diff options
author | Ade Lee <alee@redhat.com> | 2011-12-08 21:15:59 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2011-12-08 21:15:59 -0500 |
commit | 171aaece4f23709d33d180cf36eb3af5e454b0c9 (patch) | |
tree | 1485f9f0a7bd10de4ff25030db575dbb8dafae74 /pki/base/common/src/com/netscape/cms/profile/common | |
parent | adad2fcee8a29fdb82376fbce07dedb11fccc182 (diff) | |
download | pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.gz pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.xz pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.zip |
Revert "Formatting"
This reverts commit 32150d3ee32f8ac27118af7c792794b538c78a2f.
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/profile/common')
10 files changed, 890 insertions, 828 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java index 578324869..acaf9772a 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; + import java.util.Enumeration; import java.util.Hashtable; import java.util.Locale; @@ -48,9 +49,10 @@ import com.netscape.certsrv.registry.IPluginRegistry; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestStatus; + /** * This class implements a basic profile. - * + * * @version $Revision$, $Date$ */ public abstract class BasicProfile implements IProfile { @@ -74,8 +76,8 @@ public abstract class BasicProfile implements IProfile { public static final String PROP_NAME = "name"; public static final String PROP_DESC = "desc"; public static final String PROP_NO_DEFAULT = "noDefaultImpl"; - public static final String PROP_NO_CONSTRAINT = "noConstraintImpl"; - public static final String PROP_GENERIC_EXT_DEFAULT = "genericExtDefaultImpl"; + public static final String PROP_NO_CONSTRAINT= "noConstraintImpl"; + public static final String PROP_GENERIC_EXT_DEFAULT= "genericExtDefaultImpl"; protected IProfileSubsystem mOwner = null; protected IConfigStore mConfig = null; @@ -142,19 +144,21 @@ public abstract class BasicProfile implements IProfile { public IProfileAuthenticator getAuthenticator() throws EProfileException { try { - IAuthSubsystem authSub = (IAuthSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_AUTH); - IProfileAuthenticator auth = (IProfileAuthenticator) authSub - .get(mAuthInstanceId); - - if (mAuthInstanceId != null && mAuthInstanceId.length() > 0 - && auth == null) { - throw new EProfileException("Cannot load " + mAuthInstanceId); + IAuthSubsystem authSub = (IAuthSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + IProfileAuthenticator auth = (IProfileAuthenticator) + authSub.get(mAuthInstanceId); + + if (mAuthInstanceId != null && mAuthInstanceId.length() > 0 + && auth == null) { + throw new EProfileException("Cannot load " + + mAuthInstanceId); } return auth; } catch (Exception e) { if (mAuthInstanceId != null) { - throw new EProfileException("Cannot load " + mAuthInstanceId); + throw new EProfileException("Cannot load " + + mAuthInstanceId); } return null; } @@ -163,7 +167,7 @@ public abstract class BasicProfile implements IProfile { public String getRequestorDN(IRequest request) { return null; } - + public String getAuthenticatorId() { return mAuthInstanceId; } @@ -181,7 +185,7 @@ public abstract class BasicProfile implements IProfile { * Initializes this profile. */ public void init(IProfileSubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { CMS.debug("BasicProfile: start init"); mOwner = owner; mConfig = config; @@ -200,19 +204,17 @@ public abstract class BasicProfile implements IProfile { // policy.p1.default.class=com.netscape.cms.profile.defaults.SubjectName // policy.p1.default.params.x1=x1 // policy.p1.default.params.x2=x2 - // policy.p1.constraint.class= ... - // .cms.profile.constraints.ValidityRange + // policy.p1.constraint.class= ... .cms.profile.constraints.ValidityRange // policy.p1.constraint.params.x1=x1 // policy.p1.constraint.params.x2=x2 - // handle profile authentication plugins + // handle profile authentication plugins try { - mAuthInstanceId = config - .getString("auth." + PROP_INSTANCE_ID, null); + mAuthInstanceId = config.getString("auth." + PROP_INSTANCE_ID, null); mAuthzAcl = config.getString("authz.acl", ""); } catch (EBaseException e) { - CMS.debug("BasicProfile: authentication class not found " - + e.toString()); + CMS.debug("BasicProfile: authentication class not found " + + e.toString()); } // handle profile input plugins @@ -222,8 +224,8 @@ public abstract class BasicProfile implements IProfile { while (input_st.hasMoreTokens()) { String input_id = (String) input_st.nextToken(); - String inputClassId = inputStore.getString(input_id + "." - + PROP_CLASS_ID); + String inputClassId = inputStore.getString(input_id + "." + + PROP_CLASS_ID); IPluginInfo inputInfo = mRegistry.getPluginInfo("profileInput", inputClassId); String inputClass = inputInfo.getClassName(); @@ -231,12 +233,13 @@ public abstract class BasicProfile implements IProfile { IProfileInput input = null; try { - input = (IProfileInput) Class.forName(inputClass).newInstance(); + input = (IProfileInput) + Class.forName(inputClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: input plugin Class.forName " - + inputClass + " " + e.toString()); - throw new EBaseException(e.toString()); + CMS.debug("BasicProfile: input plugin Class.forName " + + inputClass + " " + e.toString()); + throw new EBaseException( e.toString() ); } IConfigStore inputConfig = inputStore.getSubStore(input_id); input.init(this, inputConfig); @@ -252,8 +255,8 @@ public abstract class BasicProfile implements IProfile { while (output_st.hasMoreTokens()) { String output_id = (String) output_st.nextToken(); - String outputClassId = outputStore.getString(output_id + "." - + PROP_CLASS_ID); + String outputClassId = outputStore.getString(output_id + "." + + PROP_CLASS_ID); IPluginInfo outputInfo = mRegistry.getPluginInfo("profileOutput", outputClassId); String outputClass = outputInfo.getClassName(); @@ -261,13 +264,13 @@ public abstract class BasicProfile implements IProfile { IProfileOutput output = null; try { - output = (IProfileOutput) Class.forName(outputClass) - .newInstance(); + output = (IProfileOutput) + Class.forName(outputClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: output plugin Class.forName " - + outputClass + " " + e.toString()); - throw new EBaseException(e.toString()); + CMS.debug("BasicProfile: output plugin Class.forName " + + outputClass + " " + e.toString()); + throw new EBaseException( e.toString() ); } IConfigStore outputConfig = outputStore.getSubStore(output_id); output.init(this, outputConfig); @@ -283,22 +286,22 @@ public abstract class BasicProfile implements IProfile { while (updater_st.hasMoreTokens()) { String updater_id = (String) updater_st.nextToken(); - String updaterClassId = updaterStore.getString(updater_id + "." - + PROP_CLASS_ID); + String updaterClassId = updaterStore.getString(updater_id + "." + + PROP_CLASS_ID); IPluginInfo updaterInfo = mRegistry.getPluginInfo("profileUpdater", - updaterClassId); + updaterClassId); String updaterClass = updaterInfo.getClassName(); IProfileUpdater updater = null; try { - updater = (IProfileUpdater) Class.forName(updaterClass) - .newInstance(); + updater = (IProfileUpdater) + Class.forName(updaterClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: updater plugin Class.forName " - + updaterClass + " " + e.toString()); - throw new EBaseException(e.toString()); + CMS.debug("BasicProfile: updater plugin Class.forName " + + updaterClass + " " + e.toString()); + throw new EBaseException( e.toString() ); } IConfigStore updaterConfig = updaterStore.getSubStore(updater_id); updater.init(this, updaterConfig); @@ -322,15 +325,15 @@ public abstract class BasicProfile implements IProfile { String id = (String) st1.nextToken(); String defaultRoot = id + "." + PROP_DEFAULT; - String defaultClassId = policyStore.getString(defaultRoot + "." - + PROP_CLASS_ID); + String defaultClassId = policyStore.getString(defaultRoot + "." + + PROP_CLASS_ID); String constraintRoot = id + "." + PROP_CONSTRAINT; - String constraintClassId = policyStore.getString(constraintRoot - + "." + PROP_CLASS_ID); + String constraintClassId = + policyStore.getString(constraintRoot + "." + PROP_CLASS_ID); - createProfilePolicy(setId, id, defaultClassId, - constraintClassId, false); + createProfilePolicy(setId, id, defaultClassId, + constraintClassId, false); } } CMS.debug("BasicProfile: done init"); @@ -377,20 +380,20 @@ public abstract class BasicProfile implements IProfile { } public String getInput(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { return null; } public void setInput(String name, Locale locale, IRequest request, - String value) throws EProfileException { + String value) throws EProfileException { } public Enumeration getProfilePolicySetIds() { return mPolicySet.keys(); } - public void deleteProfilePolicy(String setId, String policyId) - throws EProfileException { + public void deleteProfilePolicy(String setId, String policyId) + throws EProfileException { Vector policies = (Vector) mPolicySet.get(setId); if (policies == null) { @@ -433,28 +436,26 @@ public abstract class BasicProfile implements IProfile { policies.removeElementAt(i); if (size == 1) { mPolicySet.remove(setId); - String setlist = policySetSubStore.getString( - PROP_POLICY_LIST, null); + String setlist = policySetSubStore.getString(PROP_POLICY_LIST, null); StringTokenizer st1 = new StringTokenizer(setlist, ","); String newlist1 = ""; while (st1.hasMoreTokens()) { String e = st1.nextToken(); - if (!e.equals(setId)) + if (!e.equals(setId)) newlist1 = newlist1 + e + ","; } - if (!newlist1.equals("")) - newlist1 = newlist1.substring(0, - newlist1.length() - 1); + if (!newlist1.equals("")) + newlist1 = newlist1.substring(0, newlist1.length() - 1); policySetSubStore.putString(PROP_POLICY_LIST, newlist1); } break; } } - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (Exception e) { } @@ -495,8 +496,8 @@ public abstract class BasicProfile implements IProfile { mInputs.remove(inputId); mConfig.putString("input." + PROP_INPUT_LIST, newlist); - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (Exception e) { } @@ -536,22 +537,24 @@ public abstract class BasicProfile implements IProfile { mOutputs.remove(outputId); mConfig.putString("output." + PROP_OUTPUT_LIST, newlist); - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (Exception e) { } } - public IProfileOutput createProfileOutput(String id, String outputId, - NameValuePairs nvps) throws EProfileException { - return createProfileOutput(id, outputId, nvps, true); + public IProfileOutput createProfileOutput(String id, String outputId, + NameValuePairs nvps) + throws EProfileException { + return createProfileOutput(id, outputId, nvps, true); } public IProfileOutput createProfileOutput(String id, String outputId, - NameValuePairs nvps, boolean createConfig) + NameValuePairs nvps, boolean createConfig) - throws EProfileException { + + throws EProfileException { IConfigStore outputStore = mConfig.getSubStore("output"); String output_list = null; @@ -573,7 +576,8 @@ public abstract class BasicProfile implements IProfile { IProfileOutput output = null; try { - output = (IProfileOutput) Class.forName(outputClass).newInstance(); + output = (IProfileOutput) + Class.forName(outputClass).newInstance(); } catch (Exception e) { // throw Exception CMS.debug(e.toString()); @@ -606,8 +610,7 @@ public abstract class BasicProfile implements IProfile { String pid = st1.nextToken(); if (pid.equals(id)) { - throw new EProfileException("Duplicate output id: " - + id); + throw new EProfileException("Duplicate output id: " + id); } } outputStore.putString(PROP_OUTPUT_LIST, list + "," + id); @@ -615,7 +618,7 @@ public abstract class BasicProfile implements IProfile { String prefix = id + "."; outputStore.putString(prefix + "name", - outputInfo.getName(Locale.getDefault())); + outputInfo.getName(Locale.getDefault())); outputStore.putString(prefix + "class_id", outputId); Enumeration enum1 = nvps.getNames(); @@ -623,20 +626,19 @@ public abstract class BasicProfile implements IProfile { while (enum1.hasMoreElements()) { String name = (String) enum1.nextElement(); - outputStore.putString(prefix + "params." + name, - nvps.getValue(name)); + outputStore.putString(prefix + "params." + name, nvps.getValue(name)); try { - if (output != null) { - output.setConfig(name, nvps.getValue(name)); - } + if (output != null) { + output.setConfig(name, nvps.getValue(name)); + } } catch (EBaseException e) { - CMS.debug(e.toString()); + CMS.debug(e.toString()); } } try { - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (EBaseException e) { CMS.debug(e.toString()); @@ -646,13 +648,15 @@ public abstract class BasicProfile implements IProfile { return output; } - public IProfileInput createProfileInput(String id, String inputId, - NameValuePairs nvps) throws EProfileException { - return createProfileInput(id, inputId, nvps, true); + public IProfileInput createProfileInput(String id, String inputId, + NameValuePairs nvps) + throws EProfileException { + return createProfileInput(id, inputId, nvps, true); } public IProfileInput createProfileInput(String id, String inputId, - NameValuePairs nvps, boolean createConfig) throws EProfileException { + NameValuePairs nvps, boolean createConfig) + throws EProfileException { IConfigStore inputStore = mConfig.getSubStore("input"); String input_list = null; @@ -662,8 +666,8 @@ public abstract class BasicProfile implements IProfile { } catch (Exception ee) { } - IPluginInfo inputInfo = mRegistry - .getPluginInfo("profileInput", inputId); + IPluginInfo inputInfo = mRegistry.getPluginInfo("profileInput", + inputId); if (inputInfo == null) { CMS.debug("Cannot find " + inputId); @@ -675,7 +679,8 @@ public abstract class BasicProfile implements IProfile { IProfileInput input = null; try { - input = (IProfileInput) Class.forName(inputClass).newInstance(); + input = (IProfileInput) + Class.forName(inputClass).newInstance(); } catch (Exception e) { // throw Exception CMS.debug(e.toString()); @@ -715,29 +720,28 @@ public abstract class BasicProfile implements IProfile { } String prefix = id + "."; - inputStore.putString(prefix + "name", - inputInfo.getName(Locale.getDefault())); + inputStore.putString(prefix + "name", + inputInfo.getName(Locale.getDefault())); inputStore.putString(prefix + "class_id", inputId); - + Enumeration enum1 = nvps.getNames(); while (enum1.hasMoreElements()) { String name = (String) enum1.nextElement(); - inputStore.putString(prefix + "params." + name, - nvps.getValue(name)); + inputStore.putString(prefix + "params." + name, nvps.getValue(name)); try { - if (input != null) { - input.setConfig(name, nvps.getValue(name)); - } + if (input != null) { + input.setConfig(name, nvps.getValue(name)); + } } catch (EBaseException e) { - CMS.debug(e.toString()); + CMS.debug(e.toString()); } } try { - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (EBaseException e) { CMS.debug(e.toString()); @@ -750,25 +754,23 @@ public abstract class BasicProfile implements IProfile { /** * Creates a profile policy */ - public IProfilePolicy createProfilePolicy(String setId, String id, - String defaultClassId, String constraintClassId) - throws EProfileException { - return createProfilePolicy(setId, id, defaultClassId, + public IProfilePolicy createProfilePolicy(String setId, String id, + String defaultClassId, String constraintClassId) + throws EProfileException { + return createProfilePolicy(setId, id, defaultClassId, constraintClassId, true); } - public IProfilePolicy createProfilePolicy(String setId, String id, - String defaultClassId, String constraintClassId, - boolean createConfig) throws EProfileException { - + public IProfilePolicy createProfilePolicy(String setId, String id, + String defaultClassId, String constraintClassId, + boolean createConfig) + throws EProfileException { + // String setId ex: policyset.set1 - // String id Id of policy : examples: p1,p2,p3 - // String defaultClassId : id of the default plugin ex: - // validityDefaultImpl - // String constraintClassId : if of the constraint plugin ex: - // basicConstraintsExtConstraintImpl - // boolean createConfig : true : being called from the console. false: - // being called from server startup code + // String id Id of policy : examples: p1,p2,p3 + // String defaultClassId : id of the default plugin ex: validityDefaultImpl + // String constraintClassId : if of the constraint plugin ex: basicConstraintsExtConstraintImpl + // boolean createConfig : true : being called from the console. false: being called from server startup code Vector policies = (Vector) mPolicySet.get(setId); @@ -776,9 +778,9 @@ public abstract class BasicProfile implements IProfile { if (policies == null) { policies = new Vector(); mPolicySet.put(setId, policies); - if (createConfig) { + if (createConfig) { // re-create policyset.list - StringBuffer setlist = new StringBuffer(); + StringBuffer setlist =new StringBuffer(); Enumeration keys = mPolicySet.keys(); while (keys.hasMoreElements()) { @@ -792,64 +794,62 @@ public abstract class BasicProfile implements IProfile { mConfig.putString("policyset.list", setlist.toString()); } } else { - String ids = null; + String ids = null; - try { - ids = policyStore.getString(PROP_POLICY_LIST, ""); - } catch (Exception ee) { - } + try { + ids = policyStore.getString(PROP_POLICY_LIST, ""); + } catch (Exception ee) { + } - if (ids == null) { - CMS.debug("BasicProfile::createProfilePolicy() - ids is null!"); - return null; - } + if( ids == null ) { + CMS.debug("BasicProfile::createProfilePolicy() - ids is null!" ); + return null; + } - StringTokenizer st1 = new StringTokenizer(ids, ","); - int appearances = 0; - int appearancesTooMany = 0; - if (createConfig) - appearancesTooMany = 1; - else - appearancesTooMany = 2; + StringTokenizer st1 = new StringTokenizer(ids, ","); + int appearances = 0; + int appearancesTooMany = 0; + if (createConfig) + appearancesTooMany = 1; + else + appearancesTooMany = 2; - while (st1.hasMoreTokens()) { - String pid = st1.nextToken(); - if (pid.equals(id)) { - appearances++; - if (appearances >= appearancesTooMany) { - CMS.debug("WARNING detected duplicate policy id: " - + id + " Profile: " + mId); - if (createConfig) { - throw new EProfileException("Duplicate policy id: " - + id); + while (st1.hasMoreTokens()) { + String pid = st1.nextToken(); + if (pid.equals(id)) { + appearances++; + if (appearances >= appearancesTooMany) { + CMS.debug("WARNING detected duplicate policy id: " + id + " Profile: " + mId); + if (createConfig) { + throw new EProfileException("Duplicate policy id: " + id); + } } } } - } } // Now make sure we aren't trying to add a policy that already exists IConfigStore policySetStore = mConfig.getSubStore("policyset"); - String setlist = null; + String setlist = null; try { setlist = policySetStore.getString("list", ""); } catch (Exception e) { } StringTokenizer st = new StringTokenizer(setlist, ","); - int matches = 0; + int matches = 0; while (st.hasMoreTokens()) { String sId = (String) st.nextToken(); - // Only search the setId set. Ex: encryptionCertSet + //Only search the setId set. Ex: encryptionCertSet if (!sId.equals(setId)) { continue; } IConfigStore pStore = policySetStore.getSubStore(sId); - + String list = null; try { - list = pStore.getString(PROP_POLICY_LIST, ""); + list = pStore.getString(PROP_POLICY_LIST, ""); } catch (Exception e) { CMS.debug("WARNING, can't get policy id list!"); } @@ -862,48 +862,38 @@ public abstract class BasicProfile implements IProfile { String defaultRoot = curId + "." + PROP_DEFAULT; String curDefaultClassId = null; try { - curDefaultClassId = pStore.getString(defaultRoot + "." - + PROP_CLASS_ID); - } catch (Exception e) { + curDefaultClassId = pStore.getString(defaultRoot + "." + + PROP_CLASS_ID); + } catch(Exception e) { CMS.debug("WARNING, can't get default plugin id!"); } String constraintRoot = curId + "." + PROP_CONSTRAINT; String curConstraintClassId = null; try { - curConstraintClassId = pStore.getString(constraintRoot - + "." + PROP_CLASS_ID); + curConstraintClassId = pStore.getString(constraintRoot + "." + PROP_CLASS_ID); } catch (Exception e) { CMS.debug("WARNING, can't get constraint plugin id!"); } - // Disallow duplicate defaults with the following exceptions: + //Disallow duplicate defaults with the following exceptions: // noDefaultImpl, genericExtDefaultImpl - if ((curDefaultClassId.equals(defaultClassId) - && !curDefaultClassId.equals(PROP_NO_DEFAULT) && !curDefaultClassId - .equals(PROP_GENERIC_EXT_DEFAULT))) { + if ((curDefaultClassId.equals(defaultClassId) && + !curDefaultClassId.equals(PROP_NO_DEFAULT) && + !curDefaultClassId.equals(PROP_GENERIC_EXT_DEFAULT)) ) { matches++; if (createConfig) { if (matches == 1) { - CMS.debug("WARNING attempt to add duplicate Policy " - + defaultClassId - + ":" - + constraintClassId - + " Contact System Administrator."); - throw new EProfileException( - "Attempt to add duplicate Policy : " - + defaultClassId + ":" - + constraintClassId); + CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId + + " Contact System Administrator."); + throw new EProfileException("Attempt to add duplicate Policy : " + defaultClassId + ":" + constraintClassId); } } else { - if (matches > 1) { - CMS.debug("WARNING attempt to add duplicate Policy " - + defaultClassId - + ":" - + constraintClassId - + " Contact System Administrator."); + if( matches > 1) { + CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId + + " Contact System Administrator."); } } } @@ -925,11 +915,12 @@ public abstract class BasicProfile implements IProfile { IPolicyDefault def = null; try { - def = (IPolicyDefault) Class.forName(defaultClass).newInstance(); + def = (IPolicyDefault) + Class.forName(defaultClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: default policy " + defaultClass + " " - + e.toString()); + CMS.debug("BasicProfile: default policy " + + defaultClass + " " + e.toString()); } if (def == null) { CMS.debug("BasicProfile: failed to create " + defaultClass); @@ -940,18 +931,18 @@ public abstract class BasicProfile implements IProfile { def.init(this, defStore); } - IPluginInfo conInfo = mRegistry.getPluginInfo("constraintPolicy", + IPluginInfo conInfo = mRegistry.getPluginInfo("constraintPolicy", constraintClassId); String constraintClass = conInfo.getClassName(); IPolicyConstraint constraint = null; try { - constraint = (IPolicyConstraint) Class.forName(constraintClass) - .newInstance(); + constraint = (IPolicyConstraint) + Class.forName(constraintClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: constraint policy " + constraintClass - + " " + e.toString()); + CMS.debug("BasicProfile: constraint policy " + + constraintClass + " " + e.toString()); } ProfilePolicy policy = null; if (constraint == null) { @@ -977,20 +968,21 @@ public abstract class BasicProfile implements IProfile { } else { policyStore.putString(PROP_POLICY_LIST, list + "," + id); } - policyStore.putString(id + ".default.name", - defInfo.getName(Locale.getDefault())); - policyStore.putString(id + ".default.class_id", defaultClassId); - policyStore.putString(id + ".constraint.name", - conInfo.getName(Locale.getDefault())); - policyStore.putString(id + ".constraint.class_id", - constraintClassId); + policyStore.putString(id + ".default.name", + defInfo.getName(Locale.getDefault())); + policyStore.putString(id + ".default.class_id", + defaultClassId); + policyStore.putString(id + ".constraint.name", + conInfo.getName(Locale.getDefault())); + policyStore.putString(id + ".constraint.class_id", + constraintClassId); try { - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); policyStore.commit(false); } catch (EBaseException e) { - CMS.debug("BasicProfile: commiting config store " - + e.toString()); + CMS.debug("BasicProfile: commiting config store " + + e.toString()); } } @@ -1046,7 +1038,7 @@ public abstract class BasicProfile implements IProfile { * Creates request. */ public abstract IRequest[] createRequests(IProfileContext ctx, Locale locale) - throws EProfileException; + throws EProfileException; /** * Returns the profile description. @@ -1064,12 +1056,12 @@ public abstract class BasicProfile implements IProfile { } public void populateInput(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { Enumeration ids = getProfileInputIds(); while (ids.hasMoreElements()) { String id = (String) ids.nextElement(); - IProfileInput input = getProfileInput(id); + IProfileInput input = getProfileInput(id); input.populate(ctx, request); } @@ -1082,32 +1074,36 @@ public abstract class BasicProfile implements IProfile { } /** - * Passes the request to the set of default policies that populate the - * profile information against the profile. - */ - public void populate(IRequest request) throws EProfileException { + * Passes the request to the set of default policies that + * populate the profile information against the profile. + */ + public void populate(IRequest request) + throws EProfileException { String setId = getPolicySetId(request); Vector policies = getPolicies(setId); - CMS.debug("BasicProfile: populate() policy setid =" + setId); + CMS.debug("BasicProfile: populate() policy setid ="+ setId); for (int i = 0; i < policies.size(); i++) { - ProfilePolicy policy = (ProfilePolicy) policies.elementAt(i); + ProfilePolicy policy = (ProfilePolicy) + policies.elementAt(i); policy.getDefault().populate(request); } } /** - * Passes the request to the set of constraint policies that validate the - * request against the profile. - */ - public void validate(IRequest request) throws ERejectException { + * Passes the request to the set of constraint policies + * that validate the request against the profile. + */ + public void validate(IRequest request) + throws ERejectException { String setId = getPolicySetId(request); - CMS.debug("BasicProfile: validate start on setId=" + setId); + CMS.debug("BasicProfile: validate start on setId="+ setId); Vector policies = getPolicies(setId); for (int i = 0; i < policies.size(); i++) { - ProfilePolicy policy = (ProfilePolicy) policies.elementAt(i); + ProfilePolicy policy = (ProfilePolicy) + policies.elementAt(i); policy.getConstraint().validate(request); } @@ -1133,23 +1129,25 @@ public abstract class BasicProfile implements IProfile { Vector v = new Vector(); for (int i = 0; i < policies.size(); i++) { - ProfilePolicy policy = (ProfilePolicy) policies.elementAt(i); + ProfilePolicy policy = (ProfilePolicy) + policies.elementAt(i); - v.addElement(policy.getId()); + v.addElement(policy.getId()); } return v.elements(); } - public void execute(IRequest request) throws EProfileException { + public void execute(IRequest request) + throws EProfileException { } /** * Signed Audit Log - * - * This method is inherited by all extended "BasicProfile"s, and is called - * to store messages to the signed audit log. + * + * This method is inherited by all extended "BasicProfile"s, + * and is called to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -1160,17 +1158,21 @@ public abstract class BasicProfile implements IProfile { return; } - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, - ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * - * This method is inherited by all extended "BasicProfile"s, and is called - * to obtain the "SubjectID" for a signed audit log message. + * + * This method is inherited by all extended "BasicProfile"s, + * and is called to obtain the "SubjectID" for + * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -1185,7 +1187,8 @@ public abstract class BasicProfile implements IProfile { SessionContext auditContext = SessionContext.getExistingContext(); if (auditContext != null) { - subjectID = (String) auditContext.get(SessionContext.USER_ID); + subjectID = (String) + auditContext.get(SessionContext.USER_ID); if (subjectID != null) { subjectID = subjectID.trim(); @@ -1199,3 +1202,4 @@ public abstract class BasicProfile implements IProfile { return subjectID; } } + diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java index f589e7efb..681f2b4a5 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; + import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; @@ -27,97 +28,103 @@ import com.netscape.certsrv.profile.IProfileInput; import com.netscape.certsrv.profile.IProfileOutput; import com.netscape.certsrv.profile.IProfilePolicy; + /** - * This class implements a Certificate Manager enrollment profile for CA - * Certificates. - * + * This class implements a Certificate Manager enrollment + * profile for CA Certificates. + * * @version $Revision$, $Date$ */ -public class CACertCAEnrollProfile extends CAEnrollProfile implements - IProfileEx { +public class CACertCAEnrollProfile extends CAEnrollProfile + implements IProfileEx { /** - * Called after initialization. It populates default policies, inputs, and - * outputs. + * Called after initialization. It populates default + * policies, inputs, and outputs. */ - public void populate() throws EBaseException { + public void populate() throws EBaseException + { // create inputs NameValuePairs inputParams1 = new NameValuePairs(); - IProfileInput input1 = createProfileInput("i1", "certReqInputImpl", - inputParams1); + IProfileInput input1 = + createProfileInput("i1", "certReqInputImpl", inputParams1); NameValuePairs inputParams2 = new NameValuePairs(); - IProfileInput input2 = createProfileInput("i2", - "submitterInfoInputImpl", inputParams2); + IProfileInput input2 = + createProfileInput("i2", "submitterInfoInputImpl", inputParams2); - // create outputs + // create outputs NameValuePairs outputParams1 = new NameValuePairs(); - IProfileOutput output1 = createProfileOutput("o1", "certOutputImpl", - outputParams1); + IProfileOutput output1 = + createProfileOutput("o1", "certOutputImpl", outputParams1); // create policies - IProfilePolicy policy1 = createProfilePolicy("set1", "p1", - "userSubjectNameDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy1 = + createProfilePolicy("set1", "p1", + "userSubjectNameDefaultImpl", "noConstraintImpl"); IPolicyDefault def1 = policy1.getDefault(); IConfigStore defConfig1 = def1.getConfigStore(); IPolicyConstraint con1 = policy1.getConstraint(); IConfigStore conConfig1 = con1.getConfigStore(); - IProfilePolicy policy2 = createProfilePolicy("set1", "p2", - "validityDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy2 = + createProfilePolicy("set1", "p2", + "validityDefaultImpl", "noConstraintImpl"); IPolicyDefault def2 = policy2.getDefault(); IConfigStore defConfig2 = def2.getConfigStore(); - defConfig2.putString("params.range", "180"); - defConfig2.putString("params.startTime", "0"); + defConfig2.putString("params.range","180"); + defConfig2.putString("params.startTime","0"); IPolicyConstraint con2 = policy2.getConstraint(); IConfigStore conConfig2 = con2.getConfigStore(); - IProfilePolicy policy3 = createProfilePolicy("set1", "p3", - "userKeyDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy3 = + createProfilePolicy("set1", "p3", + "userKeyDefaultImpl", "noConstraintImpl"); IPolicyDefault def3 = policy3.getDefault(); IConfigStore defConfig3 = def3.getConfigStore(); - defConfig3.putString("params.keyType", "RSA"); - defConfig3.putString("params.keyMinLength", "512"); - defConfig3.putString("params.keyMaxLength", "4096"); + defConfig3.putString("params.keyType","RSA"); + defConfig3.putString("params.keyMinLength","512"); + defConfig3.putString("params.keyMaxLength","4096"); IPolicyConstraint con3 = policy3.getConstraint(); IConfigStore conConfig3 = con3.getConfigStore(); - IProfilePolicy policy4 = createProfilePolicy("set1", "p4", - "signingAlgDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy4 = + createProfilePolicy("set1", "p4", + "signingAlgDefaultImpl", "noConstraintImpl"); IPolicyDefault def4 = policy4.getDefault(); IConfigStore defConfig4 = def4.getConfigStore(); - defConfig4.putString("params.signingAlg", "-"); - defConfig4 - .putString( - "params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC"); + defConfig4.putString("params.signingAlg","-"); + defConfig4.putString("params.signingAlgsAllowed", + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC"); IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); // extensions - IProfilePolicy policy5 = createProfilePolicy("set1", "p5", - "keyUsageExtDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy5 = + createProfilePolicy("set1", "p5", + "keyUsageExtDefaultImpl", "noConstraintImpl"); IPolicyDefault def5 = policy5.getDefault(); IConfigStore defConfig5 = def5.getConfigStore(); - defConfig5.putString("params.keyUsageCritical", "true"); - defConfig5.putString("params.keyUsageCrlSign", "true"); - defConfig5.putString("params.keyUsageDataEncipherment", "false"); - defConfig5.putString("params.keyUsageDecipherOnly", "false"); - defConfig5.putString("params.keyUsageDigitalSignature", "true"); - defConfig5.putString("params.keyUsageEncipherOnly", "false"); - defConfig5.putString("params.keyUsageKeyAgreement", "false"); - defConfig5.putString("params.keyUsageKeyCertSign", "true"); - defConfig5.putString("params.keyUsageKeyEncipherment", "false"); - defConfig5.putString("params.keyUsageNonRepudiation", "true"); + defConfig5.putString("params.keyUsageCritical","true"); + defConfig5.putString("params.keyUsageCrlSign","true"); + defConfig5.putString("params.keyUsageDataEncipherment","false"); + defConfig5.putString("params.keyUsageDecipherOnly","false"); + defConfig5.putString("params.keyUsageDigitalSignature","true"); + defConfig5.putString("params.keyUsageEncipherOnly","false"); + defConfig5.putString("params.keyUsageKeyAgreement","false"); + defConfig5.putString("params.keyUsageKeyCertSign","true"); + defConfig5.putString("params.keyUsageKeyEncipherment","false"); + defConfig5.putString("params.keyUsageNonRepudiation","true"); IPolicyConstraint con5 = policy5.getConstraint(); IConfigStore conConfig5 = con5.getConfigStore(); - IProfilePolicy policy6 = createProfilePolicy("set1", "p6", - "basicConstraintsExtDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy6 = + createProfilePolicy("set1", "p6", + "basicConstraintsExtDefaultImpl", "noConstraintImpl"); IPolicyDefault def6 = policy6.getDefault(); IConfigStore defConfig6 = def6.getConfigStore(); - defConfig6.putString("params.basicConstraintsPathLen", "-1"); - defConfig6.putString("params.basicConstraintsIsCA", "true"); - defConfig6.putString("params.basicConstraintsPathLen", "-1"); + defConfig6.putString("params.basicConstraintsPathLen","-1"); + defConfig6.putString("params.basicConstraintsIsCA","true"); + defConfig6.putString("params.basicConstraintsPathLen","-1"); IPolicyConstraint con6 = policy6.getConstraint(); IConfigStore conConfig6 = con6.getConfigStore(); } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java index 20d5f4de3..32cd51b5f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; + import java.util.Enumeration; import netscape.security.x509.X500Name; @@ -40,21 +41,27 @@ import com.netscape.certsrv.profile.IProfileUpdater; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestStatus; + /** - * This class implements a Certificate Manager enrollment profile. - * + * This class implements a Certificate Manager enrollment + * profile. + * * @version $Revision$, $Date$ */ public class CAEnrollProfile extends EnrollProfile { - private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4"; + private final static String + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4"; + public CAEnrollProfile() { super(); } public IAuthority getAuthority() { - IAuthority authority = (IAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); + IAuthority authority = (IAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); if (authority == null) return null; @@ -62,17 +69,18 @@ public class CAEnrollProfile extends EnrollProfile { } public X500Name getIssuerName() { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); X500Name issuerName = ca.getX500Name(); return issuerName; } - public void execute(IRequest request) throws EProfileException { + public void execute(IRequest request) + throws EProfileException { long startTime = CMS.getCurrentDate().getTime(); - + if (!isEnable()) { CMS.debug("CAEnrollProfile: Profile Not Enabled"); throw new EProfileException("Profile Not Enabled"); @@ -83,13 +91,14 @@ public class CAEnrollProfile extends EnrollProfile { String auditRequesterID = auditRequesterID(request); String auditArchiveID = ILogger.UNIDENTIFIED; + String id = request.getRequestId().toString(); if (id != null) { auditArchiveID = id.trim(); } - CMS.debug("CAEnrollProfile: execute reqId=" - + request.getRequestId().toString()); + CMS.debug("CAEnrollProfile: execute reqId=" + + request.getRequestId().toString()); ICertificateAuthority ca = (ICertificateAuthority) getAuthority(); ICAService caService = (ICAService) ca.getCAService(); @@ -99,59 +108,64 @@ public class CAEnrollProfile extends EnrollProfile { // if PKI Archive Option present, send this request // to DRM - byte optionsData[] = request - .getExtDataInByteArray(REQUEST_ARCHIVE_OPTIONS); + byte optionsData[] = request.getExtDataInByteArray(REQUEST_ARCHIVE_OPTIONS); // do not archive keys for renewal requests - if ((optionsData != null) - && (!request.getRequestType().equals(IRequest.RENEWAL_REQUEST))) { - PKIArchiveOptions options = (PKIArchiveOptions) toPKIArchiveOptions(optionsData); + if ((optionsData != null) && (!request.getRequestType().equals(IRequest.RENEWAL_REQUEST))) { + PKIArchiveOptions options = (PKIArchiveOptions) + toPKIArchiveOptions(optionsData); if (options != null) { - CMS.debug("CAEnrollProfile: execute found " - + "PKIArchiveOptions"); + CMS.debug("CAEnrollProfile: execute found " + + "PKIArchiveOptions"); try { IConnector kraConnector = caService.getKRAConnector(); if (kraConnector == null) { - CMS.debug("CAEnrollProfile: KRA connector " - + "not configured"); + CMS.debug("CAEnrollProfile: KRA connector " + + "not configured"); - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditArchiveID); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditArchiveID); audit(auditMessage); - + } else { CMS.debug("CAEnrollProfile: execute send request"); kraConnector.send(request); + + // check response if (!request.isSuccess()) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditArchiveID); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditArchiveID); audit(auditMessage); throw new ERejectException( request.getError(getLocale(request))); } - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, ILogger.SUCCESS, - auditRequesterID, auditArchiveID); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditArchiveID); audit(auditMessage); } } catch (Exception e) { + if (e instanceof ERejectException) { throw (ERejectException) e; } @@ -160,7 +174,9 @@ public class CAEnrollProfile extends EnrollProfile { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, auditArchiveID); audit(auditMessage); @@ -173,17 +189,17 @@ public class CAEnrollProfile extends EnrollProfile { X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO); X509CertImpl theCert = null; - // #615460 - added audit log (transaction) + // #615460 - added audit log (transaction) SessionContext sc = SessionContext.getExistingContext(); sc.put("profileId", getId()); String setId = request.getExtDataInString("profileSetId"); if (setId != null) { - sc.put("profileSetId", setId); + sc.put("profileSetId", setId); } try { - theCert = caService - .issueX509Cert(info, getId() /* profileId */, id /* requestId */); + theCert = caService.issueX509Cert(info, getId() /* profileId */, + id /* requestId */); } catch (EBaseException e) { CMS.debug(e.toString()); @@ -193,27 +209,26 @@ public class CAEnrollProfile extends EnrollProfile { long endTime = CMS.getCurrentDate().getTime(); - String initiative = AuditFormat.FROMAGENT + " userID: " - + (String) sc.get(SessionContext.USER_ID); - String authMgr = (String) sc.get(SessionContext.AUTH_MANAGER_ID); + String initiative = AuditFormat.FROMAGENT + + " userID: " + + (String)sc.get(SessionContext.USER_ID); + String authMgr = (String)sc.get(SessionContext.AUTH_MANAGER_ID); ILogger logger = CMS.getLogger(); - if (logger != null) { - logger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - request.getRequestType(), - request.getRequestId(), - initiative, - authMgr, - "completed", - theCert.getSubjectDN(), - "cert issued serial number: 0x" - + theCert.getSerialNumber().toString(16) - + " time: " + (endTime - startTime) }); + if( logger != null ) { + logger.log( ILogger.EV_AUDIT, + ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.FORMAT, + new Object[] { + request.getRequestType(), + request.getRequestId(), + initiative, + authMgr, + "completed", + theCert.getSubjectDN(), + "cert issued serial number: 0x" + + theCert.getSerialNumber().toString(16) + + " time: " + (endTime - startTime) } + ); } request.setRequestStatus(RequestStatus.COMPLETE); @@ -221,9 +236,9 @@ public class CAEnrollProfile extends EnrollProfile { // notifies updater plugins Enumeration updaterIds = getProfileUpdaterIds(); while (updaterIds.hasMoreElements()) { - String updaterId = (String) updaterIds.nextElement(); - IProfileUpdater updater = getProfileUpdater(updaterId); - updater.update(request, RequestStatus.COMPLETE); + String updaterId = (String)updaterIds.nextElement(); + IProfileUpdater updater = getProfileUpdater(updaterId); + updater.update(request, RequestStatus.COMPLETE); } // set value for predicate value - checking in getRule @@ -233,3 +248,4 @@ public class CAEnrollProfile extends EnrollProfile { request.setExtData("isEncryptionCert", "false"); } } + diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java index e0c86303e..95c360f8c 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -99,19 +100,21 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.cmsutil.util.HMACDigest; + /** * This class implements a generic enrollment profile. - * + * * @version $Revision$, $Date$ */ -public abstract class EnrollProfile extends BasicProfile implements - IEnrollProfile { +public abstract class EnrollProfile extends BasicProfile + implements IEnrollProfile { - private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; - private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; + private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = + "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = + "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; private PKIData mCMCData; - public EnrollProfile() { super(); } @@ -132,11 +135,11 @@ public abstract class EnrollProfile extends BasicProfile implements * Creates request. */ public IRequest[] createRequests(IProfileContext context, Locale locale) - throws EProfileException { + throws EProfileException { EnrollProfileContext ctx = (EnrollProfileContext) context; // determine how many requests should be created - String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE); + String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE); String cert_request = ctx.get(CTX_CERT_REQUEST); String is_renewal = ctx.get(CTX_RENEWAL); Integer renewal_seq_num = 0; @@ -166,16 +169,17 @@ public abstract class EnrollProfile extends BasicProfile implements num_requests = msgs.length; } - // only 1 request for renewal + // only 1 request for renewal if ((is_renewal != null) && (is_renewal.equals("true"))) { num_requests = 1; String renewal_seq_num_str = ctx.get(CTX_RENEWAL_SEQ_NUM); if (renewal_seq_num_str != null) { renewal_seq_num = Integer.parseInt(renewal_seq_num_str); } else { - renewal_seq_num = 0; + renewal_seq_num =0; } } + // populate requests with appropriate content IRequest result[] = new IRequest[num_requests]; @@ -183,7 +187,7 @@ public abstract class EnrollProfile extends BasicProfile implements for (int i = 0; i < num_requests; i++) { result[i] = createEnrollmentRequest(); if ((is_renewal != null) && (is_renewal.equals("true"))) { - result[i].setExtData(REQUEST_SEQ_NUM, renewal_seq_num); + result[i].setExtData(REQUEST_SEQ_NUM,renewal_seq_num); } else { result[i].setExtData(REQUEST_SEQ_NUM, Integer.valueOf(i)); } @@ -204,35 +208,36 @@ public abstract class EnrollProfile extends BasicProfile implements // retrieve issuer name X500Name issuerName = getIssuerName(); - byte[] dummykey = new byte[] { 48, 92, 48, 13, 6, 9, 42, -122, 72, - -122, -9, 13, 1, 1, 1, 5, 0, 3, 75, 0, 48, 72, 2, 65, 0, -65, - 121, -119, -59, 105, 66, -122, -78, -30, -64, 63, -47, 44, -48, - -104, 103, -47, -108, 42, -38, 46, -8, 32, 49, -29, -26, -112, - -29, -86, 71, 24, -104, 78, -31, -75, -128, 90, -92, -34, -51, - -125, -13, 80, 101, -78, 39, -119, -38, 117, 28, 67, -19, -71, - -124, -85, 105, -53, -103, -59, -67, -38, -83, 118, 65, 2, 3, - 1, 0, 1 }; + byte[] dummykey = new byte[] { + 48, 92, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5, + 0, 3, 75, 0, 48, 72, 2, 65, 0, -65, 121, -119, -59, 105, 66, + -122, -78, -30, -64, 63, -47, 44, -48, -104, 103, -47, -108, + 42, -38, 46, -8, 32, 49, -29, -26, -112, -29, -86,71, 24, + -104, 78, -31, -75, -128, 90, -92, -34, -51, -125, -13, 80, 101, + -78, 39, -119, -38, 117, 28, 67, -19, -71, -124, -85, 105, -53, + -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1}; // default values into x509 certinfo. This thing is // not serializable by default try { - info.set(X509CertInfo.VERSION, new CertificateVersion( - CertificateVersion.V3)); - info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( - new BigInteger("0"))); - info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuerName)); - info.set( - X509CertInfo.KEY, - new CertificateX509Key(X509Key - .parse(new DerValue(dummykey)))); - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName( - issuerName)); - info.set(X509CertInfo.VALIDITY, new CertificateValidity(new Date(), - new Date())); - info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId( + info.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); + info.set(X509CertInfo.SERIAL_NUMBER, + new CertificateSerialNumber(new BigInteger("0"))); + info.set(X509CertInfo.ISSUER, + new CertificateIssuerName(issuerName)); + info.set(X509CertInfo.KEY, + new CertificateX509Key(X509Key.parse(new DerValue(dummykey)))); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(issuerName)); + info.set(X509CertInfo.VALIDITY, + new CertificateValidity(new Date(), new Date())); + info.set(X509CertInfo.ALGORITHM_ID, + new CertificateAlgorithmId( AlgorithmId.getAlgorithmId("MD5withRSA"))); // add default extension container - info.set(X509CertInfo.EXTENSIONS, new CertificateExtensions()); + info.set(X509CertInfo.EXTENSIONS, + new CertificateExtensions()); } catch (Exception e) { // throw exception - add key to template CMS.debug("EnrollProfile: Building X509CertInfo - " + e.toString()); @@ -241,7 +246,8 @@ public abstract class EnrollProfile extends BasicProfile implements req.setExtData(REQUEST_CERTINFO, info); } - public IRequest createEnrollmentRequest() throws EProfileException { + public IRequest createEnrollmentRequest() + throws EProfileException { IRequest req = null; try { @@ -250,20 +256,22 @@ public abstract class EnrollProfile extends BasicProfile implements setDefaultCertInfo(req); // put the certificate info into request - req.setExtData(REQUEST_EXTENSIONS, new CertificateExtensions()); + req.setExtData(REQUEST_EXTENSIONS, + new CertificateExtensions()); - CMS.debug("EnrollProfile: createRequest " - + req.getRequestId().toString()); + CMS.debug("EnrollProfile: createRequest " + + req.getRequestId().toString()); } catch (EBaseException e) { // raise exception - CMS.debug("EnrollProfile: create new enroll request " - + e.toString()); + CMS.debug("EnrollProfile: create new enroll request " + + e.toString()); } return req; } - public abstract void execute(IRequest request) throws EProfileException; + public abstract void execute(IRequest request) + throws EProfileException; /** * Perform simple policy set assignment. @@ -290,8 +298,8 @@ public abstract class EnrollProfile extends BasicProfile implements X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO); try { - CertificateSubjectName sn = (CertificateSubjectName) info - .get(X509CertInfo.SUBJECT); + CertificateSubjectName sn = (CertificateSubjectName) + info.get(X509CertInfo.SUBJECT); return sn.toString(); } catch (Exception e) { @@ -301,34 +309,35 @@ public abstract class EnrollProfile extends BasicProfile implements } /** - * This method is called after the user submits the request from the - * end-entity page. + * This method is called after the user submits the + * request from the end-entity page. */ public void submit(IAuthToken token, IRequest request) - throws EDeferException, EProfileException { + throws EDeferException, EProfileException { // Request Submission Logic: // // if (Authentication Failed) { - // return Error - // } else { - // if (No Auth Token) { - // queue request + // return Error // } else { - // process request - // } + // if (No Auth Token) { + // queue request + // } else { + // process request + // } // } - IAuthority authority = (IAuthority) getAuthority(); + IAuthority authority = (IAuthority) + getAuthority(); IRequestQueue queue = authority.getRequestQueue(); - // this profile queues request that is authenticated - // by NoAuth - try { - queue.updateRequest(request); - } catch (EBaseException e) { - // save request to disk - CMS.debug("EnrollProfile: Update request " + e.toString()); - } + // this profile queues request that is authenticated + // by NoAuth + try { + queue.updateRequest(request); + } catch (EBaseException e) { + // save request to disk + CMS.debug("EnrollProfile: Update request " + e.toString()); + } if (token == null) { CMS.debug("EnrollProfile: auth token is null"); @@ -337,8 +346,7 @@ public abstract class EnrollProfile extends BasicProfile implements try { queue.updateRequest(request); } catch (EBaseException e) { - CMS.debug("EnrollProfile: Update request (after validation) " - + e.toString()); + CMS.debug("EnrollProfile: Update request (after validation) " + e.toString()); } throw new EDeferException("defer request"); @@ -352,12 +360,12 @@ public abstract class EnrollProfile extends BasicProfile implements } public TaggedRequest[] parseCMC(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { /* cert request must not be null */ if (certreq == null) { CMS.debug("EnrollProfile: parseCMC() certreq null"); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } CMS.debug("EnrollProfile: Start parseCMC(): " + certreq); @@ -367,24 +375,22 @@ public abstract class EnrollProfile extends BasicProfile implements String creq = normalizeCertReq(certreq); try { byte data[] = CMS.AtoB(creq); - ByteArrayInputStream cmcBlobIn = new ByteArrayInputStream(data); - - org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) org.mozilla.jss.pkix.cms.ContentInfo - .getTemplate().decode(cmcBlobIn); - org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData) cmcReq - .getInterpretedContent(); - org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq - .getContentInfo(); + ByteArrayInputStream cmcBlobIn = + new ByteArrayInputStream(data); + + org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) + org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); + org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData)cmcReq.getInterpretedContent(); + org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); OCTET_STRING content = ci.getContent(); - - ByteArrayInputStream s = new ByteArrayInputStream( - content.toByteArray()); + + ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s); mCMCData = pkiData; - // PKIData pkiData = (PKIData) - // (new PKIData.Template()).decode(cmcBlobIn); + //PKIData pkiData = (PKIData) + // (new PKIData.Template()).decode(cmcBlobIn); SEQUENCE controlSeq = pkiData.getControlSequence(); int numcontrols = controlSeq.size(); SEQUENCE reqSeq = pkiData.getReqSequence(); @@ -394,24 +400,22 @@ public abstract class EnrollProfile extends BasicProfile implements if (numcontrols > 0) { context.put("numOfControls", Integer.valueOf(numcontrols)); TaggedAttribute[] attributes = new TaggedAttribute[numcontrols]; - for (int i = 0; i < numcontrols; i++) { - attributes[i] = (TaggedAttribute) controlSeq - .elementAt(i); + for (int i=0; i<numcontrols; i++) { + attributes[i] = (TaggedAttribute)controlSeq.elementAt(i); OBJECT_IDENTIFIER oid = attributes[i].getType(); if (oid.equals(OBJECT_IDENTIFIER.id_cmc_identityProof)) { - boolean valid = verifyIdentityProof(attributes[i], - reqSeq); + boolean valid = verifyIdentityProof(attributes[i], + reqSeq); if (!valid) { - SEQUENCE bpids = getRequestBpids(reqSeq); + SEQUENCE bpids = getRequestBpids(reqSeq); context.put("identityProof", bpids); return null; } - } else if (oid - .equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkRandom)) { + } else if (oid.equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkRandom)) { SET vals = attributes[i].getValues(); - OCTET_STRING ostr = (OCTET_STRING) (ASN1Util - .decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + OCTET_STRING ostr = + (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); randomSeed = ostr.toByteArray(); } else { context.put(attributes[i].getType(), attributes[i]); @@ -419,19 +423,18 @@ public abstract class EnrollProfile extends BasicProfile implements } } } - + SEQUENCE otherMsgSeq = pkiData.getOtherMsgSequence(); int numOtherMsgs = otherMsgSeq.size(); if (!context.containsKey("numOfOtherMsgs")) { context.put("numOfOtherMsgs", Integer.valueOf(numOtherMsgs)); - for (int i = 0; i < numOtherMsgs; i++) { - OtherMsg omsg = (OtherMsg) (ASN1Util.decode( - OtherMsg.getTemplate(), - ASN1Util.encode(otherMsgSeq.elementAt(i)))); - context.put("otherMsg" + i, omsg); + for (int i=0; i<numOtherMsgs; i++) { + OtherMsg omsg =(OtherMsg)(ASN1Util.decode(OtherMsg.getTemplate(), + ASN1Util.encode(otherMsgSeq.elementAt(i)))); + context.put("otherMsg"+i, omsg); } } - + int nummsgs = reqSeq.size(); if (nummsgs > 0) { msgs = new TaggedRequest[reqSeq.size()]; @@ -441,11 +444,10 @@ public abstract class EnrollProfile extends BasicProfile implements msgs[i] = (TaggedRequest) reqSeq.elementAt(i); if (!context.containsKey("POPLinkWitness")) { if (randomSeed != null) { - valid = verifyPOPLinkWitness(randomSeed, msgs[i], - bpids); + valid = verifyPOPLinkWitness(randomSeed, msgs[i], bpids); if (!valid || bpids.size() > 0) { context.put("POPLinkWitness", bpids); - return null; + return null; } } } @@ -456,13 +458,13 @@ public abstract class EnrollProfile extends BasicProfile implements return msgs; } catch (Exception e) { CMS.debug("EnrollProfile: parseCMC " + e.toString()); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } } private boolean verifyPOPLinkWitness(byte[] randomSeed, TaggedRequest req, - SEQUENCE bpids) { + SEQUENCE bpids) { ISharedToken tokenClass = null; boolean sharedSecretFound = true; String name = null; @@ -477,15 +479,15 @@ public abstract class EnrollProfile extends BasicProfile implements } try { - tokenClass = (ISharedToken) Class.forName(name).newInstance(); + tokenClass = (ISharedToken)Class.forName(name).newInstance(); } catch (ClassNotFoundException e) { - CMS.debug("EnrollProfile: Failed to find class name: " + name); + CMS.debug("EnrollProfile: Failed to find class name: "+name); sharedSecretFound = false; } catch (InstantiationException e) { - CMS.debug("EnrollProfile: Failed to instantiate class: " + name); + CMS.debug("EnrollProfile: Failed to instantiate class: "+name); sharedSecretFound = false; } catch (IllegalAccessException e) { - CMS.debug("EnrollProfile: Illegal access: " + name); + CMS.debug("EnrollProfile: Illegal access: "+name); sharedSecretFound = false; } @@ -494,7 +496,7 @@ public abstract class EnrollProfile extends BasicProfile implements String sharedSecret = null; if (tokenClass != null) sharedSecret = tokenClass.getSharedToken(mCMCData); - if (req.getType().equals(TaggedRequest.PKCS10)) { + if (req.getType().equals(TaggedRequest.PKCS10)) { TaggedCertificationRequest tcr = req.getTcr(); if (!sharedSecretFound) { bpids.addElement(tcr.getBodyPartID()); @@ -503,27 +505,25 @@ public abstract class EnrollProfile extends BasicProfile implements CertificationRequest creq = tcr.getCertificationRequest(); CertificationRequestInfo cinfo = creq.getInfo(); SET attrs = cinfo.getAttributes(); - for (int j = 0; j < attrs.size(); j++) { - Attribute pkcs10Attr = (Attribute) attrs.elementAt(j); - if (pkcs10Attr.getType().equals( - OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { + for (int j=0; j<attrs.size(); j++) { + Attribute pkcs10Attr = (Attribute)attrs.elementAt(j); + if (pkcs10Attr.getType().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { SET witnessVal = pkcs10Attr.getValues(); if (witnessVal.size() > 0) { try { - OCTET_STRING str = (OCTET_STRING) (ASN1Util - .decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(witnessVal - .elementAt(0)))); + OCTET_STRING str = + (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(witnessVal.elementAt(0)))); bv = str.toByteArray(); return verifyDigest(sharedSecret.getBytes(), - randomSeed, bv); + randomSeed, bv); } catch (InvalidBERException ex) { return false; } } - } + } } - + return false; } } else if (req.getType().equals(TaggedRequest.CRMF)) { @@ -537,15 +537,14 @@ public abstract class EnrollProfile extends BasicProfile implements for (int i = 0; i < certReq.numControls(); i++) { AVA ava = certReq.controlAt(i); - if (ava.getOID().equals( - OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { + if (ava.getOID().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { ASN1Value value = ava.getValue(); ByteArrayInputStream bis = new ByteArrayInputStream( - ASN1Util.encode(value)); + ASN1Util.encode(value)); OCTET_STRING ostr = null; try { - ostr = (OCTET_STRING) (new OCTET_STRING.Template()) - .decode(bis); + ostr = (OCTET_STRING) + (new OCTET_STRING.Template()).decode(bis); bv = ostr.toByteArray(); } catch (Exception e) { bpids.addElement(reqId); @@ -553,7 +552,7 @@ public abstract class EnrollProfile extends BasicProfile implements } boolean valid = verifyDigest(sharedSecret.getBytes(), - randomSeed, bv); + randomSeed, bv); if (!valid) { bpids.addElement(reqId); return valid; @@ -572,7 +571,7 @@ public abstract class EnrollProfile extends BasicProfile implements MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); key = SHA1Digest.digest(sharedSecret); } catch (NoSuchAlgorithmException ex) { - CMS.debug("EnrollProfile: No such algorithm for this message digest."); + CMS.debug("EnrollProfile: No such algorithm for this message digest."); return false; } @@ -583,7 +582,7 @@ public abstract class EnrollProfile extends BasicProfile implements hmacDigest.update(text); finalDigest = hmacDigest.digest(); } catch (NoSuchAlgorithmException ex) { - CMS.debug("EnrollProfile: No such algorithm for this message digest."); + CMS.debug("EnrollProfile: No such algorithm for this message digest."); return false; } @@ -592,9 +591,9 @@ public abstract class EnrollProfile extends BasicProfile implements return false; } - for (int j = 0; j < bv.length; j++) { + for (int j=0; j<bv.length; j++) { if (bv[j] != finalDigest[j]) { - CMS.debug("EnrollProfile: The content of two HMAC digest are not the same."); + CMS.debug("EnrollProfile: The content of two HMAC digest are not the same."); return false; } } @@ -636,24 +635,23 @@ public abstract class EnrollProfile extends BasicProfile implements else { ISharedToken tokenClass = null; try { - tokenClass = (ISharedToken) Class.forName(name).newInstance(); + tokenClass = (ISharedToken)Class.forName(name).newInstance(); } catch (ClassNotFoundException e) { - CMS.debug("EnrollProfile: Failed to find class name: " + name); + CMS.debug("EnrollProfile: Failed to find class name: "+name); return false; } catch (InstantiationException e) { - CMS.debug("EnrollProfile: Failed to instantiate class: " + name); + CMS.debug("EnrollProfile: Failed to instantiate class: "+name); return false; } catch (IllegalAccessException e) { - CMS.debug("EnrollProfile: Illegal access: " + name); + CMS.debug("EnrollProfile: Illegal access: "+name); return false; } - + String token = tokenClass.getSharedToken(mCMCData); OCTET_STRING ostr = null; try { - ostr = (OCTET_STRING) (ASN1Util.decode( - OCTET_STRING.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + ostr = (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); } catch (InvalidBERException e) { CMS.debug("EnrollProfile: Failed to decode the byte value."); return false; @@ -665,33 +663,35 @@ public abstract class EnrollProfile extends BasicProfile implements } } - public void fillTaggedRequest(Locale locale, TaggedRequest tagreq, - X509CertInfo info, IRequest req) throws EProfileException { + public void fillTaggedRequest(Locale locale, TaggedRequest tagreq, X509CertInfo info, + IRequest req) + throws EProfileException { TaggedRequest.Type type = tagreq.getType(); - if (type.equals(TaggedRequest.PKCS10)) { + if (type.equals(TaggedRequest.PKCS10)) { try { - TaggedCertificationRequest tcr = tagreq.getTcr(); - CertificationRequest p10 = tcr.getCertificationRequest(); - ByteArrayOutputStream ostream = new ByteArrayOutputStream(); + TaggedCertificationRequest tcr = tagreq.getTcr(); + CertificationRequest p10 = tcr.getCertificationRequest(); + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); - p10.encode(ostream); + p10.encode(ostream); PKCS10 pkcs10 = new PKCS10(ostream.toByteArray()); req.setExtData("bodyPartId", tcr.getBodyPartID()); fillPKCS10(locale, pkcs10, info, req); } catch (Exception e) { - CMS.debug("EnrollProfile: fillTaggedRequest " + e.toString()); + CMS.debug("EnrollProfile: fillTaggedRequest " + + e.toString()); } - } else if (type.equals(TaggedRequest.CRMF)) { - CertReqMsg crm = tagreq.getCrm(); + } else if (type.equals(TaggedRequest.CRMF)) { + CertReqMsg crm = tagreq.getCrm(); SessionContext context = SessionContext.getContext(); - Integer nums = (Integer) (context.get("numOfControls")); + Integer nums = (Integer)(context.get("numOfControls")); // check if the LRA POP Witness Control attribute exists if (nums != null && nums.intValue() > 0) { - TaggedAttribute attr = (TaggedAttribute) (context - .get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); + TaggedAttribute attr = + (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); if (attr != null) { parseLRAPopWitness(locale, crm, attr); } else { @@ -705,58 +705,53 @@ public abstract class EnrollProfile extends BasicProfile implements fillCertReqMsg(locale, crm, info, req); } else { - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } } - private void parseLRAPopWitness(Locale locale, CertReqMsg crm, - TaggedAttribute attr) throws EProfileException { + private void parseLRAPopWitness(Locale locale, CertReqMsg crm, + TaggedAttribute attr) throws EProfileException { SET vals = attr.getValues(); boolean donePOP = false; INTEGER reqId = null; if (vals.size() > 0) { LraPopWitness lraPop = null; try { - lraPop = (LraPopWitness) (ASN1Util.decode( - LraPopWitness.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + lraPop = (LraPopWitness)(ASN1Util.decode(LraPopWitness.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); } catch (InvalidBERException e) { - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_ENCODING_ERROR")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); } SEQUENCE bodyIds = lraPop.getBodyIds(); reqId = crm.getCertReq().getCertReqId(); - for (int i = 0; i < bodyIds.size(); i++) { - INTEGER num = (INTEGER) (bodyIds.elementAt(i)); + for (int i=0; i<bodyIds.size(); i++) { + INTEGER num = (INTEGER)(bodyIds.elementAt(i)); if (num.toString().equals(reqId.toString())) { donePOP = true; - CMS.debug("EnrollProfile: skip POP for request: " - + reqId.toString() - + " because LRA POP Witness control is found."); + CMS.debug("EnrollProfile: skip POP for request: "+reqId.toString()+ " because LRA POP Witness control is found."); break; } } } if (!donePOP) { - CMS.debug("EnrollProfile: not skip POP for request: " - + reqId.toString() - + " because this request id is not part of the body list in LRA Pop witness control."); + CMS.debug("EnrollProfile: not skip POP for request: "+reqId.toString()+" because this request id is not part of the body list in LRA Pop witness control."); verifyPOP(locale, crm); } } public CertReqMsg[] parseCRMF(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { /* cert request must not be null */ if (certreq == null) { CMS.debug("EnrollProfile: parseCRMF() certreq null"); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } CMS.debug("EnrollProfile: Start parseCRMF(): " + certreq); @@ -764,9 +759,11 @@ public abstract class EnrollProfile extends BasicProfile implements String creq = normalizeCertReq(certreq); try { byte data[] = CMS.AtoB(creq); - ByteArrayInputStream crmfBlobIn = new ByteArrayInputStream(data); - SEQUENCE crmfMsgs = (SEQUENCE) new SEQUENCE.OF_Template( - new CertReqMsg.Template()).decode(crmfBlobIn); + ByteArrayInputStream crmfBlobIn = + new ByteArrayInputStream(data); + SEQUENCE crmfMsgs = (SEQUENCE) + new SEQUENCE.OF_Template(new + CertReqMsg.Template()).decode(crmfBlobIn); int nummsgs = crmfMsgs.size(); if (nummsgs <= 0) @@ -778,23 +775,24 @@ public abstract class EnrollProfile extends BasicProfile implements return msgs; } catch (Exception e) { CMS.debug("EnrollProfile: parseCRMF " + e.toString()); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } } - private static final OBJECT_IDENTIFIER PKIARCHIVEOPTIONS_OID = new OBJECT_IDENTIFIER( - new long[] { 1, 3, 6, 1, 5, 5, 7, 5, 1, 4 }); + private static final OBJECT_IDENTIFIER PKIARCHIVEOPTIONS_OID = + new OBJECT_IDENTIFIER(new long[] {1, 3, 6, 1, 5, 5, 7, 5, 1, 4} + ); - protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) { - ASN1Value archVal = ava.getValue(); + protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) { + ASN1Value archVal = ava.getValue(); ByteArrayInputStream bis = new ByteArrayInputStream( - ASN1Util.encode(archVal)); + ASN1Util.encode(archVal)); PKIArchiveOptions archOpts = null; - try { - archOpts = (PKIArchiveOptions) (new PKIArchiveOptions.Template()) - .decode(bis); + try { + archOpts = (PKIArchiveOptions) + (new PKIArchiveOptions.Template()).decode(bis); } catch (Exception e) { CMS.debug("EnrollProfile: getPKIArchiveOptions " + e.toString()); } @@ -805,21 +803,22 @@ public abstract class EnrollProfile extends BasicProfile implements ByteArrayInputStream bis = new ByteArrayInputStream(options); PKIArchiveOptions archOpts = null; - try { - archOpts = (PKIArchiveOptions) (new PKIArchiveOptions.Template()) - .decode(bis); + try { + archOpts = (PKIArchiveOptions) + (new PKIArchiveOptions.Template()).decode(bis); } catch (Exception e) { CMS.debug("EnrollProfile: toPKIArchiveOptions " + e.toString()); } return archOpts; } - public byte[] toByteArray(PKIArchiveOptions options) { + public byte[] toByteArray(PKIArchiveOptions options) { return ASN1Util.encode(options); } - public void fillCertReqMsg(Locale locale, CertReqMsg certReqMsg, - X509CertInfo info, IRequest req) throws EProfileException { + public void fillCertReqMsg(Locale locale, CertReqMsg certReqMsg, X509CertInfo info, + IRequest req) + throws EProfileException { try { CMS.debug("Start parseCertReqMsg "); CertRequest certReq = certReqMsg.getCertReq(); @@ -828,11 +827,12 @@ public abstract class EnrollProfile extends BasicProfile implements for (int i = 0; i < certReq.numControls(); i++) { AVA ava = certReq.controlAt(i); - if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) { + if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) { PKIArchiveOptions opt = getPKIArchiveOptions(ava); - // req.set(REQUEST_ARCHIVE_OPTIONS, opt); - req.setExtData(REQUEST_ARCHIVE_OPTIONS, toByteArray(opt)); + //req.set(REQUEST_ARCHIVE_OPTIONS, opt); + req.setExtData(REQUEST_ARCHIVE_OPTIONS, + toByteArray(opt)); } } @@ -849,24 +849,23 @@ public abstract class EnrollProfile extends BasicProfile implements key.decode(keybytes); // XXX - kmccarth - this may simply undo the decoding above - // but for now it's unclear whether X509Key - // changest the format when decoding. + // but for now it's unclear whether X509Key + // changest the format when decoding. CertificateX509Key certKey = new CertificateX509Key(key); ByteArrayOutputStream certKeyOut = new ByteArrayOutputStream(); certKey.encode(certKeyOut); req.setExtData(REQUEST_KEY, certKeyOut.toByteArray()); // parse validity - if (certTemplate.getNotBefore() != null - || certTemplate.getNotAfter() != null) { - CMS.debug("EnrollProfile: requested notBefore: " - + certTemplate.getNotBefore()); - CMS.debug("EnrollProfile: requested notAfter: " - + certTemplate.getNotAfter()); + if (certTemplate.getNotBefore() != null || + certTemplate.getNotAfter() != null) { + CMS.debug("EnrollProfile: requested notBefore: " + certTemplate.getNotBefore()); + CMS.debug("EnrollProfile: requested notAfter: " + certTemplate.getNotAfter()); CMS.debug("EnrollProfile: current CA time: " + new Date()); CertificateValidity certValidity = new CertificateValidity( certTemplate.getNotBefore(), certTemplate.getNotAfter()); - ByteArrayOutputStream certValidityOut = new ByteArrayOutputStream(); + ByteArrayOutputStream certValidityOut = + new ByteArrayOutputStream(); certValidity.encode(certValidityOut); req.setExtData(REQUEST_VALIDITY, certValidityOut.toByteArray()); } else { @@ -876,32 +875,31 @@ public abstract class EnrollProfile extends BasicProfile implements // parse subject if (certTemplate.hasSubject()) { Name subjectdn = certTemplate.getSubject(); - ByteArrayOutputStream subjectEncStream = new ByteArrayOutputStream(); + ByteArrayOutputStream subjectEncStream = + new ByteArrayOutputStream(); subjectdn.encode(subjectEncStream); byte[] subjectEnc = subjectEncStream.toByteArray(); X500Name subject = new X500Name(subjectEnc); - // info.set(X509CertInfo.SUBJECT, - // new CertificateSubjectName(subject)); + //info.set(X509CertInfo.SUBJECT, + // new CertificateSubjectName(subject)); req.setExtData(REQUEST_SUBJECT_NAME, new CertificateSubjectName(subject)); try { - String subjectCN = subject.getCommonName(); - if (subjectCN == null) - subjectCN = ""; - req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN); + String subjectCN = subject.getCommonName(); + if (subjectCN == null) subjectCN = ""; + req.setExtData(REQUEST_SUBJECT_NAME+".cn", subjectCN); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME + ".cn", ""); + req.setExtData(REQUEST_SUBJECT_NAME+".cn", ""); } try { String subjectUID = subject.getUserID(); - if (subjectUID == null) - subjectUID = ""; - req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID); + if (subjectUID == null) subjectUID = ""; + req.setExtData(REQUEST_SUBJECT_NAME+".uid", subjectUID); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME + ".uid", ""); + req.setExtData(REQUEST_SUBJECT_NAME+".uid", ""); } } @@ -910,11 +908,11 @@ public abstract class EnrollProfile extends BasicProfile implements // try { extensions = req.getExtDataInCertExts(REQUEST_EXTENSIONS); - // } catch (CertificateException e) { - // extensions = null; + // } catch (CertificateException e) { + // extensions = null; // } catch (IOException e) { - // extensions = null; - // } + // extensions = null; + // } if (certTemplate.hasExtensions()) { // put each extension from CRMF into CertInfo. // index by extension name, consistent with @@ -924,54 +922,57 @@ public abstract class EnrollProfile extends BasicProfile implements int numexts = certTemplate.numExtensions(); for (int j = 0; j < numexts; j++) { - org.mozilla.jss.pkix.cert.Extension jssext = certTemplate - .extensionAt(j); + org.mozilla.jss.pkix.cert.Extension jssext = + certTemplate.extensionAt(j); boolean isCritical = jssext.getCritical(); - org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = jssext - .getExtnId(); + org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = + jssext.getExtnId(); long[] numbers = jssoid.getNumbers(); int[] oidNumbers = new int[numbers.length]; for (int k = numbers.length - 1; k >= 0; k--) { oidNumbers[k] = (int) numbers[k]; } - ObjectIdentifier oid = new ObjectIdentifier(oidNumbers); - org.mozilla.jss.asn1.OCTET_STRING jssvalue = jssext - .getExtnValue(); - ByteArrayOutputStream jssvalueout = new ByteArrayOutputStream(); + ObjectIdentifier oid = + new ObjectIdentifier(oidNumbers); + org.mozilla.jss.asn1.OCTET_STRING jssvalue = + jssext.getExtnValue(); + ByteArrayOutputStream jssvalueout = + new ByteArrayOutputStream(); jssvalue.encode(jssvalueout); byte[] extValue = jssvalueout.toByteArray(); - Extension ext = new Extension(oid, isCritical, extValue); + Extension ext = + new Extension(oid, isCritical, extValue); extensions.parseExtension(ext); } - // info.set(X509CertInfo.EXTENSIONS, extensions); + // info.set(X509CertInfo.EXTENSIONS, extensions); req.setExtData(REQUEST_EXTENSIONS, extensions); } } catch (IOException e) { CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString()); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } catch (InvalidKeyException e) { CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString()); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); - // } catch (CertificateException e) { - // CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString()); - // throw new EProfileException(e.toString()); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + // } catch (CertificateException e) { + // CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString()); + // throw new EProfileException(e.toString()); } } public PKCS10 parsePKCS10(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { /* cert request must not be null */ if (certreq == null) { CMS.debug("EnrollProfile:parsePKCS10() certreq null"); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } CMS.debug("Start parsePKCS10(): " + certreq); @@ -987,20 +988,17 @@ public abstract class EnrollProfile extends BasicProfile implements try { cm = CryptoManager.getInstance(); - sigver = CMS.getConfigStore().getBoolean( - "ca.requestVerify.enabled", true); + sigver = CMS.getConfigStore().getBoolean("ca.requestVerify.enabled", true); if (sigver) { CMS.debug("EnrollProfile: parsePKCS10: signature verification enabled"); - String tokenName = CMS.getConfigStore().getString( - "ca.requestVerify.token", "internal"); + String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", "internal"); savedToken = cm.getThreadToken(); CryptoToken signToken = null; if (tokenName.equals("internal")) { CMS.debug("EnrollProfile: parsePKCS10: use internal token"); signToken = cm.getInternalCryptoToken(); } else { - CMS.debug("EnrollProfile: parsePKCS10: tokenName=" - + tokenName); + CMS.debug("EnrollProfile: parsePKCS10: tokenName="+ tokenName); signToken = cm.getTokenByName(tokenName); } CMS.debug("EnrollProfile: parsePKCS10 setting thread token"); @@ -1012,8 +1010,8 @@ public abstract class EnrollProfile extends BasicProfile implements } } catch (Exception e) { CMS.debug("EnrollProfile: parsePKCS10 " + e.toString()); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } finally { if (sigver) { CMS.debug("EnrollProfile: parsePKCS10 restoring thread token"); @@ -1024,8 +1022,8 @@ public abstract class EnrollProfile extends BasicProfile implements return pkcs10; } - public void fillPKCS10(Locale locale, PKCS10 pkcs10, X509CertInfo info, - IRequest req) throws EProfileException { + public void fillPKCS10(Locale locale, PKCS10 pkcs10, X509CertInfo info, IRequest req) + throws EProfileException { X509Key key = pkcs10.getSubjectPublicKeyInfo(); try { @@ -1037,41 +1035,36 @@ public abstract class EnrollProfile extends BasicProfile implements req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME, new CertificateSubjectName(pkcs10.getSubjectName())); try { - String subjectCN = pkcs10.getSubjectName().getCommonName(); - if (subjectCN == null) - subjectCN = ""; - req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN); + String subjectCN = pkcs10.getSubjectName().getCommonName(); + if (subjectCN == null) subjectCN = ""; + req.setExtData(REQUEST_SUBJECT_NAME+".cn", subjectCN); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME + ".cn", ""); + req.setExtData(REQUEST_SUBJECT_NAME+".cn", ""); } try { String subjectUID = pkcs10.getSubjectName().getUserID(); - if (subjectUID == null) - subjectUID = ""; - req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID); + if (subjectUID == null) subjectUID = ""; + req.setExtData(REQUEST_SUBJECT_NAME+".uid", subjectUID); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME + ".uid", ""); + req.setExtData(REQUEST_SUBJECT_NAME+".uid", ""); } info.set(X509CertInfo.KEY, certKey); PKCS10Attributes p10Attrs = pkcs10.getAttributes(); if (p10Attrs != null) { - PKCS10Attribute p10Attr = (PKCS10Attribute) (p10Attrs - .getAttribute(CertificateExtensions.NAME)); - if (p10Attr != null - && p10Attr.getAttributeId().equals( - PKCS9Attribute.EXTENSION_REQUEST_OID)) { - CMS.debug("Found PKCS10 extension"); - Extensions exts0 = (Extensions) (p10Attr - .getAttributeValue()); + PKCS10Attribute p10Attr = (PKCS10Attribute) + (p10Attrs.getAttribute(CertificateExtensions.NAME)); + if (p10Attr != null && p10Attr.getAttributeId().equals( + PKCS9Attribute.EXTENSION_REQUEST_OID)) { CMS.debug("Found PKCS10 extension"); + Extensions exts0 = (Extensions) + (p10Attr.getAttributeValue()); DerOutputStream extOut = new DerOutputStream(); exts0.encode(extOut); byte[] extB = extOut.toByteArray(); DerInputStream extIn = new DerInputStream(extB); - CertificateExtensions exts = new CertificateExtensions( - extIn); + CertificateExtensions exts = new CertificateExtensions(extIn); if (exts != null) { CMS.debug("Set extensions " + exts); // info.set(X509CertInfo.EXTENSIONS, exts); @@ -1079,73 +1072,75 @@ public abstract class EnrollProfile extends BasicProfile implements } } else { CMS.debug("PKCS10 extension Not Found"); - } - } + } + } CMS.debug("Finish parsePKCS10 - " + pkcs10.getSubjectName()); } catch (IOException e) { CMS.debug("EnrollProfile: fillPKCS10 " + e.toString()); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } catch (CertificateException e) { CMS.debug("EnrollProfile: fillPKCS10 " + e.toString()); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } } - // for netkey - public void fillNSNKEY(Locale locale, String sn, String skey, - X509CertInfo info, IRequest req) throws EProfileException { - try { - // cfu - is the algorithm going to be replaced by the policy? - X509Key key = new X509Key(); - key.decode(CMS.AtoB(skey)); - - info.set(X509CertInfo.KEY, new CertificateX509Key(key)); - // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, - // new CertificateSubjectName(new - // X500Name("CN="+sn))); - req.setExtData("screenname", sn); - // keeping "aoluid" to be backward compatible - req.setExtData("aoluid", sn); - req.setExtData("uid", sn); - CMS.debug("EnrollPrifile: fillNSNKEY(): uid=" + sn); + // for netkey + public void fillNSNKEY(Locale locale, String sn, String skey, X509CertInfo info, IRequest req) + throws EProfileException { - } catch (Exception e) { - CMS.debug("EnrollProfile: fillNSNKEY(): " + e.toString()); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + try { + //cfu - is the algorithm going to be replaced by the policy? + X509Key key = new X509Key(); + key.decode(CMS.AtoB(skey)); + + info.set(X509CertInfo.KEY, new CertificateX509Key(key)); + // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, + // new CertificateSubjectName(new + // X500Name("CN="+sn))); + req.setExtData("screenname", sn); + // keeping "aoluid" to be backward compatible + req.setExtData("aoluid", sn); + req.setExtData("uid", sn); + CMS.debug("EnrollPrifile: fillNSNKEY(): uid="+sn); + + } catch (Exception e) { + CMS.debug("EnrollProfile: fillNSNKEY(): "+e.toString()); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + } } - } - - // for house key - public void fillNSHKEY(Locale locale, String tcuid, String skey, - X509CertInfo info, IRequest req) throws EProfileException { - - try { - // cfu - is the algorithm going to be replaced by the policy? - X509Key key = new X509Key(); - key.decode(CMS.AtoB(skey)); - info.set(X509CertInfo.KEY, new CertificateX509Key(key)); - // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, - // new CertificateSubjectName(new - // X500Name("CN="+sn))); - req.setExtData("tokencuid", tcuid); + // for house key + public void fillNSHKEY(Locale locale, String tcuid, String skey, X509CertInfo info, IRequest req) + throws EProfileException { - CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid=" + tcuid); - - } catch (Exception e) { - CMS.debug("EnrollProfile: fillNSHKEY(): " + e.toString()); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + try { + //cfu - is the algorithm going to be replaced by the policy? + X509Key key = new X509Key(); + key.decode(CMS.AtoB(skey)); + + info.set(X509CertInfo.KEY, new CertificateX509Key(key)); + // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, + // new CertificateSubjectName(new + // X500Name("CN="+sn))); + req.setExtData("tokencuid", tcuid); + + CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid="+tcuid); + + } catch (Exception e) { + CMS.debug("EnrollProfile: fillNSHKEY(): "+e.toString()); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + } } - } + public DerInputStream parseKeyGen(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { byte data[] = CMS.AtoB(certreq); DerInputStream derIn = new DerInputStream(data); @@ -1153,8 +1148,9 @@ public abstract class EnrollProfile extends BasicProfile implements return derIn; } - public void fillKeyGen(Locale locale, DerInputStream derIn, - X509CertInfo info, IRequest req) throws EProfileException { + public void fillKeyGen(Locale locale, DerInputStream derIn, X509CertInfo info, IRequest req + ) + throws EProfileException { try { /* get SPKAC Algorithm & Signature */ @@ -1184,12 +1180,12 @@ public abstract class EnrollProfile extends BasicProfile implements info.set(X509CertInfo.KEY, certKey); } catch (IOException e) { CMS.debug("EnrollProfile: fillKeyGen " + e.toString()); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } catch (CertificateException e) { CMS.debug("EnrollProfile: fillKeyGen " + e.toString()); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } } @@ -1224,8 +1220,8 @@ public abstract class EnrollProfile extends BasicProfile implements public Locale getLocale(IRequest request) { Locale locale = null; - String language = request - .getExtDataInString(EnrollProfile.REQUEST_LOCALE); + String language = request.getExtDataInString( + EnrollProfile.REQUEST_LOCALE); if (language != null) { locale = new Locale(language); } @@ -1235,36 +1231,37 @@ public abstract class EnrollProfile extends BasicProfile implements /** * Populate input * <P> - * + * * (either all "agent" profile cert requests NOT made through a connector, - * or all "EE" profile cert requests NOT made through a connector) + * or all "EE" profile cert requests NOT made through a connector) * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a * profile cert request is made (before approval process) * </ul> - * * @param ctx profile context * @param request the certificate request * @exception EProfileException an error related to this profile has - * occurred + * occurred */ public void populateInput(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { super.populateInput(ctx, request); } - public void populate(IRequest request) throws EProfileException { + public void populate(IRequest request) + throws EProfileException { super.populate(request); } /** - * Passes the request to the set of constraint policies that validate the - * request against the profile. + * Passes the request to the set of constraint policies + * that validate the request against the profile. */ - public void validate(IRequest request) throws ERejectException { + public void validate(IRequest request) + throws ERejectException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(request); @@ -1276,25 +1273,28 @@ public abstract class EnrollProfile extends BasicProfile implements X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO); try { - CertificateSubjectName sn = (CertificateSubjectName) info - .get(X509CertInfo.SUBJECT); + CertificateSubjectName sn = (CertificateSubjectName) + info.get(X509CertInfo.SUBJECT); // if the cert subject name is NOT MISSING, retrieve the // actual "auditCertificateSubjectName" and "normalize" it if (sn != null) { subject = sn.toString(); if (subject != null) { - // NOTE: This is ok even if the cert subject name - // is "" (empty)! + // NOTE: This is ok even if the cert subject name + // is "" (empty)! auditCertificateSubjectName = subject.trim(); } } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, auditSubjectID, - ILogger.SUCCESS, auditRequesterID, auditProfileID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditProfileID, + auditCertificateSubjectName); audit(auditMessage); } catch (CertificateException e) { @@ -1302,9 +1302,12 @@ public abstract class EnrollProfile extends BasicProfile implements // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, auditSubjectID, - ILogger.FAILURE, auditRequesterID, auditProfileID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditProfileID, + auditCertificateSubjectName); audit(auditMessage); } catch (IOException e) { @@ -1312,9 +1315,12 @@ public abstract class EnrollProfile extends BasicProfile implements // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, auditSubjectID, - ILogger.FAILURE, auditRequesterID, auditProfileID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditProfileID, + auditCertificateSubjectName); audit(auditMessage); } @@ -1331,8 +1337,8 @@ public abstract class EnrollProfile extends BasicProfile implements if (key == null) { Locale locale = getLocale(request); - throw new ERejectException(CMS.getUserMessage(locale, - "CMS_PROFILE_EMPTY_KEY")); + throw new ERejectException(CMS.getUserMessage( + locale, "CMS_PROFILE_EMPTY_KEY")); } try { @@ -1344,11 +1350,12 @@ public abstract class EnrollProfile extends BasicProfile implements /** * Signed Audit Log Requester ID - * - * This method is inherited by all extended "EnrollProfile"s, and is called - * to obtain the "RequesterID" for a signed audit log message. + * + * This method is inherited by all extended "EnrollProfile"s, + * and is called to obtain the "RequesterID" for + * a signed audit log message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -1374,11 +1381,12 @@ public abstract class EnrollProfile extends BasicProfile implements /** * Signed Audit Log Profile ID - * - * This method is inherited by all extended "EnrollProfile"s, and is called - * to obtain the "ProfileID" for a signed audit log message. + * + * This method is inherited by all extended "EnrollProfile"s, + * and is called to obtain the "ProfileID" for + * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message ProfileID */ protected String auditProfileID() { @@ -1399,7 +1407,7 @@ public abstract class EnrollProfile extends BasicProfile implements } public void verifyPOP(Locale locale, CertReqMsg certReqMsg) - throws EProfileException { + throws EProfileException { CMS.debug("EnrollProfile ::in verifyPOP"); String auditMessage = null; @@ -1418,35 +1426,37 @@ public abstract class EnrollProfile extends BasicProfile implements try { CryptoManager cm = CryptoManager.getInstance(); CryptoToken verifyToken = null; - String tokenName = CMS.getConfigStore().getString( - "ca.requestVerify.token", "internal"); + String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", "internal"); if (tokenName.equals("internal")) { CMS.debug("POP verification using internal token"); certReqMsg.verify(); } else { - CMS.debug("POP verification using token:" + tokenName); + CMS.debug("POP verification using token:"+ tokenName); verifyToken = cm.getTokenByName(tokenName); certReqMsg.verify(verifyToken); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID, - ILogger.SUCCESS); - audit(auditMessage); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.SUCCESS ); + audit( auditMessage ); } catch (Exception e) { - CMS.debug("Failed POP verify! " + e.toString()); + CMS.debug("Failed POP verify! "+e.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE ); - audit(auditMessage); + audit( auditMessage ); throw new EProfileException(CMS.getUserMessage(locale, - "CMS_POP_VERIFICATION_ERROR")); + "CMS_POP_VERIFICATION_ERROR")); } } } + diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java index 972412f7e..199aa7943 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java @@ -17,15 +17,17 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; + import com.netscape.certsrv.profile.IProfileContext; + /** - * This class implements an enrollment profile context that carries information - * for request creation. - * + * This class implements an enrollment profile context + * that carries information for request creation. + * * @version $Revision$, $Date$ */ -public class EnrollProfileContext extends ProfileContext implements - IProfileContext { +public class EnrollProfileContext extends ProfileContext + implements IProfileContext { } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java b/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java index 7a275b1e6..147d9c820 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java @@ -17,13 +17,15 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; + import java.util.Hashtable; import com.netscape.certsrv.profile.IProfileContext; + /** * This class implements the profile context. - * + * * @version $Revision$, $Date$ */ public class ProfileContext implements IProfileContext { diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java b/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java index a7895746f..a0f0ed250 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java @@ -17,14 +17,17 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; + import com.netscape.certsrv.profile.IPolicyConstraint; import com.netscape.certsrv.profile.IPolicyDefault; import com.netscape.certsrv.profile.IProfilePolicy; + /** - * This class implements a profile policy that contains a default policy and a - * constraint policy. - * + * This class implements a profile policy that + * contains a default policy and a constraint + * policy. + * * @version $Revision$, $Date$ */ public class ProfilePolicy implements IProfilePolicy { @@ -32,8 +35,7 @@ public class ProfilePolicy implements IProfilePolicy { private IPolicyDefault mDefault = null; private IPolicyConstraint mConstraint = null; - public ProfilePolicy(String id, IPolicyDefault def, - IPolicyConstraint constraint) { + public ProfilePolicy(String id, IPolicyDefault def, IPolicyConstraint constraint) { mId = id; mDefault = def; mConstraint = constraint; diff --git a/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java index b00ac56b9..f82e73138 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; + import java.util.Enumeration; import netscape.security.x509.X500Name; @@ -34,9 +35,11 @@ import com.netscape.certsrv.request.IRequestListener; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestStatus; + /** - * This class implements a Registration Manager enrollment profile. - * + * This class implements a Registration Manager + * enrollment profile. + * * @version $Revision$, $Date$ */ public class RAEnrollProfile extends EnrollProfile { @@ -46,7 +49,8 @@ public class RAEnrollProfile extends EnrollProfile { } public IAuthority getAuthority() { - IAuthority authority = (IAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); + IAuthority authority = (IAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); if (authority == null) return null; @@ -54,27 +58,31 @@ public class RAEnrollProfile extends EnrollProfile { } public X500Name getIssuerName() { - IRegistrationAuthority ra = (IRegistrationAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = (IRegistrationAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); X500Name issuerName = ra.getX500Name(); return issuerName; } - public void execute(IRequest request) throws EProfileException { + public void execute(IRequest request) + throws EProfileException { + if (!isEnable()) { CMS.debug("CAEnrollProfile: Profile Not Enabled"); throw new EProfileException("Profile Not Enabled"); } - IRegistrationAuthority ra = (IRegistrationAuthority) getAuthority(); + IRegistrationAuthority ra = + (IRegistrationAuthority) getAuthority(); IRAService raService = (IRAService) ra.getRAService(); if (raService == null) { throw new EProfileException("No RA Service"); } + IRequestQueue queue = ra.getRequestQueue(); // send request to CA @@ -86,16 +94,15 @@ public class RAEnrollProfile extends EnrollProfile { } else { caConnector.send(request); // check response - if (!request.isSuccess()) { + if (!request.isSuccess()) { CMS.debug("RAEnrollProfile error talking to CA setting req status to SVC_PENDING"); request.setRequestStatus(RequestStatus.SVC_PENDING); try { - queue.updateRequest(request); + queue.updateRequest(request); } catch (EBaseException e) { - CMS.debug("RAEnrollProfile: Update request " - + e.toString()); + CMS.debug("RAEnrollProfile: Update request " + e.toString()); } throw new ERejectException( request.getError(getLocale(request))); diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java index 7d6508644..4a18ff14d 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; + import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; @@ -27,86 +28,91 @@ import com.netscape.certsrv.profile.IProfileInput; import com.netscape.certsrv.profile.IProfileOutput; import com.netscape.certsrv.profile.IProfilePolicy; + /** - * This class implements a Certificate Manager enrollment profile for Server - * Certificates. - * + * This class implements a Certificate Manager enrollment + * profile for Server Certificates. + * * @version $Revision$, $Date$ */ -public class ServerCertCAEnrollProfile extends CAEnrollProfile implements - IProfileEx { +public class ServerCertCAEnrollProfile extends CAEnrollProfile + implements IProfileEx { /** - * Called after initialization. It populates default policies, inputs, and - * outputs. + * Called after initialization. It populates default + * policies, inputs, and outputs. */ - public void populate() throws EBaseException { + public void populate() throws EBaseException + { // create inputs NameValuePairs inputParams1 = new NameValuePairs(); - IProfileInput input1 = createProfileInput("i1", "certReqInputImpl", - inputParams1); + IProfileInput input1 = + createProfileInput("i1", "certReqInputImpl", inputParams1); NameValuePairs inputParams2 = new NameValuePairs(); - IProfileInput input2 = createProfileInput("i2", - "submitterInfoInputImpl", inputParams2); + IProfileInput input2 = + createProfileInput("i2", "submitterInfoInputImpl", inputParams2); // create outputs NameValuePairs outputParams1 = new NameValuePairs(); - IProfileOutput output1 = createProfileOutput("o1", "certOutputImpl", - outputParams1); + IProfileOutput output1 = + createProfileOutput("o1", "certOutputImpl", outputParams1); - IProfilePolicy policy1 = createProfilePolicy("set1", "p1", - "userSubjectNameDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy1 = + createProfilePolicy("set1", "p1", + "userSubjectNameDefaultImpl", "noConstraintImpl"); IPolicyDefault def1 = policy1.getDefault(); IConfigStore defConfig1 = def1.getConfigStore(); IPolicyConstraint con1 = policy1.getConstraint(); IConfigStore conConfig1 = con1.getConfigStore(); - IProfilePolicy policy2 = createProfilePolicy("set1", "p2", - "validityDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy2 = + createProfilePolicy("set1", "p2", + "validityDefaultImpl", "noConstraintImpl"); IPolicyDefault def2 = policy2.getDefault(); IConfigStore defConfig2 = def2.getConfigStore(); - defConfig2.putString("params.range", "180"); - defConfig2.putString("params.startTime", "0"); + defConfig2.putString("params.range","180"); + defConfig2.putString("params.startTime","0"); IPolicyConstraint con2 = policy2.getConstraint(); IConfigStore conConfig2 = con2.getConfigStore(); - IProfilePolicy policy3 = createProfilePolicy("set1", "p3", - "userKeyDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy3 = + createProfilePolicy("set1", "p3", + "userKeyDefaultImpl", "noConstraintImpl"); IPolicyDefault def3 = policy3.getDefault(); IConfigStore defConfig3 = def3.getConfigStore(); - defConfig3.putString("params.keyType", "RSA"); - defConfig3.putString("params.keyMinLength", "512"); - defConfig3.putString("params.keyMaxLength", "4096"); + defConfig3.putString("params.keyType","RSA"); + defConfig3.putString("params.keyMinLength","512"); + defConfig3.putString("params.keyMaxLength","4096"); IPolicyConstraint con3 = policy3.getConstraint(); IConfigStore conConfig3 = con3.getConfigStore(); - IProfilePolicy policy4 = createProfilePolicy("set1", "p4", - "signingAlgDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy4 = + createProfilePolicy("set1", "p4", + "signingAlgDefaultImpl", "noConstraintImpl"); IPolicyDefault def4 = policy4.getDefault(); IConfigStore defConfig4 = def4.getConfigStore(); - defConfig4.putString("params.signingAlg", "-"); - defConfig4 - .putString( - "params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); + defConfig4.putString("params.signingAlg","-"); + defConfig4.putString("params.signingAlgsAllowed", + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); - IProfilePolicy policy5 = createProfilePolicy("set1", "p5", - "keyUsageExtDefaultImpl", "noConstraintImpl"); - IPolicyDefault def5 = policy5.getDefault(); - IConfigStore defConfig5 = def5.getConfigStore(); - defConfig5.putString("params.keyUsageCritical", "true"); - defConfig5.putString("params.keyUsageCrlSign", "false"); - defConfig5.putString("params.keyUsageDataEncipherment", "true"); - defConfig5.putString("params.keyUsageDecipherOnly", "false"); - defConfig5.putString("params.keyUsageDigitalSignature", "true"); - defConfig5.putString("params.keyUsageEncipherOnly", "false"); - defConfig5.putString("params.keyUsageKeyAgreement", "false"); - defConfig5.putString("params.keyUsageKeyCertSign", "false"); - defConfig5.putString("params.keyUsageKeyEncipherment", "true"); - defConfig5.putString("params.keyUsageNonRepudiation", "true"); - IPolicyConstraint con5 = policy5.getConstraint(); + IProfilePolicy policy5 = + createProfilePolicy("set1", "p5", + "keyUsageExtDefaultImpl", "noConstraintImpl"); + IPolicyDefault def5 = policy5.getDefault(); + IConfigStore defConfig5 = def5.getConfigStore(); + defConfig5.putString("params.keyUsageCritical","true"); + defConfig5.putString("params.keyUsageCrlSign","false"); + defConfig5.putString("params.keyUsageDataEncipherment","true"); + defConfig5.putString("params.keyUsageDecipherOnly","false"); + defConfig5.putString("params.keyUsageDigitalSignature","true"); + defConfig5.putString("params.keyUsageEncipherOnly","false"); + defConfig5.putString("params.keyUsageKeyAgreement","false"); + defConfig5.putString("params.keyUsageKeyCertSign","false"); + defConfig5.putString("params.keyUsageKeyEncipherment","true"); + defConfig5.putString("params.keyUsageNonRepudiation","true"); + IPolicyConstraint con5 = policy5.getConstraint(); IConfigStore conConfig5 = con5.getConfigStore(); } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java index 833f0f109..7d4254bff 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; + import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; @@ -27,89 +28,94 @@ import com.netscape.certsrv.profile.IProfileInput; import com.netscape.certsrv.profile.IProfileOutput; import com.netscape.certsrv.profile.IProfilePolicy; + /** - * This class implements a Certificate Manager enrollment profile for User - * Certificates. - * + * This class implements a Certificate Manager enrollment + * profile for User Certificates. + * * @version $Revision$, $Date$ */ -public class UserCertCAEnrollProfile extends CAEnrollProfile implements - IProfileEx { +public class UserCertCAEnrollProfile extends CAEnrollProfile + implements IProfileEx { /** - * Called after initialization. It populates default policies, inputs, and - * outputs. + * Called after initialization. It populates default + * policies, inputs, and outputs. */ - public void populate() throws EBaseException { + public void populate() throws EBaseException + { // create inputs NameValuePairs inputParams1 = new NameValuePairs(); - IProfileInput input1 = createProfileInput("i1", "keyGenInputImpl", - inputParams1); + IProfileInput input1 = + createProfileInput("i1", "keyGenInputImpl", inputParams1); NameValuePairs inputParams2 = new NameValuePairs(); - IProfileInput input2 = createProfileInput("i2", "subjectNameInputImpl", - inputParams2); + IProfileInput input2 = + createProfileInput("i2", "subjectNameInputImpl", inputParams2); NameValuePairs inputParams3 = new NameValuePairs(); - IProfileInput input3 = createProfileInput("i3", - "submitterInfoInputImpl", inputParams2); + IProfileInput input3 = + createProfileInput("i3", "submitterInfoInputImpl", inputParams2); // create outputs NameValuePairs outputParams1 = new NameValuePairs(); - IProfileOutput output1 = createProfileOutput("o1", "certOutputImpl", - outputParams1); + IProfileOutput output1 = + createProfileOutput("o1", "certOutputImpl", outputParams1); // create policies - IProfilePolicy policy1 = createProfilePolicy("set1", "p1", - "userSubjectNameDefaultImpl", "noConstraintImpl"); - IPolicyDefault def1 = policy1.getDefault(); - IConfigStore defConfig1 = def1.getConfigStore(); - IPolicyConstraint con1 = policy1.getConstraint(); + IProfilePolicy policy1 = + createProfilePolicy("set1", "p1", + "userSubjectNameDefaultImpl", "noConstraintImpl"); + IPolicyDefault def1 = policy1.getDefault(); + IConfigStore defConfig1 = def1.getConfigStore(); + IPolicyConstraint con1 = policy1.getConstraint(); IConfigStore conConfig1 = con1.getConfigStore(); - IProfilePolicy policy2 = createProfilePolicy("set1", "p2", - "validityDefaultImpl", "noConstraintImpl"); - IPolicyDefault def2 = policy2.getDefault(); - IConfigStore defConfig2 = def2.getConfigStore(); - defConfig2.putString("params.range", "180"); - defConfig2.putString("params.startTime", "0"); - IPolicyConstraint con2 = policy2.getConstraint(); + IProfilePolicy policy2 = + createProfilePolicy("set1", "p2", + "validityDefaultImpl", "noConstraintImpl"); + IPolicyDefault def2 = policy2.getDefault(); + IConfigStore defConfig2 = def2.getConfigStore(); + defConfig2.putString("params.range","180"); + defConfig2.putString("params.startTime","0"); + IPolicyConstraint con2 = policy2.getConstraint(); IConfigStore conConfig2 = con2.getConfigStore(); - IProfilePolicy policy3 = createProfilePolicy("set1", "p3", - "userKeyDefaultImpl", "noConstraintImpl"); - IPolicyDefault def3 = policy3.getDefault(); - IConfigStore defConfig3 = def3.getConfigStore(); - defConfig3.putString("params.keyType", "RSA"); - defConfig3.putString("params.keyMinLength", "512"); - defConfig3.putString("params.keyMaxLength", "4096"); - IPolicyConstraint con3 = policy3.getConstraint(); + IProfilePolicy policy3 = + createProfilePolicy("set1", "p3", + "userKeyDefaultImpl", "noConstraintImpl"); + IPolicyDefault def3 = policy3.getDefault(); + IConfigStore defConfig3 = def3.getConfigStore(); + defConfig3.putString("params.keyType","RSA"); + defConfig3.putString("params.keyMinLength","512"); + defConfig3.putString("params.keyMaxLength","4096"); + IPolicyConstraint con3 = policy3.getConstraint(); IConfigStore conConfig3 = con3.getConfigStore(); - IProfilePolicy policy4 = createProfilePolicy("set1", "p4", - "signingAlgDefaultImpl", "noConstraintImpl"); - IPolicyDefault def4 = policy4.getDefault(); - IConfigStore defConfig4 = def4.getConfigStore(); - defConfig4.putString("params.signingAlg", "-"); - defConfig4 - .putString( - "params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); - IPolicyConstraint con4 = policy4.getConstraint(); + IProfilePolicy policy4 = + createProfilePolicy("set1", "p4", + "signingAlgDefaultImpl", "noConstraintImpl"); + IPolicyDefault def4 = policy4.getDefault(); + IConfigStore defConfig4 = def4.getConfigStore(); + defConfig4.putString("params.signingAlg","-"); + defConfig4.putString("params.signingAlgsAllowed", + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); + IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); - IProfilePolicy policy5 = createProfilePolicy("set1", "p5", - "keyUsageExtDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy5 = + createProfilePolicy("set1", "p5", + "keyUsageExtDefaultImpl", "noConstraintImpl"); IPolicyDefault def5 = policy5.getDefault(); IConfigStore defConfig5 = def5.getConfigStore(); - defConfig5.putString("params.keyUsageCritical", "true"); - defConfig5.putString("params.keyUsageCrlSign", "false"); - defConfig5.putString("params.keyUsageDataEncipherment", "false"); - defConfig5.putString("params.keyUsageDecipherOnly", "false"); - defConfig5.putString("params.keyUsageDigitalSignature", "true"); - defConfig5.putString("params.keyUsageEncipherOnly", "false"); - defConfig5.putString("params.keyUsageKeyAgreement", "false"); - defConfig5.putString("params.keyUsageKeyCertSign", "false"); - defConfig5.putString("params.keyUsageKeyEncipherment", "true"); - defConfig5.putString("params.keyUsageNonRepudiation", "true"); + defConfig5.putString("params.keyUsageCritical","true"); + defConfig5.putString("params.keyUsageCrlSign","false"); + defConfig5.putString("params.keyUsageDataEncipherment","false"); + defConfig5.putString("params.keyUsageDecipherOnly","false"); + defConfig5.putString("params.keyUsageDigitalSignature","true"); + defConfig5.putString("params.keyUsageEncipherOnly","false"); + defConfig5.putString("params.keyUsageKeyAgreement","false"); + defConfig5.putString("params.keyUsageKeyCertSign","false"); + defConfig5.putString("params.keyUsageKeyEncipherment","true"); + defConfig5.putString("params.keyUsageNonRepudiation","true"); IPolicyConstraint con5 = policy5.getConstraint(); IConfigStore conConfig5 = con5.getConfigStore(); } |