summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/connector
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2012-01-11 12:57:53 -0500
committerAde Lee <alee@redhat.com>2012-01-11 13:49:04 -0500
commit10cfe7756e967ac91c66d33b392aeab9cf3780fb (patch)
treed5ac9b58442265d2ce5ef60e31f041ddacba1b4f /pki/base/common/src/com/netscape/cms/servlet/connector
parentedcb24f65cc3700e75d0a1d14dc2483f210b0ee4 (diff)
downloadpki-10cfe7756e967ac91c66d33b392aeab9cf3780fb.tar.gz
pki-10cfe7756e967ac91c66d33b392aeab9cf3780fb.tar.xz
pki-10cfe7756e967ac91c66d33b392aeab9cf3780fb.zip
Formatting (no line wrap in comments or code)
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/connector')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java123
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java475
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java104
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java115
4 files changed, 400 insertions, 417 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
index b3809579a..7defeeac9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.connector;
-
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
@@ -58,12 +57,11 @@ import com.netscape.certsrv.request.RequestStatus;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
* Clone servlet - part of the Clone Authority (CLA)
* processes Revoked certs from its dependant clone CAs
- * service request and return status.
- *
+ * service request and return status.
+ *
* @version $Revision$, $Date$
*/
public class CloneServlet extends CMSServlet {
@@ -94,8 +92,8 @@ public class CloneServlet extends CMSServlet {
mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
}
- public void service(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException, IOException {
+ public void service(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException {
boolean running_state = CMS.isInRunningState();
if (!running_state)
@@ -134,10 +132,10 @@ public class CloneServlet extends CMSServlet {
// ssl client auth for client auth to work.
// get request method
- method = req.getMethod();
+ method = req.getMethod();
// get content length
- len = req.getContentLength();
+ len = req.getContentLength();
// get content, a base 64 encoded serialized request.
if (len > 0) {
@@ -166,9 +164,9 @@ public class CloneServlet extends CMSServlet {
try {
peerCert = getPeerCert(req);
- }catch (EBaseException e) {
- mAuthority.log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
+ } catch (EBaseException e) {
+ mAuthority.log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
@@ -203,8 +201,8 @@ public class CloneServlet extends CMSServlet {
return;
}
- mAuthority.log(ILogger.LL_INFO,
- "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN());
+ mAuthority.log(ILogger.LL_INFO,
+ "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN());
// authorize, any authenticated user are authorized
AuthzToken authzToken = null;
@@ -243,13 +241,13 @@ public class CloneServlet extends CMSServlet {
replymsg = processRequest(CCA_Id, CCAUserId, msg, token);
} catch (IOException e) {
e.printStackTrace();
- mAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+ mAuthority.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
} catch (EBaseException e) {
- mAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+ mAuthority.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
}
@@ -273,8 +271,8 @@ public class CloneServlet extends CMSServlet {
//cfu ++change this to just check the subject and signer
protected IAuthToken authenticate(
- X509Certificate peerCert)
- throws EBaseException {
+ X509Certificate peerCert)
+ throws EBaseException {
try {
// XXX using agent authentication now since we're only
// verifying that the cert belongs to a user in the db.
@@ -285,32 +283,32 @@ public class CloneServlet extends CMSServlet {
AuthCredentials creds = new AuthCredentials();
- creds.set(IAuthManager.CRED_SSL_CLIENT_CERT,
- new X509Certificate[] {cert}
- );
+ creds.set(IAuthManager.CRED_SSL_CLIENT_CERT,
+ new X509Certificate[] { cert }
+ );
- IAuthToken token = mAuthSubsystem.authenticate(creds,
+ IAuthToken token = mAuthSubsystem.authenticate(creds,
IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
return token;
} catch (CertificateException e) {
- mAuthority.log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
+ mAuthority.log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
} catch (EInvalidCredentials e) {
- mAuthority.log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
+ mAuthority.log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
throw e;
} catch (EBaseException e) {
- mAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
+ mAuthority.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
throw e;
}
}
protected IPKIMessage processRequest(
- String source, String sourceUserId, IPKIMessage msg, IAuthToken token)
- throws EBaseException {
+ String source, String sourceUserId, IPKIMessage msg, IAuthToken token)
+ throws EBaseException {
IPKIMessage replymsg = null;
IRequest r = null;
IRequestQueue queue = mAuthority.getRequestQueue();
@@ -331,8 +329,8 @@ public class CloneServlet extends CMSServlet {
mAuthority.log(ILogger.LL_FAILURE, errormsg);
throw new EBaseException(errormsg);
} else {
- mAuthority.log(ILogger.LL_INFO,
- "Found request " + thisreqid + " for " + srcid);
+ mAuthority.log(ILogger.LL_INFO,
+ "Found request " + thisreqid + " for " + srcid);
replymsg = CMS.getHttpPKIMessage();
replymsg.fromRequest(thisreq);
return replymsg;
@@ -348,7 +346,7 @@ public class CloneServlet extends CMSServlet {
// setting requestor type must come after copy contents. because
// requestor is a regular attribute.
thisreq.setExtData(IRequest.REQUESTOR_TYPE,
- IRequest.REQUESTOR_RA);
+ IRequest.REQUESTOR_RA);
mAuthority.log(ILogger.LL_INFO, "Processing remote request " + srcid);
// Set this so that request's updateBy is recorded
@@ -365,14 +363,14 @@ public class CloneServlet extends CMSServlet {
//for audit log
String agentID = sourceUserId;
String initiative = AuditFormat.FROMRA + " trustedManagerID: " +
- agentID + " remote reqID " + msg.getReqId();
+ agentID + " remote reqID " + msg.getReqId();
String authMgr = AuditFormat.NOAUTH;
if (token != null) {
- authMgr =
+ authMgr =
token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
}
-
+
// Get the certificate info from the request
X509CertInfo certInfo[] = thisreq.getExtDataInCertInfoArray(IRequest.CERT_INFO);
@@ -380,36 +378,35 @@ public class CloneServlet extends CMSServlet {
if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) {
if (certInfo != null) {
for (int i = 0; i < certInfo.length; i++) {
- mLogger.log(ILogger.EV_AUDIT,
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ thisreq.getRequestType(),
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ thisreq.getRequestStatus(),
+ certInfo[i].get(X509CertInfo.SUBJECT),
+ "" }
+ );
+ }
+ } else {
+ mLogger.log(ILogger.EV_AUDIT,
ILogger.S_OTHER,
AuditFormat.LEVEL,
- AuditFormat.FORMAT,
+ AuditFormat.NODNFORMAT,
new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- thisreq.getRequestStatus(),
- certInfo[i].get(X509CertInfo.SUBJECT),
- ""}
- );
- }
- } else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- thisreq.getRequestStatus()}
- );
+ thisreq.getRequestType(),
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ thisreq.getRequestStatus() }
+ );
}
} else {
- if
- (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) {
+ if (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) {
Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
if (result.equals(IRequest.RES_ERROR)) {
@@ -578,7 +575,7 @@ public class CloneServlet extends CMSServlet {
}
protected X509Certificate
- getPeerCert(HttpServletRequest req) throws EBaseException {
+ getPeerCert(HttpServletRequest req) throws EBaseException {
return getSSLClientCertificate(req);
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
index ad48d18d9..25589abce 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
@@ -72,12 +72,11 @@ import com.netscape.certsrv.request.RequestStatus;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
* Connector servlet
* process requests from remote authority -
- * service request or return status.
- *
+ * service request or return status.
+ *
* @version $Revision$, $Date$
*/
public class ConnectorServlet extends CMSServlet {
@@ -96,13 +95,13 @@ public class ConnectorServlet extends CMSServlet {
protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
private final static String SIGNED_AUDIT_PROTECTION_METHOD_SSL = "ssl";
private final static String SIGNED_AUDIT_PROTECTION_METHOD_UNKNOWN =
- "unknown";
+ "unknown";
private final static String LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS =
- "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5";
+ "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5";
private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST =
- "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5";
+ "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5";
private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+ "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
private final static byte EOL[] = { Character.LINE_SEPARATOR };
@@ -118,13 +117,13 @@ public class ConnectorServlet extends CMSServlet {
mAuthority = (IAuthority)
CMS.getSubsystem(authority);
mReqEncoder = CMS.getHttpRequestEncoder();
-
+
mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
}
- public void service(HttpServletRequest request,
- HttpServletResponse response)
- throws ServletException, IOException {
+ public void service(HttpServletRequest request,
+ HttpServletResponse response)
+ throws ServletException, IOException {
boolean running_state = CMS.isInRunningState();
@@ -167,10 +166,10 @@ public class ConnectorServlet extends CMSServlet {
// ssl client auth for client auth to work.
// get request method
- method = req.getMethod();
+ method = req.getMethod();
// get content length
- len = request.getContentLength();
+ len = request.getContentLength();
// get content, a base 64 encoded serialized request.
if (len > 0) {
@@ -198,9 +197,9 @@ public class ConnectorServlet extends CMSServlet {
try {
peerCert = getPeerCert(req);
- }catch (EBaseException e) {
- mAuthority.log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
+ } catch (EBaseException e) {
+ mAuthority.log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
@@ -231,8 +230,8 @@ public class ConnectorServlet extends CMSServlet {
return;
}
- mAuthority.log(ILogger.LL_INFO,
- "Remote Authority authenticated: " + peerCert.getSubjectDN());
+ mAuthority.log(ILogger.LL_INFO,
+ "Remote Authority authenticated: " + peerCert.getSubjectDN());
// authorize
AuthzToken authzToken = null;
@@ -270,15 +269,15 @@ public class ConnectorServlet extends CMSServlet {
} catch (IOException e) {
CMS.debug("ConnectorServlet: service " + e.toString());
CMS.debug(e);
- mAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+ mAuthority.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
} catch (EBaseException e) {
CMS.debug("ConnectorServlet: service " + e.toString());
CMS.debug(e);
- mAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+ mAuthority.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
} catch (Exception e) {
@@ -328,8 +327,8 @@ public class ConnectorServlet extends CMSServlet {
try {
info = request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
- // request.set(IEnrollProfile.REQUEST_SEQ_NUM, new Integer("0"));
- CertificateX509Key certKey = (CertificateX509Key)info.get(X509CertInfo.KEY);
+ // request.set(IEnrollProfile.REQUEST_SEQ_NUM, new Integer("0"));
+ CertificateX509Key certKey = (CertificateX509Key) info.get(X509CertInfo.KEY);
if (certKey != null) {
byteStream = new ByteArrayOutputStream();
certKey.encode(byteStream);
@@ -369,13 +368,13 @@ public class ConnectorServlet extends CMSServlet {
certAlgOut.toByteArray());
}
} catch (Exception e) {
- CMS.debug("ConnectorServlet: profile normalization " +
- e.toString());
+ CMS.debug("ConnectorServlet: profile normalization " +
+ e.toString());
}
String profileId = request.getExtDataInString("profileId");
IProfileSubsystem ps = (IProfileSubsystem)
- CMS.getSubsystem("profile");
+ CMS.getSubsystem("profile");
IEnrollProfile profile = null;
// profile subsystem may not be available. In case of KRA for
@@ -399,24 +398,19 @@ public class ConnectorServlet extends CMSServlet {
/**
* Process request
* <P>
- *
- * (Certificate Request - all "agent" profile cert requests made through a
- * connector)
+ *
+ * (Certificate Request - all "agent" profile cert requests made through a connector)
* <P>
- *
- * (Certificate Request Processed - all automated "agent" profile based
- * cert acceptance made through a connector)
+ *
+ * (Certificate Request Processed - all automated "agent" profile based cert acceptance made through a connector)
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a
- * profile cert request is made (before approval process)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
- * certificate request has just been through the approval process
- * <li>signed.audit LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS used when
- * inter-CIMC_Boundary data transfer is successful (this is used when data
- * does not need to be captured)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a profile cert request is made (before approval process)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS used when inter-CIMC_Boundary data transfer is successful (this is used when data does not need to be captured)
* </ul>
+ *
* @param source string containing source
* @param sourceUserId string containing source user ID
* @param msg PKI message
@@ -425,8 +419,8 @@ public class ConnectorServlet extends CMSServlet {
* @return PKI message
*/
protected IPKIMessage processRequest(
- String source, String sourceUserId, IPKIMessage msg, IAuthToken token)
- throws EBaseException {
+ String source, String sourceUserId, IPKIMessage msg, IAuthToken token)
+ throws EBaseException {
String auditMessage = null;
String auditSubjectID = sourceUserId;
String auditProtectionMethod = SIGNED_AUDIT_PROTECTION_METHOD_SSL;
@@ -477,12 +471,12 @@ public class ConnectorServlet extends CMSServlet {
if (thisreq == null) {
// strange case.
String errormsg = "Cannot find request in request queue " +
- thisreqid;
+ thisreqid;
mAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage(
- "CMSGW_REQUEST_ID_NOT_FOUND_1",
- thisreqid.toString()));
+ CMS.getLogMessage(
+ "CMSGW_REQUEST_ID_NOT_FOUND_1",
+ thisreqid.toString()));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
@@ -501,8 +495,8 @@ public class ConnectorServlet extends CMSServlet {
throw new EBaseException(errormsg);
} else {
- mAuthority.log(ILogger.LL_INFO,
- "Found request " + thisreqid + " for " + srcid);
+ mAuthority.log(ILogger.LL_INFO,
+ "Found request " + thisreqid + " for " + srcid);
replymsg = CMS.getHttpPKIMessage();
replymsg.fromRequest(thisreq);
@@ -527,8 +521,8 @@ public class ConnectorServlet extends CMSServlet {
// if not found process request.
thisreq = queue.newRequest(msg.getReqType());
- CMS.debug("ConnectorServlet: created requestId=" +
- thisreq.getRequestId().toString());
+ CMS.debug("ConnectorServlet: created requestId=" +
+ thisreq.getRequestId().toString());
thisreq.setSourceId(srcid);
// NOTE: For the following signed audit message, since we only
@@ -537,23 +531,23 @@ public class ConnectorServlet extends CMSServlet {
// (which is the only exception designated by this method),
// then this code does NOT need to be contained within its
// own special try/catch block.
- msg.toRequest( thisreq );
+ msg.toRequest(thisreq);
- if( isProfileRequest( thisreq ) ) {
+ if (isProfileRequest(thisreq)) {
X509CertInfo info =
thisreq.getExtDataInCertInfo(
- IEnrollProfile.REQUEST_CERTINFO );
+ IEnrollProfile.REQUEST_CERTINFO);
try {
- CertificateSubjectName sn = ( CertificateSubjectName )
- info.get( X509CertInfo.SUBJECT );
+ CertificateSubjectName sn = (CertificateSubjectName)
+ info.get(X509CertInfo.SUBJECT);
// if the cert subject name is NOT MISSING, retrieve the
// actual "auditCertificateSubjectName" and "normalize"
// it
- if( sn != null ) {
+ if (sn != null) {
subject = sn.toString();
- if( subject != null ) {
+ if (subject != null) {
// NOTE: This is ok even if the cert subject
// name is "" (empty)!
auditCertificateSubjectName = subject.trim();
@@ -562,42 +556,42 @@ public class ConnectorServlet extends CMSServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditProfileID(),
- auditCertificateSubjectName );
+ LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditRequesterID,
+ auditProfileID(),
+ auditCertificateSubjectName);
- audit( auditMessage );
- } catch( CertificateException e ) {
- CMS.debug( "ConnectorServlet: processRequest "
- + e.toString() );
+ audit(auditMessage);
+ } catch (CertificateException e) {
+ CMS.debug("ConnectorServlet: processRequest "
+ + e.toString());
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditProfileID(),
- auditCertificateSubjectName );
+ LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditProfileID(),
+ auditCertificateSubjectName);
- audit( auditMessage );
- } catch( IOException e ) {
- CMS.debug( "ConnectorServlet: processRequest "
- + e.toString() );
+ audit(auditMessage);
+ } catch (IOException e) {
+ CMS.debug("ConnectorServlet: processRequest "
+ + e.toString());
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditProfileID(),
- auditCertificateSubjectName );
+ LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditProfileID(),
+ auditCertificateSubjectName);
- audit( auditMessage );
+ audit(auditMessage);
}
}
@@ -606,9 +600,9 @@ public class ConnectorServlet extends CMSServlet {
// setting requestor type must come after copy contents. because
// requestor is a regular attribute.
thisreq.setExtData(IRequest.REQUESTOR_TYPE,
- IRequest.REQUESTOR_RA);
+ IRequest.REQUESTOR_RA);
mAuthority.log(ILogger.LL_INFO, "Processing remote request " +
- srcid);
+ srcid);
// Set this so that request's updateBy is recorded
SessionContext s = SessionContext.getContext();
@@ -622,52 +616,52 @@ public class ConnectorServlet extends CMSServlet {
}
CMS.debug("ConnectorServlet: calling processRequest instance=" +
- thisreq);
+ thisreq);
if (isProfileRequest(thisreq)) {
normalizeProfileRequest(thisreq);
}
try {
- queue.processRequest( thisreq );
+ queue.processRequest(thisreq);
- if( isProfileRequest( thisreq ) ) {
+ if (isProfileRequest(thisreq)) {
// reset the "auditInfoCertValue"
- auditInfoCertValue = auditInfoCertValue( thisreq );
+ auditInfoCertValue = auditInfoCertValue(thisreq);
- if( auditInfoCertValue != null ) {
- if( !( auditInfoCertValue.equals(
- ILogger.SIGNED_AUDIT_EMPTY_VALUE ) ) ) {
+ if (auditInfoCertValue != null) {
+ if (!(auditInfoCertValue.equals(
+ ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_ACCEPTANCE,
- auditInfoCertValue );
-
- audit( auditMessage );
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditRequesterID,
+ ILogger.SIGNED_AUDIT_ACCEPTANCE,
+ auditInfoCertValue);
+
+ audit(auditMessage);
}
}
}
- } catch( EBaseException eAudit1 ) {
- if( isProfileRequest( thisreq ) ) {
+ } catch (EBaseException eAudit1) {
+ if (isProfileRequest(thisreq)) {
// reset the "auditInfoCertValue"
- auditInfoCertValue = auditInfoCertValue( thisreq );
+ auditInfoCertValue = auditInfoCertValue(thisreq);
- if( auditInfoCertValue != null ) {
- if( !( auditInfoCertValue.equals(
- ILogger.SIGNED_AUDIT_EMPTY_VALUE ) ) ) {
+ if (auditInfoCertValue != null) {
+ if (!(auditInfoCertValue.equals(
+ ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_ACCEPTANCE,
- auditInfoCertValue );
-
- audit( auditMessage );
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ ILogger.SIGNED_AUDIT_ACCEPTANCE,
+ auditInfoCertValue);
+
+ audit(auditMessage);
}
}
}
@@ -681,23 +675,23 @@ public class ConnectorServlet extends CMSServlet {
replymsg.fromRequest(thisreq);
CMS.debug("ConnectorServlet: replymsg.reqStatus=" +
- replymsg.getReqStatus());
+ replymsg.getReqStatus());
//for audit log
String agentID = sourceUserId;
String initiative = AuditFormat.FROMRA + " trustedManagerID: " +
- agentID + " remote reqID " + msg.getReqId();
+ agentID + " remote reqID " + msg.getReqId();
String authMgr = AuditFormat.NOAUTH;
if (token != null) {
- authMgr =
+ authMgr =
token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
}
if (isProfileRequest(thisreq)) {
// XXX audit log
- CMS.debug("ConnectorServlet: done requestId=" +
- thisreq.getRequestId().toString());
+ CMS.debug("ConnectorServlet: done requestId=" +
+ thisreq.getRequestId().toString());
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
@@ -724,32 +718,32 @@ public class ConnectorServlet extends CMSServlet {
if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) {
if (x509Info != null) {
for (int i = 0; i < x509Info.length; i++) {
- mLogger.log(ILogger.EV_AUDIT,
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ thisreq.getRequestType(),
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ thisreq.getRequestStatus(),
+ x509Info[i].get(X509CertInfo.SUBJECT),
+ "" }
+ );
+ }
+ } else {
+ mLogger.log(ILogger.EV_AUDIT,
ILogger.S_OTHER,
AuditFormat.LEVEL,
- AuditFormat.FORMAT,
+ AuditFormat.NODNFORMAT,
new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- thisreq.getRequestStatus(),
- x509Info[i].get(X509CertInfo.SUBJECT),
- ""}
- );
- }
- } else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- thisreq.getRequestStatus()}
- );
+ thisreq.getRequestType(),
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ thisreq.getRequestStatus() }
+ );
}
} else {
if (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) {
@@ -761,40 +755,40 @@ public class ConnectorServlet extends CMSServlet {
x509Certs =
thisreq.getExtDataInCertArray(IRequest.ISSUED_CERTS);
- // return potentially more than one certificates.
+ // return potentially more than one certificates.
if (x509Certs != null) {
for (int i = 0; i < x509Certs.length; i++) {
- mLogger.log(ILogger.EV_AUDIT,
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ thisreq.getRequestType(),
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ "completed",
+ x509Certs[i].getSubjectDN(),
+ "cert issued serial number: 0x" +
+ x509Certs[i].getSerialNumber().toString(16) }
+ );
+ }
+ } else {
+ mLogger.log(ILogger.EV_AUDIT,
ILogger.S_OTHER,
AuditFormat.LEVEL,
- AuditFormat.FORMAT,
+ AuditFormat.NODNFORMAT,
new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- "completed",
- x509Certs[i].getSubjectDN(),
- "cert issued serial number: 0x" +
- x509Certs[i].getSerialNumber().toString(16)}
- );
- }
- } else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- "completed"}
- );
+ thisreq.getRequestType(),
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ "completed" }
+ );
}
} else if (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) {
X509CertImpl[] certs =
- thisreq.getExtDataInCertArray(IRequest.OLD_CERTS);
+ thisreq.getExtDataInCertArray(IRequest.OLD_CERTS);
X509CertImpl old_cert = certs[0];
certs = thisreq.getExtDataInCertArray(IRequest.ISSUED_CERTS);
@@ -802,36 +796,36 @@ public class ConnectorServlet extends CMSServlet {
if (old_cert != null && renewed_cert != null) {
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.RENEWALFORMAT,
- new Object[] {
- thisreq.getRequestId(),
- initiative,
- authMgr,
- "completed",
- old_cert.getSubjectDN(),
- old_cert.getSerialNumber().toString(16),
- "new serial number: 0x" +
- renewed_cert.getSerialNumber().toString(16)}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.RENEWALFORMAT,
+ new Object[] {
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ "completed",
+ old_cert.getSubjectDN(),
+ old_cert.getSerialNumber().toString(16),
+ "new serial number: 0x" +
+ renewed_cert.getSerialNumber().toString(16) }
+ );
} else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- "completed with error"}
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.NODNFORMAT,
+ new Object[] {
+ thisreq.getRequestType(),
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ "completed with error" }
+ );
}
} else if (thisreq.getRequestType().equals(IRequest.REVOCATION_REQUEST)) {
Certificate[] oldCerts =
- thisreq.getExtDataInCertArray(IRequest.OLD_CERTS);
+ thisreq.getExtDataInCertArray(IRequest.OLD_CERTS);
RevokedCertImpl crlentries[] =
- thisreq.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS);
+ thisreq.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS);
CRLExtensions crlExts = crlentries[0].getExtensions();
int reason = 0;
@@ -853,7 +847,7 @@ public class ConnectorServlet extends CMSServlet {
if (result.equals(IRequest.RES_ERROR)) {
String[] svcErrors =
- thisreq.getExtDataInStringArray(IRequest.SVCERRORS);
+ thisreq.getExtDataInStringArray(IRequest.SVCERRORS);
if (svcErrors != null && svcErrors.length > 0) {
for (int i = 0; i < svcErrors.length; i++) {
@@ -866,18 +860,18 @@ public class ConnectorServlet extends CMSServlet {
X509CertImpl cert = (X509CertImpl) oldCerts[j];
mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- thisreq.getRequestId(),
- initiative,
- "completed with error: " +
- err,
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ thisreq.getRequestId(),
+ initiative,
+ "completed with error: " +
+ err,
+ cert.getSubjectDN(),
+ cert.getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString() }
+ );
}
}
}
@@ -892,32 +886,32 @@ public class ConnectorServlet extends CMSServlet {
X509CertImpl cert = (X509CertImpl) oldCerts[j];
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- thisreq.getRequestId(),
- initiative,
- "completed",
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ thisreq.getRequestId(),
+ initiative,
+ "completed",
+ cert.getSubjectDN(),
+ cert.getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString() }
+ );
}
}
}
}
} else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- "completed"}
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.NODNFORMAT,
+ new Object[] {
+ thisreq.getRequestType(),
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ "completed" }
+ );
}
}
@@ -1001,7 +995,7 @@ public class ConnectorServlet extends CMSServlet {
}
protected X509Certificate
- getPeerCert(HttpServletRequest req) throws EBaseException {
+ getPeerCert(HttpServletRequest req) throws EBaseException {
return getSSLClientCertificate(req);
}
@@ -1011,11 +1005,11 @@ public class ConnectorServlet extends CMSServlet {
/**
* Signed Audit Log
- *
+ *
* This method is inherited by all extended "CMSServlet"s,
* and is called to store messages to the signed audit log.
* <P>
- *
+ *
* @param msg signed audit log message
*/
protected void audit(String msg) {
@@ -1027,20 +1021,20 @@ public class ConnectorServlet extends CMSServlet {
}
mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
- null,
- ILogger.S_SIGNED_AUDIT,
- ILogger.LL_SECURITY,
- msg);
+ null,
+ ILogger.S_SIGNED_AUDIT,
+ ILogger.LL_SECURITY,
+ msg);
}
/**
* Signed Audit Log Profile ID
- *
+ *
* This method is inherited by all extended "EnrollProfile"s,
* and is called to obtain the "ProfileID" for
* a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message ProfileID
*/
protected String auditProfileID() {
@@ -1062,11 +1056,11 @@ public class ConnectorServlet extends CMSServlet {
/**
* Signed Audit Log Info Certificate Value
- *
+ *
* This method is called to obtain the certificate from the passed in
* "X509CertImpl" for a signed audit log message.
* <P>
- *
+ *
* @param request a Request containing an X509CertImpl
* @return cert string containing the certificate
*/
@@ -1122,4 +1116,3 @@ public class ConnectorServlet extends CMSServlet {
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
index 2a024c3ad..171aeb64c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
@@ -40,13 +40,11 @@ import com.netscape.certsrv.request.IRequestQueue;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
-
-
/**
* GenerateKeyPairServlet
- * handles "server-side key pair generation" requests from the
- * netkey RA.
- *
+ * handles "server-side key pair generation" requests from the
+ * netkey RA.
+ *
* @author Christina Fu (cfu)
* @version $Revision$, $Date$
*/
@@ -68,7 +66,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
/**
* Constructs GenerateKeyPair servlet.
- *
+ *
*/
public GenerateKeyPairServlet() {
super();
@@ -82,17 +80,17 @@ public class GenerateKeyPairServlet extends CMSServlet {
if (authority != null)
mAuthority = (IAuthority)
CMS.getSubsystem(authority);
-
+
mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
}
/**
* Returns serlvet information.
- *
+ *
* @return name of this servlet
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/*
@@ -109,8 +107,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
* * recovery blob (used for recovery)
*/
private void processServerSideKeyGen(HttpServletRequest req,
- HttpServletResponse resp) throws EBaseException
- {
+ HttpServletResponse resp) throws EBaseException {
IRequestQueue queue = mAuthority.getRequestQueue();
IRequest thisreq = null;
@@ -123,8 +120,8 @@ public class GenerateKeyPairServlet extends CMSServlet {
String rCUID = req.getParameter("CUID");
String rUserid = req.getParameter("userid");
String rdesKeyString = req.getParameter("drm_trans_desKey");
- String rArchive = req.getParameter("archive");
- String rKeysize = req.getParameter("keysize");
+ String rArchive = req.getParameter("archive");
+ String rKeysize = req.getParameter("keysize");
if ((rCUID == null) || (rCUID.equals(""))) {
CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: CUID");
@@ -136,19 +133,19 @@ public class GenerateKeyPairServlet extends CMSServlet {
missingParam = true;
}
- if ((rKeysize == null) || (rKeysize.equals(""))) {
- rKeysize = "1024"; // default to 1024
- }
+ if ((rKeysize == null) || (rKeysize.equals(""))) {
+ rKeysize = "1024"; // default to 1024
+ }
if ((rdesKeyString == null) ||
- (rdesKeyString.equals(""))) {
+ (rdesKeyString.equals(""))) {
CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: DRM-transportKey-wrapped DES key");
missingParam = true;
}
if ((rArchive == null) || (rArchive.equals(""))) {
CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing key archival flag 'archive' ,default to true");
- rArchive = "true";
+ rArchive = "true";
}
String selectedToken = null;
@@ -160,17 +157,17 @@ public class GenerateKeyPairServlet extends CMSServlet {
thisreq.setExtData(IRequest.NETKEY_ATTR_CUID, rCUID);
thisreq.setExtData(IRequest.NETKEY_ATTR_USERID, rUserid);
thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString);
- thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive);
- thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize);
+ thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive);
+ thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize);
- queue.processRequest( thisreq );
+ queue.processRequest(thisreq);
Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
if (result != null) {
- // sighs! tps thinks 0 is good, and DRM thinks 1 is good
- if (result.intValue() == 1)
- status = "0";
- else
- status = result.toString();
+ // sighs! tps thinks 0 is good, and DRM thinks 1 is good
+ if (result.intValue() == 1)
+ status = "0";
+ else
+ status = result.toString();
} else
status = "7";
@@ -184,40 +181,40 @@ public class GenerateKeyPairServlet extends CMSServlet {
String wrappedPrivKeyString = "";
String publicKeyString = "";
- if( thisreq == null ) {
- CMS.debug( "GenerateKeyPairServlet::processServerSideKeyGen() - "
- + "thisreq is null!" );
- throw new EBaseException( "thisreq is null" );
+ if (thisreq == null) {
+ CMS.debug("GenerateKeyPairServlet::processServerSideKeyGen() - "
+ + "thisreq is null!");
+ throw new EBaseException("thisreq is null");
}
publicKeyString = thisreq.getExtDataInString("public_key");
wrappedPrivKeyString = thisreq.getExtDataInString("wrappedUserPrivate");
- String ivString = thisreq.getExtDataInString("iv_s");
+ String ivString = thisreq.getExtDataInString("iv_s");
/*
if (selectedToken == null)
status = "4";
*/
- if (!status.equals("0"))
- value = "status="+status;
+ if (!status.equals("0"))
+ value = "status=" + status;
else {
StringBuffer sb = new StringBuffer();
sb.append("status=0&");
- sb.append("wrapped_priv_key=");
- sb.append(wrappedPrivKeyString);
- sb.append("&iv_param=");
- sb.append(ivString);
+ sb.append("wrapped_priv_key=");
+ sb.append(wrappedPrivKeyString);
+ sb.append("&iv_param=");
+ sb.append(ivString);
sb.append("&public_key=");
- sb.append(publicKeyString);
+ sb.append(publicKeyString);
value = sb.toString();
}
- CMS.debug("processServerSideKeyGen:outputString.encode " +value);
+ CMS.debug("processServerSideKeyGen:outputString.encode " + value);
- try{
+ try {
resp.setContentLength(value.length());
- CMS.debug("GenerateKeyPairServlet:outputString.length " +value.length());
+ CMS.debug("GenerateKeyPairServlet:outputString.length " + value.length());
OutputStream ooss = resp.getOutputStream();
ooss.write(value.getBytes());
ooss.flush();
@@ -227,7 +224,6 @@ public class GenerateKeyPairServlet extends CMSServlet {
}
}
-
/*
* For GenerateKeyPair:
@@ -258,7 +254,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
if (authzToken == null) {
- try{
+ try {
resp.setContentType("text/html");
String value = "unauthorized=";
CMS.debug("GenerateKeyPairServlet: Unauthorized");
@@ -268,7 +264,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
ooss.write(value.getBytes());
ooss.flush();
mRenderResult = false;
- }catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("GenerateKeyPairServlet: " + e.toString());
}
@@ -277,28 +273,28 @@ public class GenerateKeyPairServlet extends CMSServlet {
}
// begin Netkey serverSideKeyGen and archival
- CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called");
- processServerSideKeyGen(req, resp);
- return;
+ CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called");
+ processServerSideKeyGen(req, resp);
+ return;
// end Netkey functions
}
- /** XXX remember tocheck peer SSL cert and get RA id later
- *
+ /**
+ * XXX remember tocheck peer SSL cert and get RA id later
+ *
* Serves HTTP admin request.
- *
+ *
* @param req HTTP request
* @param resp HTTP response
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
String scope = req.getParameter(Constants.OP_SCOPE);
String op = req.getParameter(Constants.OP_TYPE);
- super.service(req, resp);
+ super.service(req, resp);
-
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java
index fa454bd6e..dfceddd96 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java
@@ -39,12 +39,11 @@ import com.netscape.certsrv.request.IRequestQueue;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
* TokenKeyRecoveryServlet
- * handles "key recovery service" requests from the
+ * handles "key recovery service" requests from the
* netkey TPS
- *
+ *
* @author Christina Fu (cfu)
* @version $Revision$, $Date$
*/
@@ -65,7 +64,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
/**
* Constructs TokenKeyRecovery servlet.
- *
+ *
*/
public TokenKeyRecoveryServlet() {
super();
@@ -79,25 +78,25 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
if (authority != null)
mAuthority = (IAuthority)
CMS.getSubsystem(authority);
-
+
mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
}
/**
* Returns serlvet information.
- *
+ *
* @return name of this servlet
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
- /**
+ /**
* Process the HTTP request.
- *
+ *
* @param s The URL to decode
*/
- protected String URLdecode(String s) {
+ protected String URLdecode(String s) {
if (s == null)
return null;
ByteArrayOutputStream out = new ByteArrayOutputStream(s.length());
@@ -117,7 +116,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
}
} // end for
return out.toString();
- }
+ }
/*
* processTokenKeyRecovery
@@ -144,12 +143,11 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
* desKey-wrapped-userPrivateKey=value2
*/
private void processTokenKeyRecovery(HttpServletRequest req,
- HttpServletResponse resp) throws EBaseException
- {
+ HttpServletResponse resp) throws EBaseException {
IRequestQueue queue = mAuthority.getRequestQueue();
IRequest thisreq = null;
-
- // IConfigStore sconfig = CMS.getConfigStore();
+
+ // IConfigStore sconfig = CMS.getConfigStore();
boolean missingParam = false;
String status = "0";
@@ -158,7 +156,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
String rCUID = req.getParameter("CUID");
String rUserid = req.getParameter("userid");
String rdesKeyString = req.getParameter("drm_trans_desKey");
- String rCert = req.getParameter("cert");
+ String rCert = req.getParameter("cert");
if ((rCUID == null) || (rCUID.equals(""))) {
CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: CUID");
@@ -171,7 +169,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
}
if ((rdesKeyString == null) ||
- (rdesKeyString.equals(""))) {
+ (rdesKeyString.equals(""))) {
CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: DRM-transportKey-wrapped des key");
missingParam = true;
}
@@ -192,18 +190,18 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString);
thisreq.setExtData(IRequest.NETKEY_ATTR_USER_CERT, rCert);
- //XXX auto process for netkey
- queue.processRequest( thisreq );
- // IService svc = (IService) new TokenKeyRecoveryService(kra);
- // svc.serviceRequest(thisreq);
+ //XXX auto process for netkey
+ queue.processRequest(thisreq);
+ // IService svc = (IService) new TokenKeyRecoveryService(kra);
+ // svc.serviceRequest(thisreq);
Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
if (result != null) {
- // sighs! tps thinks 0 is good, and drm thinks 1 is good
- if (result.intValue() == 1)
- status ="0";
- else
- status = result.toString();
+ // sighs! tps thinks 0 is good, and drm thinks 1 is good
+ if (result.intValue() == 1)
+ status = "0";
+ else
+ status = result.toString();
} else
status = "7";
@@ -218,25 +216,25 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
String wrappedPrivKeyString = "";
String publicKeyString = "";
String ivString = "";
- /* if is RECOVERY_PROTOTYPE
- String recoveryBlobString = "";
+ /* if is RECOVERY_PROTOTYPE
+ String recoveryBlobString = "";
- IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord");
- byte publicKey_b[] = kr.getPublicKeyData();
+ IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord");
+ byte publicKey_b[] = kr.getPublicKeyData();
- BigInteger serialNo = kr.getSerialNumber();
+ BigInteger serialNo = kr.getSerialNumber();
- String serialNumberString =
- com.netscape.cmsutil.util.Utils.SpecialEncode(serialNo.toByteArray());
+ String serialNumberString =
+ com.netscape.cmsutil.util.Utils.SpecialEncode(serialNo.toByteArray());
- recoveryBlobString = (String)
- thisreq.get("recoveryBlob");
- */
+ recoveryBlobString = (String)
+ thisreq.get("recoveryBlob");
+ */
- if( thisreq == null ) {
- CMS.debug( "TokenKeyRecoveryServlet::processTokenKeyRecovery() - "
- + "thisreq is null!" );
- throw new EBaseException( "thisreq is null" );
+ if (thisreq == null) {
+ CMS.debug("TokenKeyRecoveryServlet::processTokenKeyRecovery() - "
+ + "thisreq is null!");
+ throw new EBaseException("thisreq is null");
}
publicKeyString = thisreq.getExtDataInString("public_key");
@@ -247,8 +245,8 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
if (selectedToken == null)
status = "4";
*/
- if (!status.equals("0"))
- value = "status="+status;
+ if (!status.equals("0"))
+ value = "status=" + status;
else {
StringBuffer sb = new StringBuffer();
sb.append("status=0&");
@@ -259,13 +257,13 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
sb.append("&iv_param=");
sb.append(ivString);
value = sb.toString();
-
+
}
- CMS.debug("ProcessTokenKeyRecovery:outputString.encode " +value);
+ CMS.debug("ProcessTokenKeyRecovery:outputString.encode " + value);
- try{
+ try {
resp.setContentLength(value.length());
- CMS.debug("TokenKeyRecoveryServlet:outputString.length " +value.length());
+ CMS.debug("TokenKeyRecoveryServlet:outputString.length " + value.length());
OutputStream ooss = resp.getOutputStream();
ooss.write(value.getBytes());
ooss.flush();
@@ -275,7 +273,6 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
}
}
-
/*
* For TokenKeyRecovery
*
@@ -305,7 +302,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
if (authzToken == null) {
- try{
+ try {
resp.setContentType("text/html");
String value = "unauthorized=";
CMS.debug("TokenKeyRecoveryServlet: Unauthorized");
@@ -315,7 +312,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
ooss.write(value.getBytes());
ooss.flush();
mRenderResult = false;
- }catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("TokenKeyRecoveryServlet: " + e.toString());
}
@@ -324,28 +321,28 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
}
// begin Netkey serverSideKeyGen and archival
- CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called");
- processTokenKeyRecovery(req, resp);
- return;
+ CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called");
+ processTokenKeyRecovery(req, resp);
+ return;
// end Netkey functions
}
- /** XXX remember to check peer SSL cert and get RA id later
- *
+ /**
+ * XXX remember to check peer SSL cert and get RA id later
+ *
* Serves HTTP admin request.
- *
+ *
* @param req HTTP request
* @param resp HTTP response
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
String scope = req.getParameter(Constants.OP_SCOPE);
String op = req.getParameter(Constants.OP_TYPE);
- super.service(req, resp);
+ super.service(req, resp);
-
}
}
generated by cgit (git 2.34.1) at 2024-06-16 03:41:36 +0000