summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2011-12-07 16:58:12 -0500
committerAde Lee <alee@redhat.com>2011-12-07 16:58:12 -0500
commit32150d3ee32f8ac27118af7c792794b538c78a2f (patch)
tree52dd96f664a6fa51be25b28b6f10adc5f2c9f660 /pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
parentf05d58a46795553beb8881039cc922974b40db34 (diff)
downloadpki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.gz
pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.xz
pki-32150d3ee32f8ac27118af7c792794b538c78a2f.zip
Formatting
Formatted project according to eclipse project settings
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java494
1 files changed, 267 insertions, 227 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
index 0e6a507a2..a096963cb 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
@@ -54,13 +53,14 @@ public class SizePanel extends WizardPanelBase {
private String default_rsa_key_size;
private boolean mShowSigning = false;
- public SizePanel() {}
+ public SizePanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
setPanelNo(panelno);
setName("Key Pairs");
setId(id);
@@ -69,25 +69,30 @@ public class SizePanel extends WizardPanelBase {
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
- Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE,
- "default,custom", null, /* no default parameter */
+
+ Descriptor choiceDesc = new Descriptor(
+ IDescriptor.CHOICE,
+ "default,custom",
+ null, /* no default parameter */
"If 'default', the key size will be configured automatically. If 'custom', the key size will be set to the value of the parameter 'custom_size'.");
set.add("choice", choiceDesc);
-
- Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
- null, /* no default parameter */
- "Custom Key Size");
+
+ Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /*
+ * no
+ * constraint
+ */
+ null, /* no default parameter */
+ "Custom Key Size");
set.add("custom_size", customSizeDesc);
-
+
return set;
}
public void cleanUp() throws IOException {
IConfigStore cs = CMS.getConfigStore();
- /* clean up if necessary*/
+ /* clean up if necessary */
try {
boolean done = cs.getBoolean("preop.SizePanel.done");
cs.putBoolean("preop.SizePanel.done", false);
@@ -105,7 +110,8 @@ public class SizePanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
@@ -114,11 +120,10 @@ public class SizePanel extends WizardPanelBase {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
CMS.debug("SizePanel: display()");
try {
- initParams(request, context);
+ initParams(request, context);
} catch (IOException e) {
}
@@ -134,12 +139,14 @@ public class SizePanel extends WizardPanelBase {
}
try {
- default_ecc_curve_name = config.getString("keys.ecc.curve.default", "nistp256");
+ default_ecc_curve_name = config.getString("keys.ecc.curve.default",
+ "nistp256");
} catch (Exception e) {
}
try {
- default_rsa_key_size = config.getString("keys.rsa.keysize.default", "2048");
+ default_rsa_key_size = config.getString("keys.rsa.keysize.default",
+ "2048");
} catch (Exception e) {
}
@@ -152,12 +159,12 @@ public class SizePanel extends WizardPanelBase {
while (st.hasMoreTokens()) {
String certTag = st.nextToken();
- String nn = config.getString(
- PCERT_PREFIX + certTag + ".nickname");
+ String nn = config.getString(PCERT_PREFIX + certTag
+ + ".nickname");
Cert c = new Cert(token, nn, certTag);
- String s = config.getString(
- PCERT_PREFIX + certTag + ".keysize.select", "default");
+ String s = config.getString(PCERT_PREFIX + certTag
+ + ".keysize.select", "default");
if (s.equals("default")) {
c.setKeyOption("default");
@@ -166,26 +173,25 @@ public class SizePanel extends WizardPanelBase {
c.setKeyOption("custom");
}
- s = config.getString(
- PCERT_PREFIX + certTag + ".keysize.custom_size",
- default_rsa_key_size);
+ s = config.getString(PCERT_PREFIX + certTag
+ + ".keysize.custom_size", default_rsa_key_size);
c.setCustomKeysize(s);
- s = config.getString(
- PCERT_PREFIX + certTag + ".curvename.custom_name",
- default_ecc_curve_name);
+ s = config.getString(PCERT_PREFIX + certTag
+ + ".curvename.custom_name", default_ecc_curve_name);
c.setCustomCurvename(s);
- boolean signingRequired = config.getBoolean(
- PCERT_PREFIX + certTag + ".signing.required",
- false);
+ boolean signingRequired = config.getBoolean(PCERT_PREFIX
+ + certTag + ".signing.required", false);
c.setSigningRequired(signingRequired);
- if (signingRequired) mShowSigning = true;
+ if (signingRequired)
+ mShowSigning = true;
- String userfriendlyname = config.getString(
- PCERT_PREFIX + certTag + ".userfriendlyname");
+ String userfriendlyname = config.getString(PCERT_PREFIX
+ + certTag + ".userfriendlyname");
c.setUserFriendlyName(userfriendlyname);
- boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true);
+ boolean enable = config.getBoolean(PCERT_PREFIX + certTag
+ + ".enable", true);
c.setEnable(enable);
mCerts.addElement(c);
}// while
@@ -206,16 +212,15 @@ public class SizePanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
}
/**
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException, NumberFormatException {
+ HttpServletResponse response, Context context) throws IOException,
+ NumberFormatException {
CMS.debug("SizePanel: update()");
boolean hasErr = false;
IConfigStore config = CMS.getConfigStore();
@@ -236,13 +241,15 @@ public class SizePanel extends WizardPanelBase {
if (select1.equals("clone")) {
// preset the sslserver dn for cloning case
try {
- String val = config.getString("preop.cert.sslserver.dn", "");
- config.putString("preop.cert.sslserver.dn", val+",o=clone");
+ String val = config
+ .getString("preop.cert.sslserver.dn", "");
+ config.putString("preop.cert.sslserver.dn", val
+ + ",o=clone");
} catch (Exception ee) {
}
}
}
-
+
String token = "";
try {
token = config.getString(PRE_CONF_CA_TOKEN, "");
@@ -251,13 +258,17 @@ public class SizePanel extends WizardPanelBase {
while (c.hasMoreElements()) {
Cert cert = (Cert) c.nextElement();
String ct = cert.getCertTag();
- boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true);
+ boolean enable = config.getBoolean(PCERT_PREFIX + ct
+ + ".enable", true);
if (!enable)
continue;
- String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa or ecc
+ String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa
+ // or
+ // ecc
- String keyalgorithm = HttpInput.getString(request, ct + "_keyalgorithm");
+ String keyalgorithm = HttpInput.getString(request, ct
+ + "_keyalgorithm");
if (keyalgorithm == null) {
if (keytype != null && keytype.equals("ecc")) {
keyalgorithm = "SHA256withEC";
@@ -266,7 +277,8 @@ public class SizePanel extends WizardPanelBase {
}
}
- String signingalgorithm = HttpInput.getString(request, ct + "_signingalgorithm");
+ String signingalgorithm = HttpInput.getString(request, ct
+ + "_signingalgorithm");
if (signingalgorithm == null) {
signingalgorithm = keyalgorithm;
}
@@ -275,114 +287,136 @@ public class SizePanel extends WizardPanelBase {
if (select == null) {
CMS.debug("SizePanel: " + ct + "_choice not found");
- throw new IOException(
- "SizePanel: " + ct + "_choice not found");
+ throw new IOException("SizePanel: " + ct
+ + "_choice not found");
}
- CMS.debug(
- "SizePanel: update() keysize choice selected:" + select);
- String oldkeysize =
- config.getString(PCERT_PREFIX+ct+".keysize.size", "");
- String oldkeytype =
- config.getString(PCERT_PREFIX + ct + ".keytype", "");
- String oldkeyalgorithm =
- config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
- String oldsigningalgorithm =
- config.getString(PCERT_PREFIX + ct + ".signingalgorithm", "");
- String oldcurvename =
- config.getString(PCERT_PREFIX + ct + ".curvename.name", "");
+ CMS.debug("SizePanel: update() keysize choice selected:"
+ + select);
+ String oldkeysize = config.getString(PCERT_PREFIX + ct
+ + ".keysize.size", "");
+ String oldkeytype = config.getString(PCERT_PREFIX + ct
+ + ".keytype", "");
+ String oldkeyalgorithm = config.getString(PCERT_PREFIX + ct
+ + ".keyalgorithm", "");
+ String oldsigningalgorithm = config.getString(PCERT_PREFIX + ct
+ + ".signingalgorithm", "");
+ String oldcurvename = config.getString(PCERT_PREFIX + ct
+ + ".curvename.name", "");
if (select.equals("default")) {
// XXXrenaming these...keep for now just in case
config.putString("preop.keysize.select", "default");
if (keytype != null && keytype.equals("ecc")) {
- config.putString("preop.curvename.custom_name",
- default_ecc_curve_name);
- config.putString("preop.curvename.name", default_ecc_curve_name);
+ config.putString("preop.curvename.custom_name",
+ default_ecc_curve_name);
+ config.putString("preop.curvename.name",
+ default_ecc_curve_name);
} else {
- config.putString("preop.keysize.custom_size",
- default_rsa_key_size);
- config.putString("preop.keysize.size", default_rsa_key_size);
+ config.putString("preop.keysize.custom_size",
+ default_rsa_key_size);
+ config.putString("preop.keysize.size",
+ default_rsa_key_size);
}
config.putString(PCERT_PREFIX + ct + ".keytype", keytype);
- config.putString(PCERT_PREFIX + ct + ".keyalgorithm", keyalgorithm);
- config.putString(PCERT_PREFIX + ct + ".signingalgorithm", signingalgorithm);
+ config.putString(PCERT_PREFIX + ct + ".keyalgorithm",
+ keyalgorithm);
+ config.putString(PCERT_PREFIX + ct + ".signingalgorithm",
+ signingalgorithm);
config.putString(PCERT_PREFIX + ct + ".keysize.select",
"default");
if (keytype != null && keytype.equals("ecc")) {
- config.putString(PCERT_PREFIX + ct +
- ".curvename.custom_name",
- default_ecc_curve_name);
- config.putString(PCERT_PREFIX + ct + ".curvename.name",
- default_ecc_curve_name);
+ config.putString(PCERT_PREFIX + ct
+ + ".curvename.custom_name",
+ default_ecc_curve_name);
+ config.putString(PCERT_PREFIX + ct + ".curvename.name",
+ default_ecc_curve_name);
} else {
- config.putString(PCERT_PREFIX + ct +
- ".keysize.custom_size",
- default_rsa_key_size);
- config.putString(PCERT_PREFIX + ct + ".keysize.size",
- default_rsa_key_size);
+ config.putString(PCERT_PREFIX + ct
+ + ".keysize.custom_size", default_rsa_key_size);
+ config.putString(PCERT_PREFIX + ct + ".keysize.size",
+ default_rsa_key_size);
}
} else if (select.equals("custom")) {
// XXXrenaming these...keep for now just in case
config.putString("preop.keysize.select", "custom");
if (keytype != null && keytype.equals("ecc")) {
- config.putString("preop.curvename.name",
- HttpInput.getString(request, ct + "_custom_curvename"));
- config.putString("preop.curvename.custom_name",
- HttpInput.getString(request, ct + "_custom_curvename"));
+ config.putString(
+ "preop.curvename.name",
+ HttpInput.getString(request, ct
+ + "_custom_curvename"));
+ config.putString(
+ "preop.curvename.custom_name",
+ HttpInput.getString(request, ct
+ + "_custom_curvename"));
} else {
- config.putString("preop.keysize.size",
- HttpInput.getKeySize(request, ct + "_custom_size", keytype));
- config.putString("preop.keysize.custom_size",
- HttpInput.getKeySize(request, ct + "_custom_size", keytype));
+ config.putString(
+ "preop.keysize.size",
+ HttpInput.getKeySize(request, ct
+ + "_custom_size", keytype));
+ config.putString(
+ "preop.keysize.custom_size",
+ HttpInput.getKeySize(request, ct
+ + "_custom_size", keytype));
}
config.putString(PCERT_PREFIX + ct + ".keytype", keytype);
- config.putString(PCERT_PREFIX + ct + ".keyalgorithm", keyalgorithm);
- config.putString(PCERT_PREFIX + ct + ".signingalgorithm", signingalgorithm);
+ config.putString(PCERT_PREFIX + ct + ".keyalgorithm",
+ keyalgorithm);
+ config.putString(PCERT_PREFIX + ct + ".signingalgorithm",
+ signingalgorithm);
config.putString(PCERT_PREFIX + ct + ".keysize.select",
"custom");
if (keytype != null && keytype.equals("ecc")) {
- config.putString(PCERT_PREFIX + ct + ".curvename.custom_name",
- HttpInput.getString(request, ct + "_custom_curvename"));
- config.putString(PCERT_PREFIX + ct + ".curvename.name",
- HttpInput.getString(request, ct + "_custom_curvename"));
+ config.putString(
+ PCERT_PREFIX + ct + ".curvename.custom_name",
+ HttpInput.getString(request, ct
+ + "_custom_curvename"));
+ config.putString(
+ PCERT_PREFIX + ct + ".curvename.name",
+ HttpInput.getString(request, ct
+ + "_custom_curvename"));
} else {
- config.putString(PCERT_PREFIX + ct + ".keysize.custom_size",
- HttpInput.getKeySize(request, ct + "_custom_size"));
- config.putString(PCERT_PREFIX + ct + ".keysize.size",
- HttpInput.getKeySize(request, ct + "_custom_size"));
+ config.putString(
+ PCERT_PREFIX + ct + ".keysize.custom_size",
+ HttpInput.getKeySize(request, ct
+ + "_custom_size"));
+ config.putString(
+ PCERT_PREFIX + ct + ".keysize.size",
+ HttpInput.getKeySize(request, ct
+ + "_custom_size"));
}
} else {
CMS.debug("SizePanel: invalid choice " + select);
throw new IOException("invalid choice " + select);
}
- String newkeysize =
- config.getString(PCERT_PREFIX+ct+".keysize.size", "");
- String newkeytype =
- config.getString(PCERT_PREFIX + ct + ".keytype", "");
- String newkeyalgorithm =
- config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
- String newsigningalgorithm =
- config.getString(PCERT_PREFIX + ct + ".signingalgorithm", "");
- String newcurvename =
- config.getString(PCERT_PREFIX+ct+".curvename.name", "");
-
- if (!oldkeysize.equals(newkeysize) ||
- !oldkeytype.equals(newkeytype) ||
- !oldkeyalgorithm.equals(newkeyalgorithm) ||
- !oldsigningalgorithm.equals(newsigningalgorithm) ||
- !oldcurvename.equals(newcurvename))
+ String newkeysize = config.getString(PCERT_PREFIX + ct
+ + ".keysize.size", "");
+ String newkeytype = config.getString(PCERT_PREFIX + ct
+ + ".keytype", "");
+ String newkeyalgorithm = config.getString(PCERT_PREFIX + ct
+ + ".keyalgorithm", "");
+ String newsigningalgorithm = config.getString(PCERT_PREFIX + ct
+ + ".signingalgorithm", "");
+ String newcurvename = config.getString(PCERT_PREFIX + ct
+ + ".curvename.name", "");
+
+ if (!oldkeysize.equals(newkeysize)
+ || !oldkeytype.equals(newkeytype)
+ || !oldkeyalgorithm.equals(newkeyalgorithm)
+ || !oldsigningalgorithm.equals(newsigningalgorithm)
+ || !oldcurvename.equals(newcurvename))
hasChanged = true;
}// while
try {
config.commit(false);
- } catch (EBaseException e) {
- CMS.debug("SizePanel: update() Exception caught at config commit: " + e.toString());
+ } catch (EBaseException e) {
+ CMS.debug("SizePanel: update() Exception caught at config commit: "
+ + e.toString());
}
val1 = HttpInput.getID(request, "generateKeyPair");
@@ -393,19 +427,20 @@ public class SizePanel extends WizardPanelBase {
context.put("updateStatus", "success");
return;
}
- } catch (IOException e) {
+ } catch (IOException e) {
CMS.debug("SizePanel: update() IOException caught: " + e.toString());
context.put("updateStatus", "failure");
throw e;
} catch (NumberFormatException e) {
- CMS.debug("SizePanel: update() NumberFormatException caught: " + e.toString());
+ CMS.debug("SizePanel: update() NumberFormatException caught: "
+ + e.toString());
context.put("updateStatus", "failure");
throw e;
- } catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("SizePanel: update() Exception caught: " + e.toString());
}
- // generate key pair
+ // generate key pair
Enumeration c = mCerts.elements();
while (c.hasMoreElements()) {
@@ -414,8 +449,9 @@ public class SizePanel extends WizardPanelBase {
String friendlyName = ct;
boolean enable = true;
try {
- enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true);
- friendlyName = config.getString(PCERT_PREFIX + ct + ".userfriendlyname", ct);
+ enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true);
+ friendlyName = config.getString(PCERT_PREFIX + ct
+ + ".userfriendlyname", ct);
} catch (Exception e) {
}
@@ -423,17 +459,19 @@ public class SizePanel extends WizardPanelBase {
continue;
try {
- String keytype = config.getString(PCERT_PREFIX + ct + ".keytype");
- String keyalgorithm = config.getString(PCERT_PREFIX + ct + ".keyalgorithm");
-
+ String keytype = config.getString(PCERT_PREFIX + ct
+ + ".keytype");
+ String keyalgorithm = config.getString(PCERT_PREFIX + ct
+ + ".keyalgorithm");
+
if (keytype.equals("rsa")) {
- int keysize = config.getInteger(
- PCERT_PREFIX + ct + ".keysize.size");
+ int keysize = config.getInteger(PCERT_PREFIX + ct
+ + ".keysize.size");
createRSAKeyPair(token, keysize, config, ct);
} else {
- String curveName = config.getString(
- PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name);
+ String curveName = config.getString(PCERT_PREFIX + ct
+ + ".curvename.name", default_ecc_curve_name);
createECCKeyPair(token, curveName, config, ct);
}
config.commit(false);
@@ -441,40 +479,41 @@ public class SizePanel extends WizardPanelBase {
CMS.debug(e);
CMS.debug("SizePanel: key generation failure: " + e.toString());
context.put("updateStatus", "failure");
- throw new IOException("key generation failure for the certificate: " + friendlyName +
- ". See the logs for details.");
+ throw new IOException(
+ "key generation failure for the certificate: "
+ + friendlyName + ". See the logs for details.");
}
} // while
if (hasErr == false) {
- config.putBoolean("preop.SizePanel.done", true);
- try {
- config.commit(false);
- } catch (EBaseException e) {
- CMS.debug(
- "SizePanel: update() Exception caught at config commit: "
- + e.toString());
- }
- }
+ config.putBoolean("preop.SizePanel.done", true);
+ try {
+ config.commit(false);
+ } catch (EBaseException e) {
+ CMS.debug("SizePanel: update() Exception caught at config commit: "
+ + e.toString());
+ }
+ }
CMS.debug("SizePanel: update() done");
context.put("updateStatus", "success");
}
- public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct)
- throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException
- {
- CMS.debug("Generating ECC key pair with curvename="+ curveName +
- ", token="+token);
+ public void createECCKeyPair(String token, String curveName,
+ IConfigStore config, String ct) throws NoSuchAlgorithmException,
+ NoSuchTokenException, TokenException,
+ CryptoManager.NotInitializedException {
+ CMS.debug("Generating ECC key pair with curvename=" + curveName
+ + ", token=" + token);
KeyPair pair = null;
/*
- * default ssl server cert to ECDHE unless stated otherwise
- * note: IE only supports "ECDHE", but "ECDH" is more efficient
- *
+ * default ssl server cert to ECDHE unless stated otherwise note: IE
+ * only supports "ECDHE", but "ECDH" is more efficient
+ *
* for "ECDHE", server.xml should have the following for ciphers:
* +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
* -TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- *
+ *
* for "ECDH", server.xml should have the following for ciphers:
* -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
* +TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
@@ -487,49 +526,45 @@ public class SizePanel extends WizardPanelBase {
}
// ECDHE needs "SIGN" but no "DERIVE"
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = {
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE
- };
+ org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE };
// ECDH needs "DERIVE" but no any kind of "SIGN"
org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = {
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN,
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER,
- };
+ org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN,
+ org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, };
do {
- if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) {
- CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
- pair = CryptoUtil.generateECCKeyPair(token, curveName,
- null,
- ECDH_usages_mask);
- } else {
- if (ct.equals("sslserver")) {
- CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
- }
- pair = CryptoUtil.generateECCKeyPair(token, curveName,
- null,
- usages_mask);
- }
-
- // XXX - store curve , w
- byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
- String kid = CryptoUtil.byte2string(id);
- config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
-
- // try to locate the private key
- org.mozilla.jss.crypto.PrivateKey privk =
- CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid));
- if (privk == null) {
- CMS.debug("Found bad ECC key id " + kid);
- pair = null;
+ if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) {
+ CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
+ pair = CryptoUtil.generateECCKeyPair(token, curveName, null,
+ ECDH_usages_mask);
+ } else {
+ if (ct.equals("sslserver")) {
+ CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
+ }
+ pair = CryptoUtil.generateECCKeyPair(token, curveName, null,
+ usages_mask);
+ }
+
+ // XXX - store curve , w
+ byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate())
+ .getUniqueID();
+ String kid = CryptoUtil.byte2string(id);
+ config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
+
+ // try to locate the private key
+ org.mozilla.jss.crypto.PrivateKey privk = CryptoUtil
+ .findPrivateKeyFromID(CryptoUtil.string2byte(kid));
+ if (privk == null) {
+ CMS.debug("Found bad ECC key id " + kid);
+ pair = null;
}
} while (pair == null);
- CMS.debug("Public key class " + pair.getPublic().getClass().getName());
+ CMS.debug("Public key class " + pair.getPublic().getClass().getName());
byte encoded[] = pair.getPublic().getEncoded();
config.putString(PCERT_PREFIX + ct + ".pubkey.encoded",
- CryptoUtil.byte2string(encoded));
+ CryptoUtil.byte2string(encoded));
String keyAlgo = "";
try {
@@ -537,35 +572,39 @@ public class SizePanel extends WizardPanelBase {
} catch (Exception e1) {
}
- setSigningAlgorithm(ct, keyAlgo, config);
+ setSigningAlgorithm(ct, keyAlgo, config);
}
- public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct)
- throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException
- {
+ public void createRSAKeyPair(String token, int keysize,
+ IConfigStore config, String ct) throws NoSuchAlgorithmException,
+ NoSuchTokenException, TokenException,
+ CryptoManager.NotInitializedException {
/* generate key pair */
KeyPair pair = null;
do {
- pair = CryptoUtil.generateRSAKeyPair(token, keysize);
- byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
- String kid = CryptoUtil.byte2string(id);
- config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
- // try to locate the private key
- org.mozilla.jss.crypto.PrivateKey privk =
- CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid));
- if (privk == null) {
- CMS.debug("Found bad RSA key id " + kid);
- pair = null;
+ pair = CryptoUtil.generateRSAKeyPair(token, keysize);
+ byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate())
+ .getUniqueID();
+ String kid = CryptoUtil.byte2string(id);
+ config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
+ // try to locate the private key
+ org.mozilla.jss.crypto.PrivateKey privk = CryptoUtil
+ .findPrivateKeyFromID(CryptoUtil.string2byte(kid));
+ if (privk == null) {
+ CMS.debug("Found bad RSA key id " + kid);
+ pair = null;
}
} while (pair == null);
- byte modulus[] = ((RSAPublicKey) pair.getPublic()).getModulus().toByteArray();
- byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent().toByteArray();
+ byte modulus[] = ((RSAPublicKey) pair.getPublic()).getModulus()
+ .toByteArray();
+ byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent()
+ .toByteArray();
config.putString(PCERT_PREFIX + ct + ".pubkey.modulus",
- CryptoUtil.byte2string(modulus));
+ CryptoUtil.byte2string(modulus));
config.putString(PCERT_PREFIX + ct + ".pubkey.exponent",
- CryptoUtil.byte2string(exponent));
+ CryptoUtil.byte2string(exponent));
String keyAlgo = "";
try {
@@ -573,41 +612,39 @@ public class SizePanel extends WizardPanelBase {
} catch (Exception e1) {
}
- setSigningAlgorithm(ct, keyAlgo, config);
+ setSigningAlgorithm(ct, keyAlgo, config);
}
- public void setSigningAlgorithm(String ct, String keyAlgo, IConfigStore config) {
+ public void setSigningAlgorithm(String ct, String keyAlgo,
+ IConfigStore config) {
String systemType = "";
try {
- systemType = config.getString("preop.system.name");
+ systemType = config.getString("preop.system.name");
} catch (Exception e1) {
}
if (systemType.equalsIgnoreCase("CA")) {
- if (ct.equals("signing")) {
- config.putString("ca.signing.defaultSigningAlgorithm",
- keyAlgo);
- config.putString("ca.crl.MasterCRL.signingAlgorithm",
- keyAlgo);
- } else if (ct.equals("ocsp_signing")) {
- config.putString("ca.ocsp_signing.defaultSigningAlgorithm",
- keyAlgo);
- }
+ if (ct.equals("signing")) {
+ config.putString("ca.signing.defaultSigningAlgorithm", keyAlgo);
+ config.putString("ca.crl.MasterCRL.signingAlgorithm", keyAlgo);
+ } else if (ct.equals("ocsp_signing")) {
+ config.putString("ca.ocsp_signing.defaultSigningAlgorithm",
+ keyAlgo);
+ }
} else if (systemType.equalsIgnoreCase("OCSP")) {
- if (ct.equals("signing")) {
- config.putString("ocsp.signing.defaultSigningAlgorithm",
- keyAlgo);
- }
- } else if (systemType.equalsIgnoreCase("KRA") ||
- systemType.equalsIgnoreCase("DRM")) {
- if (ct.equals("transport")) {
+ if (ct.equals("signing")) {
+ config.putString("ocsp.signing.defaultSigningAlgorithm",
+ keyAlgo);
+ }
+ } else if (systemType.equalsIgnoreCase("KRA")
+ || systemType.equalsIgnoreCase("DRM")) {
+ if (ct.equals("transport")) {
config.putString("kra.transportUnit.signingAlgorithm", keyAlgo);
- }
+ }
}
}
public void initParams(HttpServletRequest request, Context context)
- throws IOException
- {
+ throws IOException {
IConfigStore config = CMS.getConfigStore();
String s = "";
try {
@@ -619,10 +656,13 @@ public class SizePanel extends WizardPanelBase {
s = config.getString("preop.hierarchy.select", "root");
context.put("hselect", s);
- s = config.getString("preop.ecc.algorithm.list", "SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC");
+ s = config.getString("preop.ecc.algorithm.list",
+ "SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC");
context.put("ecclist", s);
- s = config.getString("preop.rsa.algorithm.list", "SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA");
+ s = config
+ .getString("preop.rsa.algorithm.list",
+ "SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA");
context.put("rsalist", s);
s = config.getString("keys.ecc.curve.list", "nistp256");
@@ -635,7 +675,8 @@ public class SizePanel extends WizardPanelBase {
context.put("subsystemtype", s);
} catch (Exception e) {
- CMS.debug("SizePanel(): initParams: unable to set all initial parameters:" + e);
+ CMS.debug("SizePanel(): initParams: unable to set all initial parameters:"
+ + e);
}
}
@@ -643,10 +684,9 @@ public class SizePanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
try {
- initParams(request, context);
+ initParams(request, context);
} catch (IOException e) {
}
generated by cgit (git 2.34.1) at 2024-07-06 15:57:45 +0000