Revert "Formatting"

This reverts commit 32150d3ee32f8ac27118af7c792794b538c78a2f.

1 files changed, 197 insertions, 174 deletions

diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java
index f02a5c7c8..b47e2230d 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java
@@ -17,6 +17,7 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
+
 import java.util.Enumeration;
 import java.util.Locale;
 
@@ -42,52 +43,57 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.def.NoDefault;
 
 /**
- * This constraint is to check for publickey uniqueness. The config param
- * "allowSameKeyRenewal" enables the situation where if the publickey is not
- * unique, and if the subject DN is the same, that is a "renewal".
- * 
- * Another "feature" that is quoted out of this code is the "revokeDupKeyCert"
- * option, which enables the revocation of certs that bear the same publickey as
- * the enrolling request. Since this can potentially be abused, it is taken out
- * and preserved in comments to allow future refinement.
- * 
+ * This constraint is to check for publickey uniqueness.
+ * The config param "allowSameKeyRenewal" enables the
+ * situation where if the publickey is not unique, and if
+ * the subject DN is the same, that is a "renewal".
+ *
+ * Another "feature" that is quoted out of this code is the
+ * "revokeDupKeyCert" option, which enables the revocation
+ * of certs that bear the same publickey as the enrolling
+ * request.  Since this can potentially be abused, it is taken
+ * out and preserved in comments to allow future refinement.
+ *
  * @version $Revision$, $Date$
  */
 public class UniqueKeyConstraint extends EnrollConstraint {
-    /*
-     * public static final String CONFIG_REVOKE_DUPKEY_CERT =
-     * "revokeDupKeyCert"; boolean mRevokeDupKeyCert = false;
-     */
-    public static final String CONFIG_ALLOW_SAME_KEY_RENEWAL = "allowSameKeyRenewal";
-    boolean mAllowSameKeyRenewal = false;
+	/*
+	public static final String CONFIG_REVOKE_DUPKEY_CERT =
+		"revokeDupKeyCert";
+	boolean mRevokeDupKeyCert = false;
+	*/
+	public static final String CONFIG_ALLOW_SAME_KEY_RENEWAL =
+		"allowSameKeyRenewal";
+	boolean mAllowSameKeyRenewal = false;
     public ICertificateAuthority mCA = null;
 
-    public UniqueKeyConstraint() {
-        super();
-        /*
-         * addConfigName(CONFIG_REVOKE_DUPKEY_CERT);
-         */
-        addConfigName(CONFIG_ALLOW_SAME_KEY_RENEWAL);
-    }
+	public UniqueKeyConstraint() {
+		super();
+		/*
+		addConfigName(CONFIG_REVOKE_DUPKEY_CERT);
+		*/
+		addConfigName(CONFIG_ALLOW_SAME_KEY_RENEWAL);
+	}
 
-    public void init(IProfile profile, IConfigStore config)
-            throws EProfileException {
+	public void init(IProfile profile, IConfigStore config)
+        throws EProfileException {
         super.init(profile, config);
-        mCA = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+        mCA = (ICertificateAuthority)
+			CMS.getSubsystem(CMS.SUBSYSTEM_CA);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) {
-        /*
-         * if (name.equals(CONFIG_REVOKE_DUPKEY_CERT)) { return new
-         * Descriptor(IDescriptor.BOOLEAN, null, "false",
-         * CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_REVOKE_DUPKEY_CERT"));
-         * }
-         */
-        if (name.equals(CONFIG_ALLOW_SAME_KEY_RENEWAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, "false",
-                    CMS.getUserMessage(locale,
-                            "CMS_PROFILE_CONFIG_ALLOW_SAME_KEY_RENEWAL"));
-        }
+    public IDescriptor getConfigDescriptor(Locale locale, String name)
+	{
+		/*
+		if (name.equals(CONFIG_REVOKE_DUPKEY_CERT)) {
+			return new Descriptor(IDescriptor.BOOLEAN, null, "false",
+				  CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_REVOKE_DUPKEY_CERT"));
+		}
+		*/
+		if (name.equals(CONFIG_ALLOW_SAME_KEY_RENEWAL)) {
+			return new Descriptor(IDescriptor.BOOLEAN, null, "false",
+				  CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_ALLOW_SAME_KEY_RENEWAL"));
+		}
         return null;
     }
 
@@ -96,156 +102,173 @@ public class UniqueKeyConstraint extends EnrollConstraint {
     }
 
     /**
-     * Validates the request. The request is not modified during the validation.
+     * Validates the request. The request is not modified
+     * during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-            throws ERejectException {
-        boolean rejected = false;
-        int size = 0;
-        ICertRecordList list;
+        throws ERejectException { 
+		boolean rejected = false;
+		int size = 0;
+		ICertRecordList list;
 
-        /*
-         * mRevokeDupKeyCert = getConfigBoolean(CONFIG_REVOKE_DUPKEY_CERT);
-         */
-        mAllowSameKeyRenewal = getConfigBoolean(CONFIG_ALLOW_SAME_KEY_RENEWAL);
+		/*
+		mRevokeDupKeyCert =
+ getConfigBoolean(CONFIG_REVOKE_DUPKEY_CERT);
+		*/
+		mAllowSameKeyRenewal = getConfigBoolean(CONFIG_ALLOW_SAME_KEY_RENEWAL);
 
         try {
-            CertificateX509Key infokey = (CertificateX509Key) info
-                    .get(X509CertInfo.KEY);
-            X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY);
-
-            // check for key uniqueness
-            byte pub[] = key.getEncoded();
-            String pub_s = escapeBinaryData(pub);
-            String filter = "(" + ICertRecord.ATTR_X509CERT_PUBLIC_KEY_DATA
-                    + "=" + pub_s + ")";
-            list = (ICertRecordList) mCA.getCertificateRepository()
-                    .findCertRecordsInList(filter, null, 10);
-            size = list.getSize();
+            CertificateX509Key infokey = (CertificateX509Key)
+                info.get(X509CertInfo.KEY);
+            X509Key key = (X509Key)
+				infokey.get(CertificateX509Key.KEY);
+
+			// check for key uniqueness
+			byte pub[] = key.getEncoded();
+			String pub_s = escapeBinaryData(pub);
+			String filter = "(" + ICertRecord.ATTR_X509CERT_PUBLIC_KEY_DATA +"=" + pub_s + ")";
+			list =
+				(ICertRecordList)
+				mCA.getCertificateRepository().findCertRecordsInList(filter, null, 10);
+			size = list.getSize();
 
         } catch (Exception e) {
-            throw new ERejectException(CMS.getUserMessage(getLocale(request),
-                    "CMS_PROFILE_INTERNAL_ERROR", e.toString()));
-        }
+                throw new ERejectException(	
+                        CMS.getUserMessage(
+                            getLocale(request),
+                            "CMS_PROFILE_INTERNAL_ERROR",e.toString()));
+		}
 
-        /*
-         * It does not matter if the corresponding cert's status is valid or
-         * not, we don't want a key that was once generated before
-         */
-        if (size > 0) {
-            CMS.debug("UniqueKeyConstraint: found existing cert with duplicate key.");
-
-            /*
-             * The following code revokes the existing certs that have the same
-             * public key as the one submitted for enrollment request. However,
-             * it is not a good idea due to possible abuse. It is therefore
-             * commented out. It is still however still maintained for possible
-             * utilization at later time
-             * 
-             * // if configured to revoke duplicated key // revoke cert if
-             * (mRevokeDupKeyCert) { try { Enumeration e =
-             * list.getCertRecords(0, size-1); while (e != null &&
-             * e.hasMoreElements()) { ICertRecord rec = (ICertRecord)
-             * e.nextElement(); X509CertImpl cert = rec.getCertificate();
-             * 
-             * // revoke the cert BigInteger serialNum = cert.getSerialNumber();
-             * ICAService service = (ICAService) mCA.getCAService();
-             * 
-             * RevokedCertImpl crlEntry = formCRLEntry(serialNum,
-             * RevocationReason.KEY_COMPROMISE); service.revokeCert(crlEntry);
-             * CMS.debug(
-             * "UniqueKeyConstraint: certificate with duplicate publickey revoked successfully"
-             * ); } } catch (Exception ex) {
-             * CMS.debug("UniqueKeyConstraint: error in revoke dupkey cert"); }
-             * } // revoke dupkey cert turned on
-             */
-
-            if (mAllowSameKeyRenewal == true) {
-                X500Name sjname_in_db = null;
-                X500Name sjname_in_req = null;
-
-                try {
-                    // get subject of request
-                    CertificateSubjectName subName = (CertificateSubjectName) info
-                            .get(X509CertInfo.SUBJECT);
-
-                    if (subName != null) {
-
-                        sjname_in_req = (X500Name) subName
-                                .get(CertificateSubjectName.DN_NAME);
-                        CMS.debug("UniqueKeyConstraint: cert request subject DN ="
-                                + sjname_in_req.toString());
-                        Enumeration e = list.getCertRecords(0, size - 1);
-                        while (e != null && e.hasMoreElements()) {
-                            ICertRecord rec = (ICertRecord) e.nextElement();
-                            X509CertImpl cert = rec.getCertificate();
-                            String certDN = cert.getSubjectDN().toString();
-                            CMS.debug("UniqueKeyConstraint: cert retrieved from ldap has subject DN ="
-                                    + certDN);
-
-                            sjname_in_db = new X500Name(certDN);
-
-                            if (sjname_in_db.equals(sjname_in_req) == false) {
-                                rejected = true;
-                                break;
-                            } else {
-                                rejected = false;
-                            }
-                        } // while
-                    } else { // subName is null
-                        rejected = true;
-                    }
-                } catch (Exception ex1) {
-                    CMS.debug("UniqueKeyConstraint: error in allowSameKeyRenewal: "
-                            + ex1.toString());
-                    rejected = true;
-                } // try
-
-            } else {
-                rejected = true;
-            }// allowSameKeyRenewal
-        } // (size > 0)
-
-        if (rejected == true) {
-            CMS.debug("UniqueKeyConstraint: rejected");
-            throw new ERejectException(CMS.getUserMessage(getLocale(request),
-                    "CMS_PROFILE_DUPLICATE_KEY"));
-        } else {
-            CMS.debug("UniqueKeyConstraint: approved");
-        }
+		/*
+		 * It does not matter if the corresponding cert's status
+		 * is valid or not, we don't want a key that was once
+		 * generated before
+		 */
+		if (size > 0) {
+			CMS.debug("UniqueKeyConstraint: found existing cert with duplicate key.");
+
+		/*
+		    The following code revokes the existing certs that have
+			the same public key as the one submitted for enrollment
+			request.  However, it is not a good idea due to possible
+			abuse.  It is therefore commented out.  It is still
+			however still maintained for possible utilization at later
+			time
+
+			// if configured to revoke duplicated key
+			//    revoke cert
+			if (mRevokeDupKeyCert) {
+				try {
+					Enumeration e = list.getCertRecords(0, size-1);
+					while (e != null && e.hasMoreElements()) {
+						ICertRecord rec = (ICertRecord) e.nextElement();
+						X509CertImpl cert = rec.getCertificate();
+
+						// revoke the cert
+						BigInteger serialNum = cert.getSerialNumber();
+						ICAService service = (ICAService) mCA.getCAService();
+
+						RevokedCertImpl crlEntry = 
+							formCRLEntry(serialNum, RevocationReason.KEY_COMPROMISE);
+						service.revokeCert(crlEntry);
+						CMS.debug("UniqueKeyConstraint: certificate with duplicate publickey revoked successfully");
+					}
+				} catch (Exception ex) {
+					CMS.debug("UniqueKeyConstraint: error in revoke dupkey cert");
+				}
+			} // revoke dupkey cert turned on
+		*/
+
+			if (mAllowSameKeyRenewal == true) {
+				X500Name sjname_in_db = null;
+				X500Name sjname_in_req = null;
+
+				try {
+					// get subject of request
+					CertificateSubjectName subName = 
+						(CertificateSubjectName) info.get(X509CertInfo.SUBJECT);
+
+					if (subName != null) {
+
+						sjname_in_req =
+							(X500Name) subName.get(CertificateSubjectName.DN_NAME);
+						CMS.debug("UniqueKeyConstraint: cert request subject DN ="+ sjname_in_req.toString());
+						Enumeration e = list.getCertRecords(0, size-1);
+						while (e != null && e.hasMoreElements()) {
+							ICertRecord rec = (ICertRecord) e.nextElement();
+							X509CertImpl cert = rec.getCertificate();
+							String certDN =
+								cert.getSubjectDN().toString();
+						CMS.debug("UniqueKeyConstraint: cert retrieved from ldap has subject DN ="+ certDN);
+
+							sjname_in_db = new X500Name(certDN);
+
+							if (sjname_in_db.equals(sjname_in_req) == false) {
+								rejected = true;
+								break;
+							} else {
+								rejected = false;
+							}
+						} // while
+					} else { //subName is null
+						rejected = true;
+					}
+				} catch (Exception ex1) {
+					CMS.debug("UniqueKeyConstraint: error in allowSameKeyRenewal: "+ex1.toString());
+					rejected = true;
+				} // try
+
+			} else {
+				rejected = true;
+			}// allowSameKeyRenewal
+		} // (size > 0)
+
+		if (rejected == true) {
+			CMS.debug("UniqueKeyConstraint: rejected");
+			throw new ERejectException(	
+						   CMS.getUserMessage(
+						  getLocale(request),
+						  "CMS_PROFILE_DUPLICATE_KEY"));
+		} else {
+			CMS.debug("UniqueKeyConstraint: approved");
+		}
     }
 
-    /**
+   /**
      * make a CRL entry from a serial number and revocation reason.
-     * 
      * @return a RevokedCertImpl that can be entered in a CRL.
-     * 
-     *         protected RevokedCertImpl formCRLEntry( BigInteger serialNo,
-     *         RevocationReason reason) throws EBaseException {
-     *         CRLReasonExtension reasonExt = new CRLReasonExtension(reason);
-     *         CRLExtensions crlentryexts = new CRLExtensions();
-     * 
-     *         try { crlentryexts.set(CRLReasonExtension.NAME, reasonExt); }
-     *         catch (IOException e) {
-     *         CMS.debug("CMSGW_ERR_CRL_REASON "+e.toString());
-     * 
-     *         // throw new ECMSGWException( //
-     *         CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON"));
-     * 
-     *         } RevokedCertImpl crlentry = new RevokedCertImpl(serialNo,
-     *         CMS.getCurrentDate(), crlentryexts);
-     * 
-     *         return crlentry; }
-     */
+
+    protected RevokedCertImpl formCRLEntry(
+        BigInteger serialNo, RevocationReason reason)
+        throws EBaseException {
+        CRLReasonExtension reasonExt = new CRLReasonExtension(reason);
+        CRLExtensions crlentryexts = new CRLExtensions();
+
+        try {
+            crlentryexts.set(CRLReasonExtension.NAME, reasonExt);
+        } catch (IOException e) {
+                CMS.debug("CMSGW_ERR_CRL_REASON "+e.toString());
+
+				//            throw new ECMSGWException(
+				//  CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON"));
+
+        }
+        RevokedCertImpl crlentry =
+            new RevokedCertImpl(serialNo, CMS.getCurrentDate(),
+								crlentryexts);
+
+        return crlentry;
+    }
+   */
 
     public String getText(Locale locale) {
         String params[] = {
-        /*
-         * getConfig(CONFIG_REVOKE_DUPKEY_CERT),
-         */
-        };
+/*
+                getConfig(CONFIG_REVOKE_DUPKEY_CERT),
+*/
+             };
 
-        return CMS.getUserMessage(locale,
+        return CMS.getUserMessage(locale, 
                 "CMS_PROFILE_CONSTRAINT_ALLOW_SAME_KEY_RENEWAL_TEXT", params);
     }
 
@@ -262,12 +285,12 @@ public class UniqueKeyConstraint extends EnrollConstraint {
     }
 
     public boolean isApplicable(IPolicyDefault def) {
-        if (def instanceof NoDefault)
-            return true;
+		if (def instanceof NoDefault)
+			return true;
         if (def instanceof UniqueKeyConstraint)
             return true;
 
-        return false;
+		return false;
     }
 
 }