diff options
author | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
commit | 32150d3ee32f8ac27118af7c792794b538c78a2f (patch) | |
tree | 52dd96f664a6fa51be25b28b6f10adc5f2c9f660 /pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java | |
parent | f05d58a46795553beb8881039cc922974b40db34 (diff) | |
download | pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.gz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.xz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.zip |
Formatting
Formatted project according to eclipse project settings
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java | 494 |
1 files changed, 267 insertions, 227 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java index 0e6a507a2..a096963cb 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.security.KeyPair; import java.security.NoSuchAlgorithmException; @@ -54,13 +53,14 @@ public class SizePanel extends WizardPanelBase { private String default_rsa_key_size; private boolean mShowSigning = false; - public SizePanel() {} + public SizePanel() { + } /** * Initializes this panel. */ - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Key Pairs"); setId(id); @@ -69,25 +69,30 @@ public class SizePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - - Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, - "default,custom", null, /* no default parameter */ + + Descriptor choiceDesc = new Descriptor( + IDescriptor.CHOICE, + "default,custom", + null, /* no default parameter */ "If 'default', the key size will be configured automatically. If 'custom', the key size will be set to the value of the parameter 'custom_size'."); set.add("choice", choiceDesc); - - Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ - "Custom Key Size"); + + Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ + "Custom Key Size"); set.add("custom_size", customSizeDesc); - + return set; } public void cleanUp() throws IOException { IConfigStore cs = CMS.getConfigStore(); - /* clean up if necessary*/ + /* clean up if necessary */ try { boolean done = cs.getBoolean("preop.SizePanel.done"); cs.putBoolean("preop.SizePanel.done", false); @@ -105,7 +110,8 @@ public class SizePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -114,11 +120,10 @@ public class SizePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("SizePanel: display()"); try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } @@ -134,12 +139,14 @@ public class SizePanel extends WizardPanelBase { } try { - default_ecc_curve_name = config.getString("keys.ecc.curve.default", "nistp256"); + default_ecc_curve_name = config.getString("keys.ecc.curve.default", + "nistp256"); } catch (Exception e) { } try { - default_rsa_key_size = config.getString("keys.rsa.keysize.default", "2048"); + default_rsa_key_size = config.getString("keys.rsa.keysize.default", + "2048"); } catch (Exception e) { } @@ -152,12 +159,12 @@ public class SizePanel extends WizardPanelBase { while (st.hasMoreTokens()) { String certTag = st.nextToken(); - String nn = config.getString( - PCERT_PREFIX + certTag + ".nickname"); + String nn = config.getString(PCERT_PREFIX + certTag + + ".nickname"); Cert c = new Cert(token, nn, certTag); - String s = config.getString( - PCERT_PREFIX + certTag + ".keysize.select", "default"); + String s = config.getString(PCERT_PREFIX + certTag + + ".keysize.select", "default"); if (s.equals("default")) { c.setKeyOption("default"); @@ -166,26 +173,25 @@ public class SizePanel extends WizardPanelBase { c.setKeyOption("custom"); } - s = config.getString( - PCERT_PREFIX + certTag + ".keysize.custom_size", - default_rsa_key_size); + s = config.getString(PCERT_PREFIX + certTag + + ".keysize.custom_size", default_rsa_key_size); c.setCustomKeysize(s); - s = config.getString( - PCERT_PREFIX + certTag + ".curvename.custom_name", - default_ecc_curve_name); + s = config.getString(PCERT_PREFIX + certTag + + ".curvename.custom_name", default_ecc_curve_name); c.setCustomCurvename(s); - boolean signingRequired = config.getBoolean( - PCERT_PREFIX + certTag + ".signing.required", - false); + boolean signingRequired = config.getBoolean(PCERT_PREFIX + + certTag + ".signing.required", false); c.setSigningRequired(signingRequired); - if (signingRequired) mShowSigning = true; + if (signingRequired) + mShowSigning = true; - String userfriendlyname = config.getString( - PCERT_PREFIX + certTag + ".userfriendlyname"); + String userfriendlyname = config.getString(PCERT_PREFIX + + certTag + ".userfriendlyname"); c.setUserFriendlyName(userfriendlyname); - boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + certTag + + ".enable", true); c.setEnable(enable); mCerts.addElement(c); }// while @@ -206,16 +212,15 @@ public class SizePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException, NumberFormatException { + HttpServletResponse response, Context context) throws IOException, + NumberFormatException { CMS.debug("SizePanel: update()"); boolean hasErr = false; IConfigStore config = CMS.getConfigStore(); @@ -236,13 +241,15 @@ public class SizePanel extends WizardPanelBase { if (select1.equals("clone")) { // preset the sslserver dn for cloning case try { - String val = config.getString("preop.cert.sslserver.dn", ""); - config.putString("preop.cert.sslserver.dn", val+",o=clone"); + String val = config + .getString("preop.cert.sslserver.dn", ""); + config.putString("preop.cert.sslserver.dn", val + + ",o=clone"); } catch (Exception ee) { } } } - + String token = ""; try { token = config.getString(PRE_CONF_CA_TOKEN, ""); @@ -251,13 +258,17 @@ public class SizePanel extends WizardPanelBase { while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); String ct = cert.getCertTag(); - boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + ct + + ".enable", true); if (!enable) continue; - String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa or ecc + String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa + // or + // ecc - String keyalgorithm = HttpInput.getString(request, ct + "_keyalgorithm"); + String keyalgorithm = HttpInput.getString(request, ct + + "_keyalgorithm"); if (keyalgorithm == null) { if (keytype != null && keytype.equals("ecc")) { keyalgorithm = "SHA256withEC"; @@ -266,7 +277,8 @@ public class SizePanel extends WizardPanelBase { } } - String signingalgorithm = HttpInput.getString(request, ct + "_signingalgorithm"); + String signingalgorithm = HttpInput.getString(request, ct + + "_signingalgorithm"); if (signingalgorithm == null) { signingalgorithm = keyalgorithm; } @@ -275,114 +287,136 @@ public class SizePanel extends WizardPanelBase { if (select == null) { CMS.debug("SizePanel: " + ct + "_choice not found"); - throw new IOException( - "SizePanel: " + ct + "_choice not found"); + throw new IOException("SizePanel: " + ct + + "_choice not found"); } - CMS.debug( - "SizePanel: update() keysize choice selected:" + select); - String oldkeysize = - config.getString(PCERT_PREFIX+ct+".keysize.size", ""); - String oldkeytype = - config.getString(PCERT_PREFIX + ct + ".keytype", ""); - String oldkeyalgorithm = - config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); - String oldsigningalgorithm = - config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); - String oldcurvename = - config.getString(PCERT_PREFIX + ct + ".curvename.name", ""); + CMS.debug("SizePanel: update() keysize choice selected:" + + select); + String oldkeysize = config.getString(PCERT_PREFIX + ct + + ".keysize.size", ""); + String oldkeytype = config.getString(PCERT_PREFIX + ct + + ".keytype", ""); + String oldkeyalgorithm = config.getString(PCERT_PREFIX + ct + + ".keyalgorithm", ""); + String oldsigningalgorithm = config.getString(PCERT_PREFIX + ct + + ".signingalgorithm", ""); + String oldcurvename = config.getString(PCERT_PREFIX + ct + + ".curvename.name", ""); if (select.equals("default")) { // XXXrenaming these...keep for now just in case config.putString("preop.keysize.select", "default"); if (keytype != null && keytype.equals("ecc")) { - config.putString("preop.curvename.custom_name", - default_ecc_curve_name); - config.putString("preop.curvename.name", default_ecc_curve_name); + config.putString("preop.curvename.custom_name", + default_ecc_curve_name); + config.putString("preop.curvename.name", + default_ecc_curve_name); } else { - config.putString("preop.keysize.custom_size", - default_rsa_key_size); - config.putString("preop.keysize.size", default_rsa_key_size); + config.putString("preop.keysize.custom_size", + default_rsa_key_size); + config.putString("preop.keysize.size", + default_rsa_key_size); } config.putString(PCERT_PREFIX + ct + ".keytype", keytype); - config.putString(PCERT_PREFIX + ct + ".keyalgorithm", keyalgorithm); - config.putString(PCERT_PREFIX + ct + ".signingalgorithm", signingalgorithm); + config.putString(PCERT_PREFIX + ct + ".keyalgorithm", + keyalgorithm); + config.putString(PCERT_PREFIX + ct + ".signingalgorithm", + signingalgorithm); config.putString(PCERT_PREFIX + ct + ".keysize.select", "default"); if (keytype != null && keytype.equals("ecc")) { - config.putString(PCERT_PREFIX + ct + - ".curvename.custom_name", - default_ecc_curve_name); - config.putString(PCERT_PREFIX + ct + ".curvename.name", - default_ecc_curve_name); + config.putString(PCERT_PREFIX + ct + + ".curvename.custom_name", + default_ecc_curve_name); + config.putString(PCERT_PREFIX + ct + ".curvename.name", + default_ecc_curve_name); } else { - config.putString(PCERT_PREFIX + ct + - ".keysize.custom_size", - default_rsa_key_size); - config.putString(PCERT_PREFIX + ct + ".keysize.size", - default_rsa_key_size); + config.putString(PCERT_PREFIX + ct + + ".keysize.custom_size", default_rsa_key_size); + config.putString(PCERT_PREFIX + ct + ".keysize.size", + default_rsa_key_size); } } else if (select.equals("custom")) { // XXXrenaming these...keep for now just in case config.putString("preop.keysize.select", "custom"); if (keytype != null && keytype.equals("ecc")) { - config.putString("preop.curvename.name", - HttpInput.getString(request, ct + "_custom_curvename")); - config.putString("preop.curvename.custom_name", - HttpInput.getString(request, ct + "_custom_curvename")); + config.putString( + "preop.curvename.name", + HttpInput.getString(request, ct + + "_custom_curvename")); + config.putString( + "preop.curvename.custom_name", + HttpInput.getString(request, ct + + "_custom_curvename")); } else { - config.putString("preop.keysize.size", - HttpInput.getKeySize(request, ct + "_custom_size", keytype)); - config.putString("preop.keysize.custom_size", - HttpInput.getKeySize(request, ct + "_custom_size", keytype)); + config.putString( + "preop.keysize.size", + HttpInput.getKeySize(request, ct + + "_custom_size", keytype)); + config.putString( + "preop.keysize.custom_size", + HttpInput.getKeySize(request, ct + + "_custom_size", keytype)); } config.putString(PCERT_PREFIX + ct + ".keytype", keytype); - config.putString(PCERT_PREFIX + ct + ".keyalgorithm", keyalgorithm); - config.putString(PCERT_PREFIX + ct + ".signingalgorithm", signingalgorithm); + config.putString(PCERT_PREFIX + ct + ".keyalgorithm", + keyalgorithm); + config.putString(PCERT_PREFIX + ct + ".signingalgorithm", + signingalgorithm); config.putString(PCERT_PREFIX + ct + ".keysize.select", "custom"); if (keytype != null && keytype.equals("ecc")) { - config.putString(PCERT_PREFIX + ct + ".curvename.custom_name", - HttpInput.getString(request, ct + "_custom_curvename")); - config.putString(PCERT_PREFIX + ct + ".curvename.name", - HttpInput.getString(request, ct + "_custom_curvename")); + config.putString( + PCERT_PREFIX + ct + ".curvename.custom_name", + HttpInput.getString(request, ct + + "_custom_curvename")); + config.putString( + PCERT_PREFIX + ct + ".curvename.name", + HttpInput.getString(request, ct + + "_custom_curvename")); } else { - config.putString(PCERT_PREFIX + ct + ".keysize.custom_size", - HttpInput.getKeySize(request, ct + "_custom_size")); - config.putString(PCERT_PREFIX + ct + ".keysize.size", - HttpInput.getKeySize(request, ct + "_custom_size")); + config.putString( + PCERT_PREFIX + ct + ".keysize.custom_size", + HttpInput.getKeySize(request, ct + + "_custom_size")); + config.putString( + PCERT_PREFIX + ct + ".keysize.size", + HttpInput.getKeySize(request, ct + + "_custom_size")); } } else { CMS.debug("SizePanel: invalid choice " + select); throw new IOException("invalid choice " + select); } - String newkeysize = - config.getString(PCERT_PREFIX+ct+".keysize.size", ""); - String newkeytype = - config.getString(PCERT_PREFIX + ct + ".keytype", ""); - String newkeyalgorithm = - config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); - String newsigningalgorithm = - config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); - String newcurvename = - config.getString(PCERT_PREFIX+ct+".curvename.name", ""); - - if (!oldkeysize.equals(newkeysize) || - !oldkeytype.equals(newkeytype) || - !oldkeyalgorithm.equals(newkeyalgorithm) || - !oldsigningalgorithm.equals(newsigningalgorithm) || - !oldcurvename.equals(newcurvename)) + String newkeysize = config.getString(PCERT_PREFIX + ct + + ".keysize.size", ""); + String newkeytype = config.getString(PCERT_PREFIX + ct + + ".keytype", ""); + String newkeyalgorithm = config.getString(PCERT_PREFIX + ct + + ".keyalgorithm", ""); + String newsigningalgorithm = config.getString(PCERT_PREFIX + ct + + ".signingalgorithm", ""); + String newcurvename = config.getString(PCERT_PREFIX + ct + + ".curvename.name", ""); + + if (!oldkeysize.equals(newkeysize) + || !oldkeytype.equals(newkeytype) + || !oldkeyalgorithm.equals(newkeyalgorithm) + || !oldsigningalgorithm.equals(newsigningalgorithm) + || !oldcurvename.equals(newcurvename)) hasChanged = true; }// while try { config.commit(false); - } catch (EBaseException e) { - CMS.debug("SizePanel: update() Exception caught at config commit: " + e.toString()); + } catch (EBaseException e) { + CMS.debug("SizePanel: update() Exception caught at config commit: " + + e.toString()); } val1 = HttpInput.getID(request, "generateKeyPair"); @@ -393,19 +427,20 @@ public class SizePanel extends WizardPanelBase { context.put("updateStatus", "success"); return; } - } catch (IOException e) { + } catch (IOException e) { CMS.debug("SizePanel: update() IOException caught: " + e.toString()); context.put("updateStatus", "failure"); throw e; } catch (NumberFormatException e) { - CMS.debug("SizePanel: update() NumberFormatException caught: " + e.toString()); + CMS.debug("SizePanel: update() NumberFormatException caught: " + + e.toString()); context.put("updateStatus", "failure"); throw e; - } catch (Exception e) { + } catch (Exception e) { CMS.debug("SizePanel: update() Exception caught: " + e.toString()); } - // generate key pair + // generate key pair Enumeration c = mCerts.elements(); while (c.hasMoreElements()) { @@ -414,8 +449,9 @@ public class SizePanel extends WizardPanelBase { String friendlyName = ct; boolean enable = true; try { - enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); - friendlyName = config.getString(PCERT_PREFIX + ct + ".userfriendlyname", ct); + enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true); + friendlyName = config.getString(PCERT_PREFIX + ct + + ".userfriendlyname", ct); } catch (Exception e) { } @@ -423,17 +459,19 @@ public class SizePanel extends WizardPanelBase { continue; try { - String keytype = config.getString(PCERT_PREFIX + ct + ".keytype"); - String keyalgorithm = config.getString(PCERT_PREFIX + ct + ".keyalgorithm"); - + String keytype = config.getString(PCERT_PREFIX + ct + + ".keytype"); + String keyalgorithm = config.getString(PCERT_PREFIX + ct + + ".keyalgorithm"); + if (keytype.equals("rsa")) { - int keysize = config.getInteger( - PCERT_PREFIX + ct + ".keysize.size"); + int keysize = config.getInteger(PCERT_PREFIX + ct + + ".keysize.size"); createRSAKeyPair(token, keysize, config, ct); } else { - String curveName = config.getString( - PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name); + String curveName = config.getString(PCERT_PREFIX + ct + + ".curvename.name", default_ecc_curve_name); createECCKeyPair(token, curveName, config, ct); } config.commit(false); @@ -441,40 +479,41 @@ public class SizePanel extends WizardPanelBase { CMS.debug(e); CMS.debug("SizePanel: key generation failure: " + e.toString()); context.put("updateStatus", "failure"); - throw new IOException("key generation failure for the certificate: " + friendlyName + - ". See the logs for details."); + throw new IOException( + "key generation failure for the certificate: " + + friendlyName + ". See the logs for details."); } } // while if (hasErr == false) { - config.putBoolean("preop.SizePanel.done", true); - try { - config.commit(false); - } catch (EBaseException e) { - CMS.debug( - "SizePanel: update() Exception caught at config commit: " - + e.toString()); - } - } + config.putBoolean("preop.SizePanel.done", true); + try { + config.commit(false); + } catch (EBaseException e) { + CMS.debug("SizePanel: update() Exception caught at config commit: " + + e.toString()); + } + } CMS.debug("SizePanel: update() done"); context.put("updateStatus", "success"); } - public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct) - throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException - { - CMS.debug("Generating ECC key pair with curvename="+ curveName + - ", token="+token); + public void createECCKeyPair(String token, String curveName, + IConfigStore config, String ct) throws NoSuchAlgorithmException, + NoSuchTokenException, TokenException, + CryptoManager.NotInitializedException { + CMS.debug("Generating ECC key pair with curvename=" + curveName + + ", token=" + token); KeyPair pair = null; /* - * default ssl server cert to ECDHE unless stated otherwise - * note: IE only supports "ECDHE", but "ECDH" is more efficient - * + * default ssl server cert to ECDHE unless stated otherwise note: IE + * only supports "ECDHE", but "ECDH" is more efficient + * * for "ECDHE", server.xml should have the following for ciphers: * +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, * -TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * + * * for "ECDH", server.xml should have the following for ciphers: * -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, * +TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA @@ -487,49 +526,45 @@ public class SizePanel extends WizardPanelBase { } // ECDHE needs "SIGN" but no "DERIVE" - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE - }; + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE }; // ECDH needs "DERIVE" but no any kind of "SIGN" org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = { - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, - }; + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, }; do { - if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) { - CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); - pair = CryptoUtil.generateECCKeyPair(token, curveName, - null, - ECDH_usages_mask); - } else { - if (ct.equals("sslserver")) { - CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); - } - pair = CryptoUtil.generateECCKeyPair(token, curveName, - null, - usages_mask); - } - - // XXX - store curve , w - byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); - String kid = CryptoUtil.byte2string(id); - config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); - - // try to locate the private key - org.mozilla.jss.crypto.PrivateKey privk = - CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); - if (privk == null) { - CMS.debug("Found bad ECC key id " + kid); - pair = null; + if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) { + CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); + pair = CryptoUtil.generateECCKeyPair(token, curveName, null, + ECDH_usages_mask); + } else { + if (ct.equals("sslserver")) { + CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); + } + pair = CryptoUtil.generateECCKeyPair(token, curveName, null, + usages_mask); + } + + // XXX - store curve , w + byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()) + .getUniqueID(); + String kid = CryptoUtil.byte2string(id); + config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); + + // try to locate the private key + org.mozilla.jss.crypto.PrivateKey privk = CryptoUtil + .findPrivateKeyFromID(CryptoUtil.string2byte(kid)); + if (privk == null) { + CMS.debug("Found bad ECC key id " + kid); + pair = null; } } while (pair == null); - CMS.debug("Public key class " + pair.getPublic().getClass().getName()); + CMS.debug("Public key class " + pair.getPublic().getClass().getName()); byte encoded[] = pair.getPublic().getEncoded(); config.putString(PCERT_PREFIX + ct + ".pubkey.encoded", - CryptoUtil.byte2string(encoded)); + CryptoUtil.byte2string(encoded)); String keyAlgo = ""; try { @@ -537,35 +572,39 @@ public class SizePanel extends WizardPanelBase { } catch (Exception e1) { } - setSigningAlgorithm(ct, keyAlgo, config); + setSigningAlgorithm(ct, keyAlgo, config); } - public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct) - throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException - { + public void createRSAKeyPair(String token, int keysize, + IConfigStore config, String ct) throws NoSuchAlgorithmException, + NoSuchTokenException, TokenException, + CryptoManager.NotInitializedException { /* generate key pair */ KeyPair pair = null; do { - pair = CryptoUtil.generateRSAKeyPair(token, keysize); - byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); - String kid = CryptoUtil.byte2string(id); - config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); - // try to locate the private key - org.mozilla.jss.crypto.PrivateKey privk = - CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); - if (privk == null) { - CMS.debug("Found bad RSA key id " + kid); - pair = null; + pair = CryptoUtil.generateRSAKeyPair(token, keysize); + byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()) + .getUniqueID(); + String kid = CryptoUtil.byte2string(id); + config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); + // try to locate the private key + org.mozilla.jss.crypto.PrivateKey privk = CryptoUtil + .findPrivateKeyFromID(CryptoUtil.string2byte(kid)); + if (privk == null) { + CMS.debug("Found bad RSA key id " + kid); + pair = null; } } while (pair == null); - byte modulus[] = ((RSAPublicKey) pair.getPublic()).getModulus().toByteArray(); - byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent().toByteArray(); + byte modulus[] = ((RSAPublicKey) pair.getPublic()).getModulus() + .toByteArray(); + byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent() + .toByteArray(); config.putString(PCERT_PREFIX + ct + ".pubkey.modulus", - CryptoUtil.byte2string(modulus)); + CryptoUtil.byte2string(modulus)); config.putString(PCERT_PREFIX + ct + ".pubkey.exponent", - CryptoUtil.byte2string(exponent)); + CryptoUtil.byte2string(exponent)); String keyAlgo = ""; try { @@ -573,41 +612,39 @@ public class SizePanel extends WizardPanelBase { } catch (Exception e1) { } - setSigningAlgorithm(ct, keyAlgo, config); + setSigningAlgorithm(ct, keyAlgo, config); } - public void setSigningAlgorithm(String ct, String keyAlgo, IConfigStore config) { + public void setSigningAlgorithm(String ct, String keyAlgo, + IConfigStore config) { String systemType = ""; try { - systemType = config.getString("preop.system.name"); + systemType = config.getString("preop.system.name"); } catch (Exception e1) { } if (systemType.equalsIgnoreCase("CA")) { - if (ct.equals("signing")) { - config.putString("ca.signing.defaultSigningAlgorithm", - keyAlgo); - config.putString("ca.crl.MasterCRL.signingAlgorithm", - keyAlgo); - } else if (ct.equals("ocsp_signing")) { - config.putString("ca.ocsp_signing.defaultSigningAlgorithm", - keyAlgo); - } + if (ct.equals("signing")) { + config.putString("ca.signing.defaultSigningAlgorithm", keyAlgo); + config.putString("ca.crl.MasterCRL.signingAlgorithm", keyAlgo); + } else if (ct.equals("ocsp_signing")) { + config.putString("ca.ocsp_signing.defaultSigningAlgorithm", + keyAlgo); + } } else if (systemType.equalsIgnoreCase("OCSP")) { - if (ct.equals("signing")) { - config.putString("ocsp.signing.defaultSigningAlgorithm", - keyAlgo); - } - } else if (systemType.equalsIgnoreCase("KRA") || - systemType.equalsIgnoreCase("DRM")) { - if (ct.equals("transport")) { + if (ct.equals("signing")) { + config.putString("ocsp.signing.defaultSigningAlgorithm", + keyAlgo); + } + } else if (systemType.equalsIgnoreCase("KRA") + || systemType.equalsIgnoreCase("DRM")) { + if (ct.equals("transport")) { config.putString("kra.transportUnit.signingAlgorithm", keyAlgo); - } + } } } public void initParams(HttpServletRequest request, Context context) - throws IOException - { + throws IOException { IConfigStore config = CMS.getConfigStore(); String s = ""; try { @@ -619,10 +656,13 @@ public class SizePanel extends WizardPanelBase { s = config.getString("preop.hierarchy.select", "root"); context.put("hselect", s); - s = config.getString("preop.ecc.algorithm.list", "SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC"); + s = config.getString("preop.ecc.algorithm.list", + "SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC"); context.put("ecclist", s); - s = config.getString("preop.rsa.algorithm.list", "SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA"); + s = config + .getString("preop.rsa.algorithm.list", + "SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA"); context.put("rsalist", s); s = config.getString("keys.ecc.curve.list", "nistp256"); @@ -635,7 +675,8 @@ public class SizePanel extends WizardPanelBase { context.put("subsystemtype", s); } catch (Exception e) { - CMS.debug("SizePanel(): initParams: unable to set all initial parameters:" + e); + CMS.debug("SizePanel(): initParams: unable to set all initial parameters:" + + e); } } @@ -643,10 +684,9 @@ public class SizePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } |