diff options
| author | Ade Lee <alee@redhat.com> | 2011-12-08 21:15:59 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2011-12-08 21:15:59 -0500 |
| commit | 171aaece4f23709d33d180cf36eb3af5e454b0c9 (patch) | |
| tree | 1485f9f0a7bd10de4ff25030db575dbb8dafae74 /pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java | |
| parent | adad2fcee8a29fdb82376fbce07dedb11fccc182 (diff) | |
| download | pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.gz pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.xz pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.zip | |
Revert "Formatting"
This reverts commit 32150d3ee32f8ac27118af7c792794b538c78a2f.
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java')
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java | 177 |
1 files changed, 91 insertions, 86 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java index 99b4c2b32..27648758b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -55,10 +56,11 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; + /** - * Process CRMF requests, according to RFC 2511 See - * http://www.ietf.org/rfc/rfc2511.txt - * + * Process CRMF requests, according to RFC 2511 + * See http://www.ietf.org/rfc/rfc2511.txt + * * @version $Revision$, $Date$ */ public class CRMFProcessor extends PKIProcessor { @@ -67,36 +69,37 @@ public class CRMFProcessor extends PKIProcessor { private boolean enforcePop = false; - private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; + private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = + "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; public CRMFProcessor() { super(); } - public CRMFProcessor(CMSRequest cmsReq, CMSServlet servlet, - boolean doEnforcePop) { + public CRMFProcessor(CMSRequest cmsReq, CMSServlet servlet, boolean doEnforcePop) { super(cmsReq, servlet); enforcePop = doEnforcePop; mRequest = cmsReq; } - public void process(CMSRequest cmsReq) throws EBaseException { + public void process(CMSRequest cmsReq) + throws EBaseException { } /** * Verify Proof of Possession (POP) * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION used when proof * of possession is checked during certificate enrollment * </ul> - * * @param certReqMsg the certificate request message * @exception EBaseException an error has occurred */ - private void verifyPOP(CertReqMsg certReqMsg) throws EBaseException { + private void verifyPOP(CertReqMsg certReqMsg) + throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -115,55 +118,59 @@ public class CRMFProcessor extends PKIProcessor { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, ILogger.SUCCESS); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.SUCCESS ); - audit(auditMessage); + audit( auditMessage ); } catch (Exception e) { CMS.debug("CRMFProcessor: Failed POP verify!"); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); + CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE ); - audit(auditMessage); + audit( auditMessage ); throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); + CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); } } } else { if (enforcePop == true) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_NO_POP")); + CMS.getLogMessage("CMSGW_ERROR_NO_POP")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE ); - audit(auditMessage); + audit( auditMessage ); throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_NO_POP")); + CMS.getLogMessage("CMSGW_ERROR_NO_POP")); } } - } catch (EBaseException eAudit1) { + } catch( EBaseException eAudit1 ) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE ); - audit(auditMessage); + audit( auditMessage ); } } - public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg, - IAuthToken authToken, IArgBlock httpParams) throws EBaseException { + public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg, IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { CMS.debug("CRMFProcessor::processIndividualRequest!"); try { @@ -189,39 +196,38 @@ public class CRMFProcessor extends PKIProcessor { // field suggested notBefore and notAfter in CRMF // Tech Support #383184 - if (certTemplate.getNotBefore() != null - || certTemplate.getNotAfter() != null) { - CertificateValidity certValidity = new CertificateValidity( - certTemplate.getNotBefore(), certTemplate.getNotAfter()); + if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) { + CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter()); certInfo.set(X509CertInfo.VALIDITY, certValidity); } if (certTemplate.hasSubject()) { Name subjectdn = certTemplate.getSubject(); - ByteArrayOutputStream subjectEncStream = new ByteArrayOutputStream(); + ByteArrayOutputStream subjectEncStream = + new ByteArrayOutputStream(); subjectdn.encode(subjectEncStream); byte[] subjectEnc = subjectEncStream.toByteArray(); X500Name subject = new X500Name(subjectEnc); - certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName( - subject)); - } else if (authToken == null - || authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { + certInfo.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(subject)); + } else if (authToken == null || + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { // No subject name - error! log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); } // get extensions CertificateExtensions extensions = null; try { - extensions = (CertificateExtensions) certInfo - .get(X509CertInfo.EXTENSIONS); + extensions = (CertificateExtensions) + certInfo.get(X509CertInfo.EXTENSIONS); } catch (CertificateException e) { extensions = null; } catch (IOException e) { @@ -236,32 +242,35 @@ public class CRMFProcessor extends PKIProcessor { int numexts = certTemplate.numExtensions(); for (int j = 0; j < numexts; j++) { - org.mozilla.jss.pkix.cert.Extension jssext = certTemplate - .extensionAt(j); + org.mozilla.jss.pkix.cert.Extension jssext = + certTemplate.extensionAt(j); boolean isCritical = jssext.getCritical(); - org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = jssext - .getExtnId(); + org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = + jssext.getExtnId(); long[] numbers = jssoid.getNumbers(); int[] oidNumbers = new int[numbers.length]; for (int k = numbers.length - 1; k >= 0; k--) { oidNumbers[k] = (int) numbers[k]; } - ObjectIdentifier oid = new ObjectIdentifier(oidNumbers); - org.mozilla.jss.asn1.OCTET_STRING jssvalue = jssext - .getExtnValue(); - ByteArrayOutputStream jssvalueout = new ByteArrayOutputStream(); + ObjectIdentifier oid = + new ObjectIdentifier(oidNumbers); + org.mozilla.jss.asn1.OCTET_STRING jssvalue = + jssext.getExtnValue(); + ByteArrayOutputStream jssvalueout = + new ByteArrayOutputStream(); jssvalue.encode(jssvalueout); byte[] extValue = jssvalueout.toByteArray(); - Extension ext = new Extension(oid, isCritical, extValue); + Extension ext = + new Extension(oid, isCritical, extValue); extensions.parseExtension(ext); } - certInfo.set(X509CertInfo.VERSION, new CertificateVersion( - CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } @@ -273,8 +282,8 @@ public class CRMFProcessor extends PKIProcessor { // to have the control of the subject name // formulation. // -- CRMFfillCert - if (authToken != null - && authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { + if (authToken != null && + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { // if authenticated override subect name, validity and // extensions if any from authtoken. fillCertInfoFromAuthToken(certInfo, authToken); @@ -291,34 +300,31 @@ public class CRMFProcessor extends PKIProcessor { } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); - } /* - * catch (InvalidBERException e) { log(ILogger.LL_FAILURE, - * CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString())); - * throw new ECMSGWException( CMSGWResources.ERROR_CRMF_TO_CERTINFO); - * } - */catch (InvalidKeyException e) { + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + } /* catch (InvalidBERException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString())); + throw new ECMSGWException( + CMSGWResources.ERROR_CRMF_TO_CERTINFO); + } */ catch (InvalidKeyException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } } - public X509CertInfo[] fillCertInfoArray(String protocolString, - IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + public X509CertInfo[] fillCertInfoArray( + String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { CMS.debug("CRMFProcessor.fillCertInfoArray!"); @@ -326,10 +332,11 @@ public class CRMFProcessor extends PKIProcessor { try { byte[] crmfBlob = CMS.AtoB(crmf); - ByteArrayInputStream crmfBlobIn = new ByteArrayInputStream(crmfBlob); + ByteArrayInputStream crmfBlobIn = + new ByteArrayInputStream(crmfBlob); - SEQUENCE crmfMsgs = (SEQUENCE) new SEQUENCE.OF_Template( - new CertReqMsg.Template()).decode(crmfBlobIn); + SEQUENCE crmfMsgs = (SEQUENCE) + new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn); int nummsgs = crmfMsgs.size(); X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs]; @@ -337,33 +344,31 @@ public class CRMFProcessor extends PKIProcessor { for (int i = 0; i < nummsgs; i++) { // decode message. CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i); - + CertRequest certReq = certReqMsg.getCertReq(); INTEGER certReqId = certReq.getCertReqId(); int srcId = certReqId.intValue(); req.setExtData(IRequest.CRMF_REQID, String.valueOf(srcId)); - certInfoArray[i] = processIndividualRequest(certReqMsg, - authToken, httpParams); + certInfoArray[i] = processIndividualRequest(certReqMsg, authToken, httpParams); } - // do_testbed_hack(nummsgs, certInfoArray, httpParams); + //do_testbed_hack(nummsgs, certInfoArray, httpParams); return certInfoArray; } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (InvalidBERException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } } } + |