diff options
author | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
commit | 32150d3ee32f8ac27118af7c792794b538c78a2f (patch) | |
tree | 52dd96f664a6fa51be25b28b6f10adc5f2c9f660 /pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java | |
parent | f05d58a46795553beb8881039cc922974b40db34 (diff) | |
download | pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.gz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.xz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.zip |
Formatting
Formatted project according to eclipse project settings
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java | 114 |
1 files changed, 60 insertions, 54 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java index 569275376..18bf9f84a 100644 --- a/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java +++ b/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.authentication; - // ldap java sdk // cert server imports. @@ -47,10 +46,10 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestStatus; import com.netscape.cmscore.util.Debug; - /** * SSL client based authentication. * <P> + * * @author chrisho * @version $Revision$, $Date$ */ @@ -70,13 +69,12 @@ public class SSLClientCertAuthentication implements IAuthManager { private IConfigStore mConfig = null; private String mRequestor = null; - /* Holds configuration parameters accepted by this implementation. - * This list is passed to the configuration console so configuration - * for instances of this implementation can be configured through the - * console. + /* + * Holds configuration parameters accepted by this implementation. This list + * is passed to the configuration console so configuration for instances of + * this implementation can be configured through the console. */ - protected static String[] mConfigParams = - new String[] {}; + protected static String[] mConfigParams = new String[] {}; /** * Default constructor, initialization must follow. @@ -86,7 +84,7 @@ public class SSLClientCertAuthentication implements IAuthManager { } public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; @@ -95,19 +93,20 @@ public class SSLClientCertAuthentication implements IAuthManager { } public IAuthToken authenticate(IAuthCredentials authCred) - throws EMissingCredential, EInvalidCredentials, EBaseException { + throws EMissingCredential, EInvalidCredentials, EBaseException { AuthToken authToken = new AuthToken(this); CMS.debug("SSLCertAuth: Retrieving client certificates"); - X509Certificate[] x509Certs = - (X509Certificate[]) authCred.get(CRED_CERT); + X509Certificate[] x509Certs = (X509Certificate[]) authCred + .get(CRED_CERT); if (x509Certs == null) { CMS.debug("SSLCertAuth: No client certificate found"); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_MISSING_CERT")); - throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CERT)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_AUTH_MISSING_CERT")); + throw new EMissingCredential(CMS.getUserMessage( + "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CERT)); } CMS.debug("SSLCertAuth: Got client certificate"); @@ -118,17 +117,19 @@ public class SSLClientCertAuthentication implements IAuthManager { } X509CertImpl clientCert = (X509CertImpl) x509Certs[0]; - + BigInteger serialNum = null; try { serialNum = (BigInteger) clientCert.getSerialNumber(); - //serialNum = new BigInteger(s.substring(2), 16); + // serialNum = new BigInteger(s.substring(2), 16); } catch (NumberFormatException e) { - throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Invalid serial number.")); + throw new EAuthUserError(CMS.getUserMessage( + "CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", + "Invalid serial number.")); } - String clientCertIssuerDN = clientCert.getIssuerDN().toString(); + String clientCertIssuerDN = clientCert.getIssuerDN().toString(); BigInteger[] bigIntArray = null; if (mCertDB != null) { /* is CA */ @@ -145,19 +146,21 @@ public class SSLClientCertAuthentication implements IAuthManager { String status = record.getStatus(); if (status.equals("VALID")) { - + X509CertImpl cacert = mCA.getCACert(); Principal p = cacert.getSubjectDN(); if (!p.toString().equals(clientCertIssuerDN)) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ISSUER_NAME")); - } + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_INVALID_ISSUER_NAME")); + } } else { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_CERT_STATUS", status)); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_INVALID_CERT_STATUS", status)); } } else { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); } } else { @@ -170,8 +173,8 @@ public class SSLClientCertAuthentication implements IAuthManager { if (queue != null) { IRequest getCertStatusReq = null; - getCertStatusReq = - queue.newRequest(IRequest.GETCERT_STATUS_REQUEST); + getCertStatusReq = queue + .newRequest(IRequest.GETCERT_STATUS_REQUEST); // pass just serial number instead of whole cert if (serialNum != null) { getCertStatusReq.setExtData(SERIALNUMBER, serialNum); @@ -182,31 +185,34 @@ public class SSLClientCertAuthentication implements IAuthManager { RequestStatus status = getCertStatusReq.getRequestStatus(); if (status == RequestStatus.COMPLETE) { - String certStatus = - getCertStatusReq.getExtDataInString(IRequest.CERT_STATUS); + String certStatus = getCertStatusReq + .getExtDataInString(IRequest.CERT_STATUS); - if (certStatus == null) { - String[] params = {"null status"}; + if (certStatus == null) { + String[] params = { "null status" }; - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_CERT_STATUS", params)); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_INVALID_CERT_STATUS", params)); } else if (certStatus.equals("INVALIDCERTROOT")) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ISSUER_NAME")); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_INVALID_ISSUER_NAME")); } else if (!certStatus.equals("VALID")) { - String[] params = {status.toString()}; + String[] params = { status.toString() }; - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_CERT_STATUS", params)); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_INVALID_CERT_STATUS", params)); } } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_INCOMPLETE_REQUEST")); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_REQUEST_IN_BAD_STATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_AUTH_INCOMPLETE_REQUEST")); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_REQUEST_IN_BAD_STATE")); } } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_FAILED_GET_QUEUE")); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_GET_QUEUE_FAILED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_AUTH_FAILED_GET_QUEUE")); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_GET_QUEUE_FAILED")); } } // else, ra @@ -222,10 +228,10 @@ public class SSLClientCertAuthentication implements IAuthManager { } /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of - * this implementation can be configured through the console. - * + * Returns a list of configuration parameter names. The list is passed to + * the configuration console so instances of this implementation can be + * configured through the console. + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { @@ -234,6 +240,7 @@ public class SSLClientCertAuthentication implements IAuthManager { /** * Returns array of required credentials for this authentication manager. + * * @return Array of required credentials. */ public String[] getRequiredCreds() { @@ -243,24 +250,23 @@ public class SSLClientCertAuthentication implements IAuthManager { private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, - level, msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, level, + msg); } private IRequestQueue getReqQueue() { IRequestQueue queue = null; try { - IRegistrationAuthority ra = - (IRegistrationAuthority) CMS.getSubsystem("ra"); + IRegistrationAuthority ra = (IRegistrationAuthority) CMS + .getSubsystem("ra"); if (ra != null) { queue = ra.getRequestQueue(); mRequestor = IRequest.REQUESTOR_RA; } } catch (Exception e) { - log(ILogger.LL_FAILURE, - " cannot get access to the request queue."); + log(ILogger.LL_FAILURE, " cannot get access to the request queue."); } return queue; @@ -268,6 +274,7 @@ public class SSLClientCertAuthentication implements IAuthManager { /** * Gets the configuration substore used by this authentication manager + * * @return configuration store */ public IConfigStore getConfigStore() { @@ -288,4 +295,3 @@ public class SSLClientCertAuthentication implements IAuthManager { return mImplName; } } - |