summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2011-12-08 21:15:59 -0500
committerAde Lee <alee@redhat.com>2011-12-08 21:15:59 -0500
commit171aaece4f23709d33d180cf36eb3af5e454b0c9 (patch)
tree1485f9f0a7bd10de4ff25030db575dbb8dafae74 /pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java
parentadad2fcee8a29fdb82376fbce07dedb11fccc182 (diff)
downloadpki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.gz
pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.xz
pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.zip
Revert "Formatting"
This reverts commit 32150d3ee32f8ac27118af7c792794b538c78a2f.
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java')
-rw-r--r--pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java473
1 files changed, 231 insertions, 242 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java b/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java
index 4b45c48cd..5a49d06e8 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.cert;
+
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
@@ -63,9 +64,10 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.osutil.OSUtil;
/**
- * Utility class with assorted methods to check for smime pairs, determining the
- * type of cert - signature or encryption ..etc.
- *
+ * Utility class with assorted methods to check for
+ * smime pairs, determining the type of cert - signature
+ * or encryption ..etc.
+ *
* @author kanda
* @version $Revision$, $Date$
*/
@@ -76,17 +78,20 @@ public class CertUtils {
public static final String CERT_REQUEST_TRAILER = "-----END CERTIFICATE REQUEST-----";
public static final String CERT_RENEWAL_HEADER = "-----BEGIN RENEWAL CERTIFICATE REQUEST-----";
public static final String CERT_RENEWAL_TRAILER = "-----END RENEWAL CERTIFICATE REQUEST-----";
- public static final String BEGIN_CRL_HEADER = "-----BEGIN CERTIFICATE REVOCATION LIST-----";
- public static final String END_CRL_HEADER = "-----END CERTIFICATE REVOCATION LIST-----";
+ public static final String BEGIN_CRL_HEADER =
+ "-----BEGIN CERTIFICATE REVOCATION LIST-----";
+ public static final String END_CRL_HEADER =
+ "-----END CERTIFICATE REVOCATION LIST-----";
protected static ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
- private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION = "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3";
+ private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION =
+ "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3";
/**
* Remove the header and footer in the PKCS10 request.
*/
public static String unwrapPKCS10(String request, boolean checkHeader)
- throws EBaseException {
+ throws EBaseException {
String unwrapped;
String header = null;
int head = -1;
@@ -107,8 +112,7 @@ public class CertUtils {
head = request.indexOf(CERT_REQUEST_HEADER);
trail = request.indexOf(CERT_REQUEST_TRAILER);
- // If this is not a request header, check if this is a renewal
- // header.
+ // If this is not a request header, check if this is a renewal header.
if (!(head == -1 && trail == -1)) {
header = CERT_REQUEST_HEADER;
@@ -126,12 +130,10 @@ public class CertUtils {
// Now validate if any headers or trailers are in place
if (head == -1 && checkHeader) {
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_MISSING_PKCS10_HEADER"));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_MISSING_PKCS10_HEADER"));
}
if (trail == -1 && checkHeader) {
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_MISSING_PKCS10_TRAILER"));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_MISSING_PKCS10_TRAILER"));
}
if (header != null) {
@@ -160,44 +162,41 @@ public class CertUtils {
pkcs10 = new PKCS10(decodedBytes);
} catch (Exception e) {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
}
return pkcs10;
}
- public static void setRSAKeyToCertInfo(X509CertInfo info, byte encoded[])
- throws EBaseException {
+ public static void setRSAKeyToCertInfo(X509CertInfo info,
+ byte encoded[]) throws EBaseException {
try {
if (info == null) {
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INVALID_OPERATION"));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_OPERATION"));
}
- X509Key key = new X509Key(
- AlgorithmId.getAlgorithmId("RSAEncryption"), encoded);
+ X509Key key = new X509Key(AlgorithmId.getAlgorithmId(
+ "RSAEncryption"), encoded);
info.set(X509CertInfo.KEY, key);
} catch (Exception e) {
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INVALID_OPERATION"));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_OPERATION"));
}
}
- public static X509CertInfo createCertInfo(int ver, BigInteger serialno,
- String alg, String issuerName, Date notBefore, Date notAfter)
- throws EBaseException {
+ public static X509CertInfo createCertInfo(int ver,
+ BigInteger serialno, String alg, String issuerName,
+ Date notBefore, Date notAfter) throws EBaseException {
try {
X509CertInfo info = new X509CertInfo();
info.set(X509CertInfo.VERSION, new CertificateVersion(ver));
- info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
- serialno));
- info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(
- AlgorithmId.getAlgorithmId(alg)));
- info.set(X509CertInfo.ISSUER, new CertificateIssuerName(
- new X500Name(issuerName)));
- info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore,
- notAfter));
+ info.set(X509CertInfo.SERIAL_NUMBER, new
+ CertificateSerialNumber(serialno));
+ info.set(X509CertInfo.ALGORITHM_ID, new
+ CertificateAlgorithmId(AlgorithmId.getAlgorithmId(alg)));
+ info.set(X509CertInfo.ISSUER, new
+ CertificateIssuerName(new X500Name(issuerName)));
+ info.set(X509CertInfo.VALIDITY, new
+ CertificateValidity(notBefore, notAfter));
return info;
} catch (Exception e) {
System.out.println(e.toString());
@@ -234,20 +233,19 @@ public class CertUtils {
return false;
else if (keyUsage.length == 3)
return keyUsage[2];
- else
- return keyUsage[2] || keyUsage[3];
+ else return keyUsage[2] || keyUsage[3];
}
public static boolean haveSameValidityPeriod(X509CertImpl cert1,
- X509CertImpl cert2) {
+ X509CertImpl cert2) {
long notBefDiff = 0;
long notAfterDiff = 0;
try {
- notBefDiff = Math.abs(cert1.getNotBefore().getTime()
- - cert2.getNotBefore().getTime());
- notAfterDiff = Math.abs(cert1.getNotAfter().getTime()
- - cert2.getNotAfter().getTime());
+ notBefDiff = Math.abs(cert1.getNotBefore().getTime() -
+ cert2.getNotBefore().getTime());
+ notAfterDiff = Math.abs(cert1.getNotAfter().getTime() -
+ cert2.getNotAfter().getTime());
} catch (Exception e) {
e.printStackTrace();
}
@@ -257,8 +255,7 @@ public class CertUtils {
return true;
}
- public static boolean isSmimePair(X509CertImpl cert1, X509CertImpl cert2,
- boolean matchSubjectDN) {
+ public static boolean isSmimePair(X509CertImpl cert1, X509CertImpl cert2, boolean matchSubjectDN) {
// Check for subjectDN equality.
if (matchSubjectDN) {
String dn1 = cert1.getSubjectDN().toString();
@@ -267,27 +264,27 @@ public class CertUtils {
if (!sameSubjectDN(dn1, dn2))
return false;
}
-
+
// Check for the presence of signing and encryption certs.
boolean hasSigningCert = isSigningCert(cert1) || isSigningCert(cert2);
if (!hasSigningCert)
return false;
- boolean hasEncryptionCert = isEncryptionCert(cert1)
- || isEncryptionCert(cert2);
+ boolean hasEncryptionCert = isEncryptionCert(cert1) || isEncryptionCert(cert2);
if (!hasEncryptionCert)
return false;
- // If both certs have signing & encryption usage set, they are
- // not really pairs.
- if ((isSigningCert(cert1) && isEncryptionCert(cert1))
- || (isSigningCert(cert2) && isEncryptionCert(cert2)))
+ // If both certs have signing & encryption usage set, they are
+ // not really pairs.
+ if ((isSigningCert(cert1) && isEncryptionCert(cert1)) ||
+ (isSigningCert(cert2) && isEncryptionCert(cert2)))
return false;
- // See if the certs have the same validity.
- boolean haveSameValidity = haveSameValidityPeriod(cert1, cert2);
+ // See if the certs have the same validity.
+ boolean haveSameValidity =
+ haveSameValidityPeriod(cert1, cert2);
return haveSameValidity;
}
@@ -344,8 +341,7 @@ public class CertUtils {
return ret;
}
- public static String getValidCertsDisplayInfo(String cn,
- X509CertImpl[] validCerts) {
+ public static String getValidCertsDisplayInfo(String cn, X509CertImpl[] validCerts) {
StringBuffer sb = new StringBuffer(1024);
sb.append(cn + "'s Currently Valid Certificates\n\n");
@@ -353,8 +349,7 @@ public class CertUtils {
return new String(sb);
}
- public static String getExpiredCertsDisplayInfo(String cn,
- X509CertImpl[] expiredCerts) {
+ public static String getExpiredCertsDisplayInfo(String cn, X509CertImpl[] expiredCerts) {
StringBuffer sb = new StringBuffer(1024);
sb.append(cn + "'s Expired Certificates\n\n");
@@ -363,7 +358,7 @@ public class CertUtils {
}
public static String getRenewedCertsDisplayInfo(String cn,
- X509CertImpl[] validCerts, X509CertImpl[] renewedCerts) {
+ X509CertImpl[] validCerts, X509CertImpl[] renewedCerts) {
StringBuffer sb = new StringBuffer(1024);
if (validCerts != null) {
@@ -391,29 +386,25 @@ public class CertUtils {
signingCert = validCerts[1];
encryptionCert = validCerts[0];
}
- sb.append("Signing Certificate Serial No: "
- + signingCert.getSerialNumber().toString(16).toUpperCase());
+ sb.append("Signing Certificate Serial No: " + signingCert.getSerialNumber().toString(16).toUpperCase());
sb.append("\n");
- sb.append("Encryption Certificate Serial No: "
- + encryptionCert.getSerialNumber().toString(16).toUpperCase());
+ sb.append("Encryption Certificate Serial No: " + encryptionCert.getSerialNumber().toString(16).toUpperCase());
sb.append("\n");
- sb.append("Validity: From: " + signingCert.getNotBefore().toString()
- + " To: " + signingCert.getNotAfter().toString());
+ sb.append("Validity: From: " + signingCert.getNotBefore().toString() + " To: " + signingCert.getNotAfter().toString());
sb.append("\n");
return new String(sb);
}
/**
* Returns the index of the given cert in an array of certs.
- *
- * Assumptions: The certs are issued by the same CA
- *
- * @param certArray The array of certs.
- * @param givenCert The certificate we are lokking for in the array.
+ *
+ * Assumptions: The certs are issued by the same CA
+ *
+ * @param certArray The array of certs.
+ * @param givenCert The certificate we are lokking for in the array.
* @return -1 if not found or the index of the given cert in the array.
*/
- public static int getCertIndex(X509CertImpl[] certArray,
- X509CertImpl givenCert) {
+ public static int getCertIndex(X509CertImpl[] certArray, X509CertImpl givenCert) {
int i = 0;
for (; i < certArray.length; i++) {
@@ -427,21 +418,21 @@ public class CertUtils {
}
/**
- * Returns the most recently issued signing certificate from an an array of
- * certs.
- *
- * Assumptions: The certs are issued by the same CA
- *
- * @param certArray The array of certs.
- * @param givenCert The certificate we are lokking for in the array.
+ * Returns the most recently issued signing certificate from an
+ * an array of certs.
+ *
+ * Assumptions: The certs are issued by the same CA
+ *
+ * @param certArray The array of certs.
+ * @param givenCert The certificate we are lokking for in the array.
* @return null if there is no recent cert or the most recent cert.
*/
public static X509CertImpl getRecentSigningCert(X509CertImpl[] certArray,
- X509CertImpl currentCert) {
+ X509CertImpl currentCert) {
if (certArray == null || currentCert == null)
return null;
- // Sort the certificate array.
+ // Sort the certificate array.
Arrays.sort(certArray, new CertDateCompare());
// Get the index of the current cert in the array.
@@ -455,9 +446,8 @@ public class CertUtils {
for (; i < certArray.length; i++) {
// Check if it is a signing cert and has its
// NotAfter later than the current cert.
- if (isSigningCert(certArray[i])
- && certArray[i].getNotAfter().after(
- recentCert.getNotAfter()))
+ if (isSigningCert(certArray[i]) &&
+ certArray[i].getNotAfter().after(recentCert.getNotAfter()))
recentCert = certArray[i];
}
return ((recentCert == currentCert) ? null : recentCert);
@@ -476,13 +466,14 @@ public class CertUtils {
// Is is object signing cert?
try {
- CertificateExtensions extns = (CertificateExtensions) cert
- .get(X509CertImpl.NAME + "." + X509CertImpl.INFO + "."
- + X509CertInfo.EXTENSIONS);
+ CertificateExtensions extns = (CertificateExtensions)
+ cert.get(X509CertImpl.NAME + "." +
+ X509CertImpl.INFO + "." +
+ X509CertInfo.EXTENSIONS);
if (extns != null) {
- NSCertTypeExtension nsExtn = (NSCertTypeExtension) extns
- .get(NSCertTypeExtension.NAME);
+ NSCertTypeExtension nsExtn = (NSCertTypeExtension)
+ extns.get(NSCertTypeExtension.NAME);
if (nsExtn != null) {
String nsType = getNSExtensionInfo(nsExtn);
@@ -494,7 +485,7 @@ public class CertUtils {
}
}
}
- } catch (Exception e) {
+ }catch (Exception e) {
}
return (sb.length() > 0) ? sb.toString() : null;
}
@@ -526,13 +517,14 @@ public class CertUtils {
res = (Boolean) nsExtn.get(NSCertTypeExtension.OBJECT_SIGNING_CA);
if (res.equals(Boolean.TRUE))
sb.append(" object_signing_CA");
- } catch (Exception e) {
+ }catch (Exception e) {
}
return (sb.length() > 0) ? sb.toString() : null;
}
- public static byte[] readFromFile(String fileName) throws IOException {
+ public static byte[] readFromFile(String fileName)
+ throws IOException {
FileInputStream fin = new FileInputStream(fileName);
int available = fin.available();
byte[] ba = new byte[available];
@@ -545,7 +537,7 @@ public class CertUtils {
}
public static void storeInFile(String fileName, byte[] ba)
- throws IOException {
+ throws IOException {
FileOutputStream fout = new FileOutputStream(fileName);
fout.write(ba);
@@ -554,15 +546,17 @@ public class CertUtils {
public static String toMIME64(X509CertImpl cert) {
try {
- return "-----BEGIN CERTIFICATE-----\n"
- + com.netscape.osutil.OSUtil.BtoA(cert.getEncoded())
- + "-----END CERTIFICATE-----\n";
+ return
+ "-----BEGIN CERTIFICATE-----\n" +
+ com.netscape.osutil.OSUtil.BtoA(cert.getEncoded()) +
+ "-----END CERTIFICATE-----\n";
} catch (CertificateException e) {
}
return null;
}
- public static X509Certificate mapCert(String mime64) throws IOException {
+ public static X509Certificate mapCert(String mime64)
+ throws IOException {
mime64 = stripCertBrackets(mime64.trim());
String newval = normalizeCertStr(mime64);
byte rawPub[] = com.netscape.osutil.OSUtil.AtoB(newval);
@@ -575,8 +569,8 @@ public class CertUtils {
return cert;
}
- public static X509Certificate[] mapCertFromPKCS7(String mime64)
- throws IOException {
+ public static X509Certificate[] mapCertFromPKCS7(String mime64)
+ throws IOException {
mime64 = stripCertBrackets(mime64.trim());
String newval = normalizeCertStr(mime64);
byte rawPub[] = com.netscape.osutil.OSUtil.AtoB(newval);
@@ -590,7 +584,8 @@ public class CertUtils {
}
}
- public static X509CRL mapCRL(String mime64) throws IOException {
+ public static X509CRL mapCRL(String mime64)
+ throws IOException {
mime64 = stripCRLBrackets(mime64.trim());
String newval = normalizeCertStr(mime64);
byte rawPub[] = com.netscape.osutil.OSUtil.AtoB(newval);
@@ -603,7 +598,8 @@ public class CertUtils {
return crl;
}
- public static X509CRL mapCRL1(String mime64) throws IOException {
+ public static X509CRL mapCRL1(String mime64)
+ throws IOException {
mime64 = stripCRLBrackets(mime64.trim());
byte rawPub[] = OSUtil.AtoB(mime64);
X509CRL crl = null;
@@ -638,8 +634,8 @@ public class CertUtils {
if (s == null) {
return s;
}
- if ((s.startsWith("-----BEGIN CERTIFICATE REVOCATION LIST-----"))
- && (s.endsWith("-----END CERTIFICATE REVOCATION LIST-----"))) {
+ if ((s.startsWith("-----BEGIN CERTIFICATE REVOCATION LIST-----")) &&
+ (s.endsWith("-----END CERTIFICATE REVOCATION LIST-----"))) {
return (s.substring(43, (s.length() - 41)));
}
return s;
@@ -647,9 +643,8 @@ public class CertUtils {
/**
* strips out the begin and end certificate brackets
- *
* @param s the string potentially bracketed with
- * "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
+ * "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
* @return string without the brackets
*/
public static String stripCertBrackets(String s) {
@@ -657,14 +652,14 @@ public class CertUtils {
return s;
}
- if ((s.startsWith("-----BEGIN CERTIFICATE-----"))
- && (s.endsWith("-----END CERTIFICATE-----"))) {
+ if ((s.startsWith("-----BEGIN CERTIFICATE-----")) &&
+ (s.endsWith("-----END CERTIFICATE-----"))) {
return (s.substring(27, (s.length() - 25)));
}
// To support Thawte's header and footer
- if ((s.startsWith("-----BEGIN PKCS #7 SIGNED DATA-----"))
- && (s.endsWith("-----END PKCS #7 SIGNED DATA-----"))) {
+ if ((s.startsWith("-----BEGIN PKCS #7 SIGNED DATA-----")) &&
+ (s.endsWith("-----END PKCS #7 SIGNED DATA-----"))) {
return (s.substring(35, (s.length() - 33)));
}
@@ -672,14 +667,13 @@ public class CertUtils {
}
/**
- * Returns a string that represents a cert's fingerprint. The fingerprint is
- * a MD5 digest of the DER encoded certificate.
- *
- * @param cert Certificate to get the fingerprint of.
+ * Returns a string that represents a cert's fingerprint.
+ * The fingerprint is a MD5 digest of the DER encoded certificate.
+ * @param cert Certificate to get the fingerprint of.
* @return a String that represents the cert's fingerprint.
*/
- public static String getFingerPrint(Certificate cert)
- throws CertificateEncodingException, NoSuchAlgorithmException {
+ public static String getFingerPrint(Certificate cert)
+ throws CertificateEncodingException, NoSuchAlgorithmException {
byte certDer[] = cert.getEncoded();
MessageDigest md = MessageDigest.getInstance("MD5");
@@ -691,17 +685,16 @@ public class CertUtils {
sb.append(pp.toHexString(digestedCert, 4, 20));
return sb.toString();
}
-
+
/**
- * Returns a string that has the certificate's fingerprint using MD5, MD2
- * and SHA1 hashes. A certificate's fingerprint is a hash digest of the DER
- * encoded certificate.
- *
+ * Returns a string that has the certificate's fingerprint using
+ * MD5, MD2 and SHA1 hashes.
+ * A certificate's fingerprint is a hash digest of the DER encoded
+ * certificate.
* @param cert Certificate to get the fingerprints of.
* @return a String with fingerprints using the MD5, MD2 and SHA1 hashes.
- * For example,
- *
- * <pre>
+ * For example,
+ * <pre>
* MD2: 78:7E:D1:F9:3E:AF:50:18:68:A7:29:50:C3:21:1F:71
*
* MD5: 0E:89:91:AC:40:50:F7:BE:6E:7B:39:4F:56:73:75:75
@@ -710,33 +703,34 @@ public class CertUtils {
* </pre>
*/
public static String getFingerPrints(Certificate cert)
- throws NoSuchAlgorithmException, CertificateEncodingException {
+ throws NoSuchAlgorithmException, CertificateEncodingException {
byte certDer[] = cert.getEncoded();
- /*
- * String[] hashes = new String[] {"MD2", "MD5", "SHA1"}; String
- * certFingerprints = ""; PrettyPrintFormat pp = new
- * PrettyPrintFormat(":");
- *
- * for (int i = 0; i < hashes.length; i++) { MessageDigest md =
- * MessageDigest.getInstance(hashes[i]);
- *
- * md.update(certDer); certFingerprints += " " + hashes[i] + ":" +
- * pp.toHexString(md.digest(), 6 - hashes[i].length()); } return
- * certFingerprints;
- */
- return getFingerPrints(certDer);
- }
+ /*
+ String[] hashes = new String[] {"MD2", "MD5", "SHA1"};
+ String certFingerprints = "";
+ PrettyPrintFormat pp = new PrettyPrintFormat(":");
+ for (int i = 0; i < hashes.length; i++) {
+ MessageDigest md = MessageDigest.getInstance(hashes[i]);
+
+ md.update(certDer);
+ certFingerprints += " " + hashes[i] + ":" +
+ pp.toHexString(md.digest(), 6 - hashes[i].length());
+ }
+ return certFingerprints;
+ */
+ return getFingerPrints(certDer);
+ }
+
/**
- * Returns a string that has the certificate's fingerprint using MD5, MD2
- * and SHA1 hashes. A certificate's fingerprint is a hash digest of the DER
- * encoded certificate.
- *
+ * Returns a string that has the certificate's fingerprint using
+ * MD5, MD2 and SHA1 hashes.
+ * A certificate's fingerprint is a hash digest of the DER encoded
+ * certificate.
* @param cert Certificate to get the fingerprints of.
* @return a String with fingerprints using the MD5, MD2 and SHA1 hashes.
- * For example,
- *
- * <pre>
+ * For example,
+ * <pre>
* MD2: 78:7E:D1:F9:3E:AF:50:18:68:A7:29:50:C3:21:1F:71
*
* MD5: 0E:89:91:AC:40:50:F7:BE:6E:7B:39:4F:56:73:75:75
@@ -745,10 +739,9 @@ public class CertUtils {
* </pre>
*/
public static String getFingerPrints(byte[] certDer)
- throws NoSuchAlgorithmException/* , CertificateEncodingException */{
- // byte certDer[] = cert.getEncoded();
- String[] hashes = new String[] { "MD2", "MD5", "SHA1", "SHA256",
- "SHA512" };
+ throws NoSuchAlgorithmException/*, CertificateEncodingException*/ {
+ // byte certDer[] = cert.getEncoded();
+ String[] hashes = new String[] {"MD2", "MD5", "SHA1", "SHA256", "SHA512"};
String certFingerprints = "";
PrettyPrintFormat pp = new PrettyPrintFormat(":");
@@ -756,42 +749,41 @@ public class CertUtils {
MessageDigest md = MessageDigest.getInstance(hashes[i]);
md.update(certDer);
- certFingerprints += hashes[i] + ":\n"
- + pp.toHexString(md.digest(), 8, 16);
+ certFingerprints += hashes[i] + ":\n" +
+ pp.toHexString(md.digest(), 8, 16);
}
return certFingerprints;
}
/**
- * Check if a object identifier in string form is valid, that is a string in
- * the form n.n.n.n and der encode and decode-able.
- *
+ * Check if a object identifier in string form is valid,
+ * that is a string in the form n.n.n.n and der encode and decode-able.
* @param attrName attribute name (from the configuration file)
* @param value object identifier string.
- */
+ */
public static ObjectIdentifier checkOID(String attrName, String value)
- throws EBaseException {
+ throws EBaseException {
String msg = "value must be a object identifier in the form n.n.n.n";
String msg1 = "not a valid object identifier.";
ObjectIdentifier oid;
- try {
- oid = ObjectIdentifier.getObjectIdentifier(value);
+ try {
+ oid = ObjectIdentifier.getObjectIdentifier(value);
} catch (Exception e) {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INVALID_ATTR_VALUE", attrName, msg));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
+ attrName, msg));
}
// if the OID isn't valid (ex. n.n) the error isn't caught til
// encoding time leaving a bad request in the request queue.
- try {
+ try {
DerOutputStream derOut = new DerOutputStream();
derOut.putOID(oid);
new ObjectIdentifier(new DerInputStream(derOut.toByteArray()));
} catch (Exception e) {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INVALID_ATTR_VALUE", attrName, msg1));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
+ attrName, msg1));
}
return oid;
}
@@ -811,21 +803,20 @@ public class CertUtils {
return tmp.toString();
}
-
+
/*
- * verify a certificate by its nickname returns true if it verifies; false
- * if any not
+ * verify a certificate by its nickname
+ * returns true if it verifies; false if any not
*/
- public static boolean verifySystemCertByNickname(String nickname,
- String certusage) {
+ public static boolean verifySystemCertByNickname(String nickname, String certusage) {
boolean r = true;
- CertificateUsage cu = null;
+ CertificateUsage cu = null;
cu = getCertificateUsage(certusage);
int ccu = 0;
if (cu == null) {
- CMS.debug("CertUtils: verifySystemCertByNickname() failed: "
- + nickname + " with unsupported certusage =" + certusage);
+ CMS.debug("CertUtils: verifySystemCertByNickname() failed: "+
+ nickname + " with unsupported certusage ="+ certusage);
return false;
}
@@ -834,15 +825,12 @@ public class CertUtils {
CMS.debug("CertUtils: verifySystemCertByNickname(): calling isCertValid()");
try {
CryptoManager cm = CryptoManager.getInstance();
- if (cu.getUsage() != CryptoManager.CertificateUsage.CheckAllUsages
- .getUsage()) {
+ if (cu.getUsage() != CryptoManager.CertificateUsage.CheckAllUsages.getUsage()) {
if (cm.isCertValid(nickname, true, cu)) {
r = true;
- CMS.debug("CertUtils: verifySystemCertByNickname() passed:"
- + nickname);
+ CMS.debug("CertUtils: verifySystemCertByNickname() passed:" + nickname);
} else {
- CMS.debug("CertUtils: verifySystemCertByNickname() failed:"
- + nickname);
+ CMS.debug("CertUtils: verifySystemCertByNickname() failed:" + nickname);
r = false;
}
} else {
@@ -851,60 +839,48 @@ public class CertUtils {
if (ccu == CertificateUsage.basicCertificateUsages) {
/* cert is good for nothing */
r = false;
- CMS.debug("CertUtils: verifySystemCertByNickname() failed: cert is good for nothing:"
- + nickname);
+ CMS.debug("CertUtils: verifySystemCertByNickname() failed: cert is good for nothing:"+ nickname);
} else {
r = true;
- CMS.debug("CertUtils: verifySystemCertByNickname() passed:"
- + nickname);
+ CMS.debug("CertUtils: verifySystemCertByNickname() passed:" + nickname);
- if ((ccu & CryptoManager.CertificateUsage.SSLServer
- .getUsage()) != 0)
+ if ((ccu & CryptoManager.CertificateUsage.SSLServer.getUsage()) != 0)
CMS.debug("CertUtils: verifySystemCertByNickname(): cert is SSLServer");
- if ((ccu & CryptoManager.CertificateUsage.SSLClient
- .getUsage()) != 0)
+ if ((ccu & CryptoManager.CertificateUsage.SSLClient.getUsage()) != 0)
CMS.debug("CertUtils: verifySystemCertByNickname(): cert is SSLClient");
- if ((ccu & CryptoManager.CertificateUsage.SSLServerWithStepUp
- .getUsage()) != 0)
+ if ((ccu & CryptoManager.CertificateUsage.SSLServerWithStepUp.getUsage()) != 0)
CMS.debug("CertUtils: verifySystemCertByNickname(): cert is SSLServerWithStepUp");
if ((ccu & CryptoManager.CertificateUsage.SSLCA.getUsage()) != 0)
CMS.debug("CertUtils: verifySystemCertByNickname(): cert is SSLCA");
- if ((ccu & CryptoManager.CertificateUsage.EmailSigner
- .getUsage()) != 0)
+ if ((ccu & CryptoManager.CertificateUsage.EmailSigner.getUsage()) != 0)
CMS.debug("CertUtils: verifySystemCertByNickname(): cert is EmailSigner");
- if ((ccu & CryptoManager.CertificateUsage.EmailRecipient
- .getUsage()) != 0)
+ if ((ccu & CryptoManager.CertificateUsage.EmailRecipient.getUsage()) != 0)
CMS.debug("CertUtils: verifySystemCertByNickname(): cert is EmailRecipient");
- if ((ccu & CryptoManager.CertificateUsage.ObjectSigner
- .getUsage()) != 0)
+ if ((ccu & CryptoManager.CertificateUsage.ObjectSigner.getUsage()) != 0)
CMS.debug("CertUtils: verifySystemCertByNickname(): cert is ObjectSigner");
- if ((ccu & CryptoManager.CertificateUsage.UserCertImport
- .getUsage()) != 0)
+ if ((ccu & CryptoManager.CertificateUsage.UserCertImport.getUsage()) != 0)
CMS.debug("CertUtils: verifySystemCertByNickname(): cert is UserCertImport");
- if ((ccu & CryptoManager.CertificateUsage.VerifyCA
- .getUsage()) != 0)
+ if ((ccu & CryptoManager.CertificateUsage.VerifyCA.getUsage()) != 0)
CMS.debug("CertUtils: verifySystemCertByNickname(): cert is VerifyCA");
- if ((ccu & CryptoManager.CertificateUsage.ProtectedObjectSigner
- .getUsage()) != 0)
+ if ((ccu & CryptoManager.CertificateUsage.ProtectedObjectSigner.getUsage()) != 0)
CMS.debug("CertUtils: verifySystemCertByNickname(): cert is ProtectedObjectSigner");
- if ((ccu & CryptoManager.CertificateUsage.StatusResponder
- .getUsage()) != 0)
+ if ((ccu & CryptoManager.CertificateUsage.StatusResponder.getUsage()) != 0)
CMS.debug("CertUtils: verifySystemCertByNickname(): cert is StatusResponder");
if ((ccu & CryptoManager.CertificateUsage.AnyCA.getUsage()) != 0)
CMS.debug("CertUtils: verifySystemCertByNickname(): cert is AnyCA");
}
}
} catch (Exception e) {
- CMS.debug("CertUtils: verifySystemCertByNickname() failed: "
- + e.toString());
+ CMS.debug("CertUtils: verifySystemCertByNickname() failed: "+
+ e.toString());
r = false;
}
return r;
}
/*
- * verify a certificate by its tag name returns true if it verifies; false
- * if any not
+ * verify a certificate by its tag name
+ * returns true if it verifies; false if any not
*/
public static boolean verifySystemCertByTag(String tag) {
String auditMessage = null;
@@ -920,49 +896,52 @@ public class CertUtils {
if (subsysType == null) {
CMS.debug("CertUtils: verifySystemCerts() invalid cs.type in CS.cfg. System certificates verification not done");
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
- ILogger.SYSTEM_UID, ILogger.FAILURE, "");
+ LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
+ ILogger.SYSTEM_UID,
+ ILogger.FAILURE,
+ "");
audit(auditMessage);
r = false;
return r;
}
- String nickname = config.getString(subsysType + ".cert." + tag
- + ".nickname", "");
+ String nickname = config.getString(subsysType+".cert."+tag+".nickname", "");
if (nickname.equals("")) {
- CMS.debug("CertUtils: verifySystemCertByTag() nickname for cert tag "
- + tag + " undefined in CS.cfg");
+ CMS.debug("CertUtils: verifySystemCertByTag() nickname for cert tag " + tag + " undefined in CS.cfg");
r = false;
}
- String certusage = config.getString(subsysType + ".cert." + tag
- + ".certusage", "");
+ String certusage = config.getString(subsysType+".cert."+tag+".certusage", "");
if (certusage.equals("")) {
- CMS.debug("CertUtils: verifySystemCertByTag() certusage for cert tag "
- + tag
- + " undefined in CS.cfg, getting current certificate usage");
+ CMS.debug("CertUtils: verifySystemCertByTag() certusage for cert tag " + tag + " undefined in CS.cfg, getting current certificate usage");
}
r = verifySystemCertByNickname(nickname, certusage);
if (r == true) {
// audit here
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
- ILogger.SYSTEM_UID, ILogger.SUCCESS, nickname);
+ LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
+ ILogger.SYSTEM_UID,
+ ILogger.SUCCESS,
+ nickname);
audit(auditMessage);
} else {
// audit here
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
- ILogger.SYSTEM_UID, ILogger.FAILURE, nickname);
+ LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
+ ILogger.SYSTEM_UID,
+ ILogger.FAILURE,
+ nickname);
audit(auditMessage);
}
} catch (Exception e) {
- CMS.debug("CertUtils: verifySystemCertsByTag() failed: "
- + e.toString());
+ CMS.debug("CertUtils: verifySystemCertsByTag() failed: "+
+ e.toString());
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
- ILogger.SYSTEM_UID, ILogger.FAILURE, "");
+ LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
+ ILogger.SYSTEM_UID,
+ ILogger.FAILURE,
+ "");
audit(auditMessage);
r = false;
@@ -1007,8 +986,9 @@ public class CertUtils {
}
/*
- * goes through all system certs and check to see if they are good and audit
- * the result returns true if all verifies; false if any not
+ * goes through all system certs and check to see if they are good
+ * and audit the result
+ * returns true if all verifies; false if any not
*/
public static boolean verifySystemCerts() {
String auditMessage = null;
@@ -1020,8 +1000,10 @@ public class CertUtils {
if (subsysType.equals("")) {
CMS.debug("CertUtils: verifySystemCerts() cs.type not defined in CS.cfg. System certificates verification not done");
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
- ILogger.SYSTEM_UID, ILogger.FAILURE, "");
+ LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
+ ILogger.SYSTEM_UID,
+ ILogger.FAILURE,
+ "");
audit(auditMessage);
r = false;
@@ -1031,21 +1013,23 @@ public class CertUtils {
if (subsysType == null) {
CMS.debug("CertUtils: verifySystemCerts() invalid cs.type in CS.cfg. System certificates verification not done");
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
- ILogger.SYSTEM_UID, ILogger.FAILURE, "");
+ LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
+ ILogger.SYSTEM_UID,
+ ILogger.FAILURE,
+ "");
audit(auditMessage);
r = false;
return r;
}
- String certlist = config.getString(subsysType + ".cert.list", "");
+ String certlist = config.getString(subsysType+".cert.list", "");
if (certlist.equals("")) {
- CMS.debug("CertUtils: verifySystemCerts() "
- + subsysType
- + ".cert.list not defined in CS.cfg. System certificates verification not done");
+ CMS.debug("CertUtils: verifySystemCerts() "+subsysType+ ".cert.list not defined in CS.cfg. System certificates verification not done");
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
- ILogger.SYSTEM_UID, ILogger.FAILURE, "");
+ LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
+ ILogger.SYSTEM_UID,
+ ILogger.FAILURE,
+ "");
audit(auditMessage);
r = false;
@@ -1061,10 +1045,12 @@ public class CertUtils {
} catch (Exception e) {
// audit here
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
- ILogger.SYSTEM_UID, ILogger.FAILURE, "");
+ LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
+ ILogger.SYSTEM_UID,
+ ILogger.FAILURE,
+ "");
- audit(auditMessage);
+ audit(auditMessage);
r = false;
CMS.debug("CertUtils: verifySystemCerts():" + e.toString());
}
@@ -1087,9 +1073,8 @@ public class CertUtils {
}
/**
- * Signed Audit Log This method is called to store messages to the signed
- * audit log.
- *
+ * Signed Audit Log
+ * This method is called to store messages to the signed audit log.
* @param msg signed audit log message
*/
private static void audit(String msg) {
@@ -1099,8 +1084,12 @@ public class CertUtils {
return;
}
- mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null,
- ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg);
+ mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
+ null,
+ ILogger.S_SIGNED_AUDIT,
+ ILogger.LL_SECURITY,
+ msg);
}
+
}
generated by cgit (git 2.34.1) at 2024-06-13 05:03:52 +0000