(options);
}
- public void fillCertReqMsg(Locale locale, CertReqMsg certReqMsg,
- X509CertInfo info, IRequest req) throws EProfileException {
+ public void fillCertReqMsg(Locale locale, CertReqMsg certReqMsg, X509CertInfo info,
+ IRequest req)
+ throws EProfileException {
try {
CMS.debug("Start parseCertReqMsg ");
CertRequest certReq = certReqMsg.getCertReq();
@@ -828,11 +827,12 @@ public abstract class EnrollProfile extends BasicProfile implements
for (int i = 0; i < certReq.numControls(); i++) {
AVA ava = certReq.controlAt(i);
- if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) {
+ if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) {
PKIArchiveOptions opt = getPKIArchiveOptions(ava);
- // req.set(REQUEST_ARCHIVE_OPTIONS, opt);
- req.setExtData(REQUEST_ARCHIVE_OPTIONS, toByteArray(opt));
+ //req.set(REQUEST_ARCHIVE_OPTIONS, opt);
+ req.setExtData(REQUEST_ARCHIVE_OPTIONS,
+ toByteArray(opt));
}
}
@@ -849,24 +849,23 @@ public abstract class EnrollProfile extends BasicProfile implements
key.decode(keybytes);
// XXX - kmccarth - this may simply undo the decoding above
- // but for now it's unclear whether X509Key
- // changest the format when decoding.
+ // but for now it's unclear whether X509Key
+ // changest the format when decoding.
CertificateX509Key certKey = new CertificateX509Key(key);
ByteArrayOutputStream certKeyOut = new ByteArrayOutputStream();
certKey.encode(certKeyOut);
req.setExtData(REQUEST_KEY, certKeyOut.toByteArray());
// parse validity
- if (certTemplate.getNotBefore() != null
- || certTemplate.getNotAfter() != null) {
- CMS.debug("EnrollProfile: requested notBefore: "
- + certTemplate.getNotBefore());
- CMS.debug("EnrollProfile: requested notAfter: "
- + certTemplate.getNotAfter());
+ if (certTemplate.getNotBefore() != null ||
+ certTemplate.getNotAfter() != null) {
+ CMS.debug("EnrollProfile: requested notBefore: " + certTemplate.getNotBefore());
+ CMS.debug("EnrollProfile: requested notAfter: " + certTemplate.getNotAfter());
CMS.debug("EnrollProfile: current CA time: " + new Date());
CertificateValidity certValidity = new CertificateValidity(
certTemplate.getNotBefore(), certTemplate.getNotAfter());
- ByteArrayOutputStream certValidityOut = new ByteArrayOutputStream();
+ ByteArrayOutputStream certValidityOut =
+ new ByteArrayOutputStream();
certValidity.encode(certValidityOut);
req.setExtData(REQUEST_VALIDITY, certValidityOut.toByteArray());
} else {
@@ -876,32 +875,31 @@ public abstract class EnrollProfile extends BasicProfile implements
// parse subject
if (certTemplate.hasSubject()) {
Name subjectdn = certTemplate.getSubject();
- ByteArrayOutputStream subjectEncStream = new ByteArrayOutputStream();
+ ByteArrayOutputStream subjectEncStream =
+ new ByteArrayOutputStream();
subjectdn.encode(subjectEncStream);
byte[] subjectEnc = subjectEncStream.toByteArray();
X500Name subject = new X500Name(subjectEnc);
- // info.set(X509CertInfo.SUBJECT,
- // new CertificateSubjectName(subject));
+ //info.set(X509CertInfo.SUBJECT,
+ // new CertificateSubjectName(subject));
req.setExtData(REQUEST_SUBJECT_NAME,
new CertificateSubjectName(subject));
try {
- String subjectCN = subject.getCommonName();
- if (subjectCN == null)
- subjectCN = "";
- req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN);
+ String subjectCN = subject.getCommonName();
+ if (subjectCN == null) subjectCN = "";
+ req.setExtData(REQUEST_SUBJECT_NAME+".cn", subjectCN);
} catch (Exception ee) {
- req.setExtData(REQUEST_SUBJECT_NAME + ".cn", "");
+ req.setExtData(REQUEST_SUBJECT_NAME+".cn", "");
}
try {
String subjectUID = subject.getUserID();
- if (subjectUID == null)
- subjectUID = "";
- req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID);
+ if (subjectUID == null) subjectUID = "";
+ req.setExtData(REQUEST_SUBJECT_NAME+".uid", subjectUID);
} catch (Exception ee) {
- req.setExtData(REQUEST_SUBJECT_NAME + ".uid", "");
+ req.setExtData(REQUEST_SUBJECT_NAME+".uid", "");
}
}
@@ -910,11 +908,11 @@ public abstract class EnrollProfile extends BasicProfile implements
// try {
extensions = req.getExtDataInCertExts(REQUEST_EXTENSIONS);
- // } catch (CertificateException e) {
- // extensions = null;
+ // } catch (CertificateException e) {
+ // extensions = null;
// } catch (IOException e) {
- // extensions = null;
- // }
+ // extensions = null;
+ // }
if (certTemplate.hasExtensions()) {
// put each extension from CRMF into CertInfo.
// index by extension name, consistent with
@@ -924,54 +922,57 @@ public abstract class EnrollProfile extends BasicProfile implements
int numexts = certTemplate.numExtensions();
for (int j = 0; j < numexts; j++) {
- org.mozilla.jss.pkix.cert.Extension jssext = certTemplate
- .extensionAt(j);
+ org.mozilla.jss.pkix.cert.Extension jssext =
+ certTemplate.extensionAt(j);
boolean isCritical = jssext.getCritical();
- org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = jssext
- .getExtnId();
+ org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid =
+ jssext.getExtnId();
long[] numbers = jssoid.getNumbers();
int[] oidNumbers = new int[numbers.length];
for (int k = numbers.length - 1; k >= 0; k--) {
oidNumbers[k] = (int) numbers[k];
}
- ObjectIdentifier oid = new ObjectIdentifier(oidNumbers);
- org.mozilla.jss.asn1.OCTET_STRING jssvalue = jssext
- .getExtnValue();
- ByteArrayOutputStream jssvalueout = new ByteArrayOutputStream();
+ ObjectIdentifier oid =
+ new ObjectIdentifier(oidNumbers);
+ org.mozilla.jss.asn1.OCTET_STRING jssvalue =
+ jssext.getExtnValue();
+ ByteArrayOutputStream jssvalueout =
+ new ByteArrayOutputStream();
jssvalue.encode(jssvalueout);
byte[] extValue = jssvalueout.toByteArray();
- Extension ext = new Extension(oid, isCritical, extValue);
+ Extension ext =
+ new Extension(oid, isCritical, extValue);
extensions.parseExtension(ext);
}
- // info.set(X509CertInfo.EXTENSIONS, extensions);
+ // info.set(X509CertInfo.EXTENSIONS, extensions);
req.setExtData(REQUEST_EXTENSIONS, extensions);
}
} catch (IOException e) {
CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString());
- throw new EProfileException(CMS.getUserMessage(locale,
- "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(
+ CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
} catch (InvalidKeyException e) {
CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString());
- throw new EProfileException(CMS.getUserMessage(locale,
- "CMS_PROFILE_INVALID_REQUEST"));
- // } catch (CertificateException e) {
- // CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString());
- // throw new EProfileException(e.toString());
+ throw new EProfileException(
+ CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
+ // } catch (CertificateException e) {
+ // CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString());
+ // throw new EProfileException(e.toString());
}
}
public PKCS10 parsePKCS10(Locale locale, String certreq)
- throws EProfileException {
+ throws EProfileException {
/* cert request must not be null */
if (certreq == null) {
CMS.debug("EnrollProfile:parsePKCS10() certreq null");
- throw new EProfileException(CMS.getUserMessage(locale,
- "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(
+ CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
}
CMS.debug("Start parsePKCS10(): " + certreq);
@@ -987,20 +988,17 @@ public abstract class EnrollProfile extends BasicProfile implements
try {
cm = CryptoManager.getInstance();
- sigver = CMS.getConfigStore().getBoolean(
- "ca.requestVerify.enabled", true);
+ sigver = CMS.getConfigStore().getBoolean("ca.requestVerify.enabled", true);
if (sigver) {
CMS.debug("EnrollProfile: parsePKCS10: signature verification enabled");
- String tokenName = CMS.getConfigStore().getString(
- "ca.requestVerify.token", "internal");
+ String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", "internal");
savedToken = cm.getThreadToken();
CryptoToken signToken = null;
if (tokenName.equals("internal")) {
CMS.debug("EnrollProfile: parsePKCS10: use internal token");
signToken = cm.getInternalCryptoToken();
} else {
- CMS.debug("EnrollProfile: parsePKCS10: tokenName="
- + tokenName);
+ CMS.debug("EnrollProfile: parsePKCS10: tokenName="+ tokenName);
signToken = cm.getTokenByName(tokenName);
}
CMS.debug("EnrollProfile: parsePKCS10 setting thread token");
@@ -1012,8 +1010,8 @@ public abstract class EnrollProfile extends BasicProfile implements
}
} catch (Exception e) {
CMS.debug("EnrollProfile: parsePKCS10 " + e.toString());
- throw new EProfileException(CMS.getUserMessage(locale,
- "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(
+ CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
} finally {
if (sigver) {
CMS.debug("EnrollProfile: parsePKCS10 restoring thread token");
@@ -1024,8 +1022,8 @@ public abstract class EnrollProfile extends BasicProfile implements
return pkcs10;
}
- public void fillPKCS10(Locale locale, PKCS10 pkcs10, X509CertInfo info,
- IRequest req) throws EProfileException {
+ public void fillPKCS10(Locale locale, PKCS10 pkcs10, X509CertInfo info, IRequest req)
+ throws EProfileException {
X509Key key = pkcs10.getSubjectPublicKeyInfo();
try {
@@ -1037,41 +1035,36 @@ public abstract class EnrollProfile extends BasicProfile implements
req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME,
new CertificateSubjectName(pkcs10.getSubjectName()));
try {
- String subjectCN = pkcs10.getSubjectName().getCommonName();
- if (subjectCN == null)
- subjectCN = "";
- req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN);
+ String subjectCN = pkcs10.getSubjectName().getCommonName();
+ if (subjectCN == null) subjectCN = "";
+ req.setExtData(REQUEST_SUBJECT_NAME+".cn", subjectCN);
} catch (Exception ee) {
- req.setExtData(REQUEST_SUBJECT_NAME + ".cn", "");
+ req.setExtData(REQUEST_SUBJECT_NAME+".cn", "");
}
try {
String subjectUID = pkcs10.getSubjectName().getUserID();
- if (subjectUID == null)
- subjectUID = "";
- req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID);
+ if (subjectUID == null) subjectUID = "";
+ req.setExtData(REQUEST_SUBJECT_NAME+".uid", subjectUID);
} catch (Exception ee) {
- req.setExtData(REQUEST_SUBJECT_NAME + ".uid", "");
+ req.setExtData(REQUEST_SUBJECT_NAME+".uid", "");
}
info.set(X509CertInfo.KEY, certKey);
PKCS10Attributes p10Attrs = pkcs10.getAttributes();
if (p10Attrs != null) {
- PKCS10Attribute p10Attr = (PKCS10Attribute) (p10Attrs
- .getAttribute(CertificateExtensions.NAME));
- if (p10Attr != null
- && p10Attr.getAttributeId().equals(
- PKCS9Attribute.EXTENSION_REQUEST_OID)) {
- CMS.debug("Found PKCS10 extension");
- Extensions exts0 = (Extensions) (p10Attr
- .getAttributeValue());
+ PKCS10Attribute p10Attr = (PKCS10Attribute)
+ (p10Attrs.getAttribute(CertificateExtensions.NAME));
+ if (p10Attr != null && p10Attr.getAttributeId().equals(
+ PKCS9Attribute.EXTENSION_REQUEST_OID)) { CMS.debug("Found PKCS10 extension");
+ Extensions exts0 = (Extensions)
+ (p10Attr.getAttributeValue());
DerOutputStream extOut = new DerOutputStream();
exts0.encode(extOut);
byte[] extB = extOut.toByteArray();
DerInputStream extIn = new DerInputStream(extB);
- CertificateExtensions exts = new CertificateExtensions(
- extIn);
+ CertificateExtensions exts = new CertificateExtensions(extIn);
if (exts != null) {
CMS.debug("Set extensions " + exts);
// info.set(X509CertInfo.EXTENSIONS, exts);
@@ -1079,73 +1072,75 @@ public abstract class EnrollProfile extends BasicProfile implements
}
} else {
CMS.debug("PKCS10 extension Not Found");
- }
- }
+ }
+ }
CMS.debug("Finish parsePKCS10 - " + pkcs10.getSubjectName());
} catch (IOException e) {
CMS.debug("EnrollProfile: fillPKCS10 " + e.toString());
- throw new EProfileException(CMS.getUserMessage(locale,
- "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(
+ CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
} catch (CertificateException e) {
CMS.debug("EnrollProfile: fillPKCS10 " + e.toString());
- throw new EProfileException(CMS.getUserMessage(locale,
- "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(
+ CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
}
}
- // for netkey
- public void fillNSNKEY(Locale locale, String sn, String skey,
- X509CertInfo info, IRequest req) throws EProfileException {
- try {
- // cfu - is the algorithm going to be replaced by the policy?
- X509Key key = new X509Key();
- key.decode(CMS.AtoB(skey));
-
- info.set(X509CertInfo.KEY, new CertificateX509Key(key));
- // req.set(EnrollProfile.REQUEST_SUBJECT_NAME,
- // new CertificateSubjectName(new
- // X500Name("CN="+sn)));
- req.setExtData("screenname", sn);
- // keeping "aoluid" to be backward compatible
- req.setExtData("aoluid", sn);
- req.setExtData("uid", sn);
- CMS.debug("EnrollPrifile: fillNSNKEY(): uid=" + sn);
+ // for netkey
+ public void fillNSNKEY(Locale locale, String sn, String skey, X509CertInfo info, IRequest req)
+ throws EProfileException {
- } catch (Exception e) {
- CMS.debug("EnrollProfile: fillNSNKEY(): " + e.toString());
- throw new EProfileException(CMS.getUserMessage(locale,
- "CMS_PROFILE_INVALID_REQUEST"));
+ try {
+ //cfu - is the algorithm going to be replaced by the policy?
+ X509Key key = new X509Key();
+ key.decode(CMS.AtoB(skey));
+
+ info.set(X509CertInfo.KEY, new CertificateX509Key(key));
+ // req.set(EnrollProfile.REQUEST_SUBJECT_NAME,
+ // new CertificateSubjectName(new
+ // X500Name("CN="+sn)));
+ req.setExtData("screenname", sn);
+ // keeping "aoluid" to be backward compatible
+ req.setExtData("aoluid", sn);
+ req.setExtData("uid", sn);
+ CMS.debug("EnrollPrifile: fillNSNKEY(): uid="+sn);
+
+ } catch (Exception e) {
+ CMS.debug("EnrollProfile: fillNSNKEY(): "+e.toString());
+ throw new EProfileException(
+ CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
+ }
}
- }
-
- // for house key
- public void fillNSHKEY(Locale locale, String tcuid, String skey,
- X509CertInfo info, IRequest req) throws EProfileException {
-
- try {
- // cfu - is the algorithm going to be replaced by the policy?
- X509Key key = new X509Key();
- key.decode(CMS.AtoB(skey));
- info.set(X509CertInfo.KEY, new CertificateX509Key(key));
- // req.set(EnrollProfile.REQUEST_SUBJECT_NAME,
- // new CertificateSubjectName(new
- // X500Name("CN="+sn)));
- req.setExtData("tokencuid", tcuid);
+ // for house key
+ public void fillNSHKEY(Locale locale, String tcuid, String skey, X509CertInfo info, IRequest req)
+ throws EProfileException {
- CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid=" + tcuid);
-
- } catch (Exception e) {
- CMS.debug("EnrollProfile: fillNSHKEY(): " + e.toString());
- throw new EProfileException(CMS.getUserMessage(locale,
- "CMS_PROFILE_INVALID_REQUEST"));
+ try {
+ //cfu - is the algorithm going to be replaced by the policy?
+ X509Key key = new X509Key();
+ key.decode(CMS.AtoB(skey));
+
+ info.set(X509CertInfo.KEY, new CertificateX509Key(key));
+ // req.set(EnrollProfile.REQUEST_SUBJECT_NAME,
+ // new CertificateSubjectName(new
+ // X500Name("CN="+sn)));
+ req.setExtData("tokencuid", tcuid);
+
+ CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid="+tcuid);
+
+ } catch (Exception e) {
+ CMS.debug("EnrollProfile: fillNSHKEY(): "+e.toString());
+ throw new EProfileException(
+ CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
+ }
}
- }
+
public DerInputStream parseKeyGen(Locale locale, String certreq)
- throws EProfileException {
+ throws EProfileException {
byte data[] = CMS.AtoB(certreq);
DerInputStream derIn = new DerInputStream(data);
@@ -1153,8 +1148,9 @@ public abstract class EnrollProfile extends BasicProfile implements
return derIn;
}
- public void fillKeyGen(Locale locale, DerInputStream derIn,
- X509CertInfo info, IRequest req) throws EProfileException {
+ public void fillKeyGen(Locale locale, DerInputStream derIn, X509CertInfo info, IRequest req
+ )
+ throws EProfileException {
try {
/* get SPKAC Algorithm & Signature */
@@ -1184,12 +1180,12 @@ public abstract class EnrollProfile extends BasicProfile implements
info.set(X509CertInfo.KEY, certKey);
} catch (IOException e) {
CMS.debug("EnrollProfile: fillKeyGen " + e.toString());
- throw new EProfileException(CMS.getUserMessage(locale,
- "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(
+ CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
} catch (CertificateException e) {
CMS.debug("EnrollProfile: fillKeyGen " + e.toString());
- throw new EProfileException(CMS.getUserMessage(locale,
- "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(
+ CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
}
}
@@ -1224,8 +1220,8 @@ public abstract class EnrollProfile extends BasicProfile implements
public Locale getLocale(IRequest request) {
Locale locale = null;
- String language = request
- .getExtDataInString(EnrollProfile.REQUEST_LOCALE);
+ String language = request.getExtDataInString(
+ EnrollProfile.REQUEST_LOCALE);
if (language != null) {
locale = new Locale(language);
}
@@ -1235,36 +1231,37 @@ public abstract class EnrollProfile extends BasicProfile implements
/**
* Populate input
* <P>
- *
+ *
* (either all "agent" profile cert requests NOT made through a connector,
- * or all "EE" profile cert requests NOT made through a connector)
+ * or all "EE" profile cert requests NOT made through a connector)
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a
* profile cert request is made (before approval process)
* </ul>
- *
* @param ctx profile context
* @param request the certificate request
* @exception EProfileException an error related to this profile has
- * occurred
+ * occurred
*/
public void populateInput(IProfileContext ctx, IRequest request)
- throws EProfileException {
+ throws EProfileException {
super.populateInput(ctx, request);
}
- public void populate(IRequest request) throws EProfileException {
+ public void populate(IRequest request)
+ throws EProfileException {
super.populate(request);
}
/**
- * Passes the request to the set of constraint policies that validate the
- * request against the profile.
+ * Passes the request to the set of constraint policies
+ * that validate the request against the profile.
*/
- public void validate(IRequest request) throws ERejectException {
+ public void validate(IRequest request)
+ throws ERejectException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditRequesterID = auditRequesterID(request);
@@ -1276,25 +1273,28 @@ public abstract class EnrollProfile extends BasicProfile implements
X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO);
try {
- CertificateSubjectName sn = (CertificateSubjectName) info
- .get(X509CertInfo.SUBJECT);
+ CertificateSubjectName sn = (CertificateSubjectName)
+ info.get(X509CertInfo.SUBJECT);
// if the cert subject name is NOT MISSING, retrieve the
// actual "auditCertificateSubjectName" and "normalize" it
if (sn != null) {
subject = sn.toString();
if (subject != null) {
- // NOTE: This is ok even if the cert subject name
- // is "" (empty)!
+ // NOTE: This is ok even if the cert subject name
+ // is "" (empty)!
auditCertificateSubjectName = subject.trim();
}
}
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, auditSubjectID,
- ILogger.SUCCESS, auditRequesterID, auditProfileID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditRequesterID,
+ auditProfileID,
+ auditCertificateSubjectName);
audit(auditMessage);
} catch (CertificateException e) {
@@ -1302,9 +1302,12 @@ public abstract class EnrollProfile extends BasicProfile implements
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, auditSubjectID,
- ILogger.FAILURE, auditRequesterID, auditProfileID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditProfileID,
+ auditCertificateSubjectName);
audit(auditMessage);
} catch (IOException e) {
@@ -1312,9 +1315,12 @@ public abstract class EnrollProfile extends BasicProfile implements
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, auditSubjectID,
- ILogger.FAILURE, auditRequesterID, auditProfileID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditProfileID,
+ auditCertificateSubjectName);
audit(auditMessage);
}
@@ -1331,8 +1337,8 @@ public abstract class EnrollProfile extends BasicProfile implements
if (key == null) {
Locale locale = getLocale(request);
- throw new ERejectException(CMS.getUserMessage(locale,
- "CMS_PROFILE_EMPTY_KEY"));
+ throw new ERejectException(CMS.getUserMessage(
+ locale, "CMS_PROFILE_EMPTY_KEY"));
}
try {
@@ -1344,11 +1350,12 @@ public abstract class EnrollProfile extends BasicProfile implements
/**
* Signed Audit Log Requester ID
- *
- * This method is inherited by all extended "EnrollProfile"s, and is called
- * to obtain the "RequesterID" for a signed audit log message.
+ *
+ * This method is inherited by all extended "EnrollProfile"s,
+ * and is called to obtain the "RequesterID" for
+ * a signed audit log message.
* <P>
- *
+ *
* @param request the actual request
* @return id string containing the signed audit log message RequesterID
*/
@@ -1374,11 +1381,12 @@ public abstract class EnrollProfile extends BasicProfile implements
/**
* Signed Audit Log Profile ID
- *
- * This method is inherited by all extended "EnrollProfile"s, and is called
- * to obtain the "ProfileID" for a signed audit log message.
+ *
+ * This method is inherited by all extended "EnrollProfile"s,
+ * and is called to obtain the "ProfileID" for
+ * a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message ProfileID
*/
protected String auditProfileID() {
@@ -1399,7 +1407,7 @@ public abstract class EnrollProfile extends BasicProfile implements
}
public void verifyPOP(Locale locale, CertReqMsg certReqMsg)
- throws EProfileException {
+ throws EProfileException {
CMS.debug("EnrollProfile ::in verifyPOP");
String auditMessage = null;
@@ -1418,35 +1426,37 @@ public abstract class EnrollProfile extends BasicProfile implements
try {
CryptoManager cm = CryptoManager.getInstance();
CryptoToken verifyToken = null;
- String tokenName = CMS.getConfigStore().getString(
- "ca.requestVerify.token", "internal");
+ String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", "internal");
if (tokenName.equals("internal")) {
CMS.debug("POP verification using internal token");
certReqMsg.verify();
} else {
- CMS.debug("POP verification using token:" + tokenName);
+ CMS.debug("POP verification using token:"+ tokenName);
verifyToken = cm.getTokenByName(tokenName);
certReqMsg.verify(verifyToken);
}
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID,
- ILogger.SUCCESS);
- audit(auditMessage);
+ LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+ auditSubjectID,
+ ILogger.SUCCESS );
+ audit( auditMessage );
} catch (Exception e) {
- CMS.debug("Failed POP verify! " + e.toString());
+ CMS.debug("Failed POP verify! "+e.toString());
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID,
- ILogger.FAILURE);
+ LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+ auditSubjectID,
+ ILogger.FAILURE );
- audit(auditMessage);
+ audit( auditMessage );
throw new EProfileException(CMS.getUserMessage(locale,
- "CMS_POP_VERIFICATION_ERROR"));
+ "CMS_POP_VERIFICATION_ERROR"));
}
}
}
+
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java
index 972412f7e..199aa7943 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java
@@ -17,15 +17,17 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.common;
+
import com.netscape.certsrv.profile.IProfileContext;
+
/**
- * This class implements an enrollment profile context that carries information
- * for request creation.
- *
+ * This class implements an enrollment profile context
+ * that carries information for request creation.
+ *
* @version $Revision$, $Date$
*/
-public class EnrollProfileContext extends ProfileContext implements
- IProfileContext {
+public class EnrollProfileContext extends ProfileContext
+ implements IProfileContext {
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java b/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java
index 7a275b1e6..147d9c820 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java
@@ -17,13 +17,15 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.common;
+
import java.util.Hashtable;
import com.netscape.certsrv.profile.IProfileContext;
+
/**
* This class implements the profile context.
- *
+ *
* @version $Revision$, $Date$
*/
public class ProfileContext implements IProfileContext {
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java b/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java
index a7895746f..a0f0ed250 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java
@@ -17,14 +17,17 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.common;
+
import com.netscape.certsrv.profile.IPolicyConstraint;
import com.netscape.certsrv.profile.IPolicyDefault;
import com.netscape.certsrv.profile.IProfilePolicy;
+
/**
- * This class implements a profile policy that contains a default policy and a
- * constraint policy.
- *
+ * This class implements a profile policy that
+ * contains a default policy and a constraint
+ * policy.
+ *
* @version $Revision$, $Date$
*/
public class ProfilePolicy implements IProfilePolicy {
@@ -32,8 +35,7 @@ public class ProfilePolicy implements IProfilePolicy {
private IPolicyDefault mDefault = null;
private IPolicyConstraint mConstraint = null;
- public ProfilePolicy(String id, IPolicyDefault def,
- IPolicyConstraint constraint) {
+ public ProfilePolicy(String id, IPolicyDefault def, IPolicyConstraint constraint) {
mId = id;
mDefault = def;
mConstraint = constraint;
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java
index b00ac56b9..f82e73138 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.common;
+
import java.util.Enumeration;
import netscape.security.x509.X500Name;
@@ -34,9 +35,11 @@ import com.netscape.certsrv.request.IRequestListener;
import com.netscape.certsrv.request.IRequestQueue;
import com.netscape.certsrv.request.RequestStatus;
+
/**
- * This class implements a Registration Manager enrollment profile.
- *
+ * This class implements a Registration Manager
+ * enrollment profile.
+ *
* @version $Revision$, $Date$
*/
public class RAEnrollProfile extends EnrollProfile {
@@ -46,7 +49,8 @@ public class RAEnrollProfile extends EnrollProfile {
}
public IAuthority getAuthority() {
- IAuthority authority = (IAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ IAuthority authority = (IAuthority)
+ CMS.getSubsystem(CMS.SUBSYSTEM_RA);
if (authority == null)
return null;
@@ -54,27 +58,31 @@ public class RAEnrollProfile extends EnrollProfile {
}
public X500Name getIssuerName() {
- IRegistrationAuthority ra = (IRegistrationAuthority) CMS
- .getSubsystem(CMS.SUBSYSTEM_RA);
+ IRegistrationAuthority ra = (IRegistrationAuthority)
+ CMS.getSubsystem(CMS.SUBSYSTEM_RA);
X500Name issuerName = ra.getX500Name();
return issuerName;
}
- public void execute(IRequest request) throws EProfileException {
+ public void execute(IRequest request)
+ throws EProfileException {
+
if (!isEnable()) {
CMS.debug("CAEnrollProfile: Profile Not Enabled");
throw new EProfileException("Profile Not Enabled");
}
- IRegistrationAuthority ra = (IRegistrationAuthority) getAuthority();
+ IRegistrationAuthority ra =
+ (IRegistrationAuthority) getAuthority();
IRAService raService = (IRAService) ra.getRAService();
if (raService == null) {
throw new EProfileException("No RA Service");
}
+
IRequestQueue queue = ra.getRequestQueue();
// send request to CA
@@ -86,16 +94,15 @@ public class RAEnrollProfile extends EnrollProfile {
} else {
caConnector.send(request);
// check response
- if (!request.isSuccess()) {
+ if (!request.isSuccess()) {
CMS.debug("RAEnrollProfile error talking to CA setting req status to SVC_PENDING");
request.setRequestStatus(RequestStatus.SVC_PENDING);
try {
- queue.updateRequest(request);
+ queue.updateRequest(request);
} catch (EBaseException e) {
- CMS.debug("RAEnrollProfile: Update request "
- + e.toString());
+ CMS.debug("RAEnrollProfile: Update request " + e.toString());
}
throw new ERejectException(
request.getError(getLocale(request)));
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java
index 7d6508644..4a18ff14d 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.common;
+
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.common.NameValuePairs;
@@ -27,86 +28,91 @@ import com.netscape.certsrv.profile.IProfileInput;
import com.netscape.certsrv.profile.IProfileOutput;
import com.netscape.certsrv.profile.IProfilePolicy;
+
/**
- * This class implements a Certificate Manager enrollment profile for Server
- * Certificates.
- *
+ * This class implements a Certificate Manager enrollment
+ * profile for Server Certificates.
+ *
* @version $Revision$, $Date$
*/
-public class ServerCertCAEnrollProfile extends CAEnrollProfile implements
- IProfileEx {
+public class ServerCertCAEnrollProfile extends CAEnrollProfile
+ implements IProfileEx {
/**
- * Called after initialization. It populates default policies, inputs, and
- * outputs.
+ * Called after initialization. It populates default
+ * policies, inputs, and outputs.
*/
- public void populate() throws EBaseException {
+ public void populate() throws EBaseException
+ {
// create inputs
NameValuePairs inputParams1 = new NameValuePairs();
- IProfileInput input1 = createProfileInput("i1", "certReqInputImpl",
- inputParams1);
+ IProfileInput input1 =
+ createProfileInput("i1", "certReqInputImpl", inputParams1);
NameValuePairs inputParams2 = new NameValuePairs();
- IProfileInput input2 = createProfileInput("i2",
- "submitterInfoInputImpl", inputParams2);
+ IProfileInput input2 =
+ createProfileInput("i2", "submitterInfoInputImpl", inputParams2);
// create outputs
NameValuePairs outputParams1 = new NameValuePairs();
- IProfileOutput output1 = createProfileOutput("o1", "certOutputImpl",
- outputParams1);
+ IProfileOutput output1 =
+ createProfileOutput("o1", "certOutputImpl", outputParams1);
- IProfilePolicy policy1 = createProfilePolicy("set1", "p1",
- "userSubjectNameDefaultImpl", "noConstraintImpl");
+ IProfilePolicy policy1 =
+ createProfilePolicy("set1", "p1",
+ "userSubjectNameDefaultImpl", "noConstraintImpl");
IPolicyDefault def1 = policy1.getDefault();
IConfigStore defConfig1 = def1.getConfigStore();
IPolicyConstraint con1 = policy1.getConstraint();
IConfigStore conConfig1 = con1.getConfigStore();
- IProfilePolicy policy2 = createProfilePolicy("set1", "p2",
- "validityDefaultImpl", "noConstraintImpl");
+ IProfilePolicy policy2 =
+ createProfilePolicy("set1", "p2",
+ "validityDefaultImpl", "noConstraintImpl");
IPolicyDefault def2 = policy2.getDefault();
IConfigStore defConfig2 = def2.getConfigStore();
- defConfig2.putString("params.range", "180");
- defConfig2.putString("params.startTime", "0");
+ defConfig2.putString("params.range","180");
+ defConfig2.putString("params.startTime","0");
IPolicyConstraint con2 = policy2.getConstraint();
IConfigStore conConfig2 = con2.getConfigStore();
- IProfilePolicy policy3 = createProfilePolicy("set1", "p3",
- "userKeyDefaultImpl", "noConstraintImpl");
+ IProfilePolicy policy3 =
+ createProfilePolicy("set1", "p3",
+ "userKeyDefaultImpl", "noConstraintImpl");
IPolicyDefault def3 = policy3.getDefault();
IConfigStore defConfig3 = def3.getConfigStore();
- defConfig3.putString("params.keyType", "RSA");
- defConfig3.putString("params.keyMinLength", "512");
- defConfig3.putString("params.keyMaxLength", "4096");
+ defConfig3.putString("params.keyType","RSA");
+ defConfig3.putString("params.keyMinLength","512");
+ defConfig3.putString("params.keyMaxLength","4096");
IPolicyConstraint con3 = policy3.getConstraint();
IConfigStore conConfig3 = con3.getConfigStore();
- IProfilePolicy policy4 = createProfilePolicy("set1", "p4",
- "signingAlgDefaultImpl", "noConstraintImpl");
+ IProfilePolicy policy4 =
+ createProfilePolicy("set1", "p4",
+ "signingAlgDefaultImpl", "noConstraintImpl");
IPolicyDefault def4 = policy4.getDefault();
IConfigStore defConfig4 = def4.getConfigStore();
- defConfig4.putString("params.signingAlg", "-");
- defConfig4
- .putString(
- "params.signingAlgsAllowed",
- "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC");
+ defConfig4.putString("params.signingAlg","-");
+ defConfig4.putString("params.signingAlgsAllowed",
+ "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC");
IPolicyConstraint con4 = policy4.getConstraint();
IConfigStore conConfig4 = con4.getConfigStore();
- IProfilePolicy policy5 = createProfilePolicy("set1", "p5",
- "keyUsageExtDefaultImpl", "noConstraintImpl");
- IPolicyDefault def5 = policy5.getDefault();
- IConfigStore defConfig5 = def5.getConfigStore();
- defConfig5.putString("params.keyUsageCritical", "true");
- defConfig5.putString("params.keyUsageCrlSign", "false");
- defConfig5.putString("params.keyUsageDataEncipherment", "true");
- defConfig5.putString("params.keyUsageDecipherOnly", "false");
- defConfig5.putString("params.keyUsageDigitalSignature", "true");
- defConfig5.putString("params.keyUsageEncipherOnly", "false");
- defConfig5.putString("params.keyUsageKeyAgreement", "false");
- defConfig5.putString("params.keyUsageKeyCertSign", "false");
- defConfig5.putString("params.keyUsageKeyEncipherment", "true");
- defConfig5.putString("params.keyUsageNonRepudiation", "true");
- IPolicyConstraint con5 = policy5.getConstraint();
+ IProfilePolicy policy5 =
+ createProfilePolicy("set1", "p5",
+ "keyUsageExtDefaultImpl", "noConstraintImpl");
+ IPolicyDefault def5 = policy5.getDefault();
+ IConfigStore defConfig5 = def5.getConfigStore();
+ defConfig5.putString("params.keyUsageCritical","true");
+ defConfig5.putString("params.keyUsageCrlSign","false");
+ defConfig5.putString("params.keyUsageDataEncipherment","true");
+ defConfig5.putString("params.keyUsageDecipherOnly","false");
+ defConfig5.putString("params.keyUsageDigitalSignature","true");
+ defConfig5.putString("params.keyUsageEncipherOnly","false");
+ defConfig5.putString("params.keyUsageKeyAgreement","false");
+ defConfig5.putString("params.keyUsageKeyCertSign","false");
+ defConfig5.putString("params.keyUsageKeyEncipherment","true");
+ defConfig5.putString("params.keyUsageNonRepudiation","true");
+ IPolicyConstraint con5 = policy5.getConstraint();
IConfigStore conConfig5 = con5.getConfigStore();
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java
index 833f0f109..7d4254bff 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.common;
+
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.common.NameValuePairs;
@@ -27,89 +28,94 @@ import com.netscape.certsrv.profile.IProfileInput;
import com.netscape.certsrv.profile.IProfileOutput;
import com.netscape.certsrv.profile.IProfilePolicy;
+
/**
- * This class implements a Certificate Manager enrollment profile for User
- * Certificates.
- *
+ * This class implements a Certificate Manager enrollment
+ * profile for User Certificates.
+ *
* @version $Revision$, $Date$
*/
-public class UserCertCAEnrollProfile extends CAEnrollProfile implements
- IProfileEx {
+public class UserCertCAEnrollProfile extends CAEnrollProfile
+ implements IProfileEx {
/**
- * Called after initialization. It populates default policies, inputs, and
- * outputs.
+ * Called after initialization. It populates default
+ * policies, inputs, and outputs.
*/
- public void populate() throws EBaseException {
+ public void populate() throws EBaseException
+ {
// create inputs
NameValuePairs inputParams1 = new NameValuePairs();
- IProfileInput input1 = createProfileInput("i1", "keyGenInputImpl",
- inputParams1);
+ IProfileInput input1 =
+ createProfileInput("i1", "keyGenInputImpl", inputParams1);
NameValuePairs inputParams2 = new NameValuePairs();
- IProfileInput input2 = createProfileInput("i2", "subjectNameInputImpl",
- inputParams2);
+ IProfileInput input2 =
+ createProfileInput("i2", "subjectNameInputImpl", inputParams2);
NameValuePairs inputParams3 = new NameValuePairs();
- IProfileInput input3 = createProfileInput("i3",
- "submitterInfoInputImpl", inputParams2);
+ IProfileInput input3 =
+ createProfileInput("i3", "submitterInfoInputImpl", inputParams2);
// create outputs
NameValuePairs outputParams1 = new NameValuePairs();
- IProfileOutput output1 = createProfileOutput("o1", "certOutputImpl",
- outputParams1);
+ IProfileOutput output1 =
+ createProfileOutput("o1", "certOutputImpl", outputParams1);
// create policies
- IProfilePolicy policy1 = createProfilePolicy("set1", "p1",
- "userSubjectNameDefaultImpl", "noConstraintImpl");
- IPolicyDefault def1 = policy1.getDefault();
- IConfigStore defConfig1 = def1.getConfigStore();
- IPolicyConstraint con1 = policy1.getConstraint();
+ IProfilePolicy policy1 =
+ createProfilePolicy("set1", "p1",
+ "userSubjectNameDefaultImpl", "noConstraintImpl");
+ IPolicyDefault def1 = policy1.getDefault();
+ IConfigStore defConfig1 = def1.getConfigStore();
+ IPolicyConstraint con1 = policy1.getConstraint();
IConfigStore conConfig1 = con1.getConfigStore();
- IProfilePolicy policy2 = createProfilePolicy("set1", "p2",
- "validityDefaultImpl", "noConstraintImpl");
- IPolicyDefault def2 = policy2.getDefault();
- IConfigStore defConfig2 = def2.getConfigStore();
- defConfig2.putString("params.range", "180");
- defConfig2.putString("params.startTime", "0");
- IPolicyConstraint con2 = policy2.getConstraint();
+ IProfilePolicy policy2 =
+ createProfilePolicy("set1", "p2",
+ "validityDefaultImpl", "noConstraintImpl");
+ IPolicyDefault def2 = policy2.getDefault();
+ IConfigStore defConfig2 = def2.getConfigStore();
+ defConfig2.putString("params.range","180");
+ defConfig2.putString("params.startTime","0");
+ IPolicyConstraint con2 = policy2.getConstraint();
IConfigStore conConfig2 = con2.getConfigStore();
- IProfilePolicy policy3 = createProfilePolicy("set1", "p3",
- "userKeyDefaultImpl", "noConstraintImpl");
- IPolicyDefault def3 = policy3.getDefault();
- IConfigStore defConfig3 = def3.getConfigStore();
- defConfig3.putString("params.keyType", "RSA");
- defConfig3.putString("params.keyMinLength", "512");
- defConfig3.putString("params.keyMaxLength", "4096");
- IPolicyConstraint con3 = policy3.getConstraint();
+ IProfilePolicy policy3 =
+ createProfilePolicy("set1", "p3",
+ "userKeyDefaultImpl", "noConstraintImpl");
+ IPolicyDefault def3 = policy3.getDefault();
+ IConfigStore defConfig3 = def3.getConfigStore();
+ defConfig3.putString("params.keyType","RSA");
+ defConfig3.putString("params.keyMinLength","512");
+ defConfig3.putString("params.keyMaxLength","4096");
+ IPolicyConstraint con3 = policy3.getConstraint();
IConfigStore conConfig3 = con3.getConfigStore();
- IProfilePolicy policy4 = createProfilePolicy("set1", "p4",
- "signingAlgDefaultImpl", "noConstraintImpl");
- IPolicyDefault def4 = policy4.getDefault();
- IConfigStore defConfig4 = def4.getConfigStore();
- defConfig4.putString("params.signingAlg", "-");
- defConfig4
- .putString(
- "params.signingAlgsAllowed",
- "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC");
- IPolicyConstraint con4 = policy4.getConstraint();
+ IProfilePolicy policy4 =
+ createProfilePolicy("set1", "p4",
+ "signingAlgDefaultImpl", "noConstraintImpl");
+ IPolicyDefault def4 = policy4.getDefault();
+ IConfigStore defConfig4 = def4.getConfigStore();
+ defConfig4.putString("params.signingAlg","-");
+ defConfig4.putString("params.signingAlgsAllowed",
+ "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC");
+ IPolicyConstraint con4 = policy4.getConstraint();
IConfigStore conConfig4 = con4.getConfigStore();
- IProfilePolicy policy5 = createProfilePolicy("set1", "p5",
- "keyUsageExtDefaultImpl", "noConstraintImpl");
+ IProfilePolicy policy5 =
+ createProfilePolicy("set1", "p5",
+ "keyUsageExtDefaultImpl", "noConstraintImpl");
IPolicyDefault def5 = policy5.getDefault();
IConfigStore defConfig5 = def5.getConfigStore();
- defConfig5.putString("params.keyUsageCritical", "true");
- defConfig5.putString("params.keyUsageCrlSign", "false");
- defConfig5.putString("params.keyUsageDataEncipherment", "false");
- defConfig5.putString("params.keyUsageDecipherOnly", "false");
- defConfig5.putString("params.keyUsageDigitalSignature", "true");
- defConfig5.putString("params.keyUsageEncipherOnly", "false");
- defConfig5.putString("params.keyUsageKeyAgreement", "false");
- defConfig5.putString("params.keyUsageKeyCertSign", "false");
- defConfig5.putString("params.keyUsageKeyEncipherment", "true");
- defConfig5.putString("params.keyUsageNonRepudiation", "true");
+ defConfig5.putString("params.keyUsageCritical","true");
+ defConfig5.putString("params.keyUsageCrlSign","false");
+ defConfig5.putString("params.keyUsageDataEncipherment","false");
+ defConfig5.putString("params.keyUsageDecipherOnly","false");
+ defConfig5.putString("params.keyUsageDigitalSignature","true");
+ defConfig5.putString("params.keyUsageEncipherOnly","false");
+ defConfig5.putString("params.keyUsageKeyAgreement","false");
+ defConfig5.putString("params.keyUsageKeyCertSign","false");
+ defConfig5.putString("params.keyUsageKeyEncipherment","true");
+ defConfig5.putString("params.keyUsageNonRepudiation","true");
IPolicyConstraint con5 = policy5.getConstraint();
IConfigStore conConfig5 = con5.getConfigStore();
}