diff options
author | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
commit | 32150d3ee32f8ac27118af7c792794b538c78a2f (patch) | |
tree | 52dd96f664a6fa51be25b28b6f10adc5f2c9f660 /pki/base/common/src/com/netscape/cmscore/security | |
parent | f05d58a46795553beb8881039cc922974b40db34 (diff) | |
download | pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.gz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.xz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.zip |
Formatting
Formatted project according to eclipse project settings
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/security')
14 files changed, 1691 insertions, 1352 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java b/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java index 04f442a35..22c939582 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java +++ b/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.IOException; import java.math.BigInteger; import java.security.KeyPair; @@ -34,7 +33,6 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; - /** * CA signing certificate. * @@ -43,8 +41,7 @@ import com.netscape.certsrv.security.KeyCertData; */ public class CASigningCert extends CertificateInfo { - public static final String SUBJECT_NAME = - "CN=Certificate Authority, O=Netscape Communications, C=US"; + public static final String SUBJECT_NAME = "CN=Certificate Authority, O=Netscape Communications, C=US"; public CASigningCert(KeyCertData properties) { this(properties, null); @@ -52,15 +49,11 @@ public class CASigningCert extends CertificateInfo { public CASigningCert(KeyCertData properties, KeyPair pair) { super(properties, pair); - /* included in console UI - try { - if (mProperties.get(Constants.PR_AKI) == null) { - mProperties.put(Constants.PR_AKI, Constants.FALSE); - } - } catch (Exception e) { - mProperties.put(Constants.PR_AKI, Constants.FALSE); - } - */ + /* + * included in console UI try { if (mProperties.get(Constants.PR_AKI) == + * null) { mProperties.put(Constants.PR_AKI, Constants.FALSE); } } catch + * (Exception e) { mProperties.put(Constants.PR_AKI, Constants.FALSE); } + */ try { if (mProperties.get(Constants.PR_CERT_LEN) == null) { mProperties.put(Constants.PR_CERT_LEN, "-1"); @@ -77,15 +70,11 @@ public class CASigningCert extends CertificateInfo { // "null" mean no BasicConstriant mProperties.put(Constants.PR_IS_CA, "null"); } - /* included in console UI - try { - if (mProperties.get(Constants.PR_SKI) == null) { - mProperties.put(Constants.PR_SKI, Constants.FALSE); - } - } catch (Exception e) { - mProperties.put(Constants.PR_SKI, Constants.FALSE); - } - */ + /* + * included in console UI try { if (mProperties.get(Constants.PR_SKI) == + * null) { mProperties.put(Constants.PR_SKI, Constants.FALSE); } } catch + * (Exception e) { mProperties.put(Constants.PR_SKI, Constants.FALSE); } + */ } public String getSubjectName() { @@ -107,7 +96,7 @@ public class CASigningCert extends CertificateInfo { BigInteger P = new BigInteger(p); BigInteger Q = new BigInteger(q); BigInteger G = new BigInteger(g); - BigInteger pqgSeed = new BigInteger(seed); + BigInteger pqgSeed = new BigInteger(seed); BigInteger pqgH = new BigInteger(H); return new PQGParams(P, Q, G, pqgSeed, counter, pqgH); @@ -128,20 +117,22 @@ public class CASigningCert extends CertificateInfo { else if (keyType.equals("RSA")) alg = "SHA1withRSA"; else - throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", keyType)); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_ALG_NOT_SUPPORTED", keyType)); cmsFileTmp.putString("ca.signing.defaultSigningAlgorithm", alg); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) cmsFileTmp.putString("ca.signing.cacertnickname", nickname); else - cmsFileTmp.putString("ca.signing.cacertnickname", - tokenname + ":" + nickname); + cmsFileTmp.putString("ca.signing.cacertnickname", tokenname + ":" + + nickname); cmsFileTmp.commit(false); } public String getNickname() { String name = (String) mProperties.get(Constants.PR_NICKNAME); - String instanceName = (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); + String instanceName = (String) mProperties + .get(ConfigConstants.PR_CERT_INSTANCE_NAME); if (name != null) return name; @@ -162,4 +153,3 @@ public class CASigningCert extends CertificateInfo { return extension; } } - diff --git a/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java b/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java index dc240dac2..b093fba59 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java +++ b/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.IOException; import java.math.BigInteger; import java.security.InvalidKeyException; @@ -60,7 +59,6 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; - /** * This base class provides methods to import CA signing cert or get certificate * request. @@ -88,11 +86,12 @@ public abstract class CertificateInfo { mConfig = (IConfigStore) (mProperties.get("cmsFile")); } - protected abstract KeyUsageExtension getKeyUsageExtension() throws IOException; + protected abstract KeyUsageExtension getKeyUsageExtension() + throws IOException; public abstract String getSubjectName(); - //public abstract SignatureAlgorithm getSigningAlgorithm(); + // public abstract SignatureAlgorithm getSigningAlgorithm(); public abstract String getKeyAlgorithm(); public abstract String getNickname(); @@ -102,12 +101,12 @@ public abstract class CertificateInfo { public CertificateValidity getCertificateValidity() throws EBaseException { /* - String period = (String)mProperties.get(Constants.PR_VALIDITY_PERIOD); - Date notBeforeDate = CMS.getCurrentDate(); - Date notAfterDate = new Date(notBeforeDate.getYear(), - notBeforeDate.getMonth(), - notBeforeDate.getDate()+Integer.parseInt(period)); - return new CertificateValidity(notBeforeDate, notAfterDate); + * String period = + * (String)mProperties.get(Constants.PR_VALIDITY_PERIOD); Date + * notBeforeDate = CMS.getCurrentDate(); Date notAfterDate = new + * Date(notBeforeDate.getYear(), notBeforeDate.getMonth(), + * notBeforeDate.getDate()+Integer.parseInt(period)); return new + * CertificateValidity(notBeforeDate, notAfterDate); */ Date notBeforeDate = null; Date notAfterDate = null; @@ -118,52 +117,41 @@ public abstract class CertificateInfo { notBeforeDate = new Date(Long.parseLong(notBeforeStr)); notAfterDate = new Date(Long.parseLong(notAfterStr)); } else { - int beginYear = - Integer.parseInt(mProperties.getBeginYear()) - 1900; - int afterYear = - Integer.parseInt(mProperties.getAfterYear()) - 1900; - int beginMonth = - Integer.parseInt(mProperties.getBeginMonth()); - int afterMonth = - Integer.parseInt(mProperties.getAfterMonth()); - int beginDate = - Integer.parseInt(mProperties.getBeginDate()); - int afterDate = - Integer.parseInt(mProperties.getAfterDate()); - int beginHour = - Integer.parseInt(mProperties.getBeginHour()); - int afterHour = - Integer.parseInt(mProperties.getAfterHour()); - int beginMin = - Integer.parseInt(mProperties.getBeginMin()); - int afterMin = - Integer.parseInt(mProperties.getAfterMin()); - int beginSec = - Integer.parseInt(mProperties.getBeginSec()); - int afterSec = - Integer.parseInt(mProperties.getAfterSec()); + int beginYear = Integer.parseInt(mProperties.getBeginYear()) - 1900; + int afterYear = Integer.parseInt(mProperties.getAfterYear()) - 1900; + int beginMonth = Integer.parseInt(mProperties.getBeginMonth()); + int afterMonth = Integer.parseInt(mProperties.getAfterMonth()); + int beginDate = Integer.parseInt(mProperties.getBeginDate()); + int afterDate = Integer.parseInt(mProperties.getAfterDate()); + int beginHour = Integer.parseInt(mProperties.getBeginHour()); + int afterHour = Integer.parseInt(mProperties.getAfterHour()); + int beginMin = Integer.parseInt(mProperties.getBeginMin()); + int afterMin = Integer.parseInt(mProperties.getAfterMin()); + int beginSec = Integer.parseInt(mProperties.getBeginSec()); + int afterSec = Integer.parseInt(mProperties.getAfterSec()); Calendar calendar = Calendar.getInstance(); - calendar.set(beginYear, beginMonth, beginDate, - beginHour, beginMin, beginSec); + calendar.set(beginYear, beginMonth, beginDate, beginHour, beginMin, + beginSec); notBeforeDate = calendar.getTime(); - calendar.set(afterYear, afterMonth, afterDate, - afterHour, afterMin, afterSec); + calendar.set(afterYear, afterMonth, afterDate, afterHour, afterMin, + afterSec); notAfterDate = calendar.getTime(); } return new CertificateValidity(notBeforeDate, notAfterDate); } - public X509CertInfo getCertInfo() throws EBaseException, PQGParamGenException { + public X509CertInfo getCertInfo() throws EBaseException, + PQGParamGenException { X509CertInfo certInfo = new X509CertInfo(); try { - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, new CertificateVersion( + CertificateVersion.V3)); BigInteger serialNumber = mProperties.getSerialNumber(); certInfo.set(X509CertInfo.SERIAL_NUMBER, - new CertificateSerialNumber(serialNumber)); + new CertificateSerialNumber(serialNumber)); certInfo.set(X509CertInfo.EXTENSIONS, getExtensions()); certInfo.set(X509CertInfo.VALIDITY, getCertificateValidity()); String issuerName = mProperties.getIssuerName(); @@ -172,46 +160,51 @@ public abstract class CertificateInfo { issuerName = getSubjectName(); } - certInfo.set(X509CertInfo.ISSUER, - new CertificateIssuerName(new X500Name(issuerName))); - certInfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(new X500Name(getSubjectName()))); - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.ISSUER, new CertificateIssuerName( + new X500Name(issuerName))); + certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName( + new X500Name(getSubjectName()))); + certInfo.set(X509CertInfo.VERSION, new CertificateVersion( + CertificateVersion.V3)); PublicKey pubk = mKeyPair.getPublic(); X509Key xKey = KeyCertUtil.convertPublicKeyToX509Key(pubk); certInfo.set(X509CertInfo.KEY, new CertificateX509Key(xKey)); - //SignatureAlgorithm algm = getSigningAlgorithm(); - SignatureAlgorithm algm = - (SignatureAlgorithm) mProperties.get(Constants.PR_SIGNATURE_ALGORITHM); + // SignatureAlgorithm algm = getSigningAlgorithm(); + SignatureAlgorithm algm = (SignatureAlgorithm) mProperties + .get(Constants.PR_SIGNATURE_ALGORITHM); if (algm == null) { - String hashtype = (String) mProperties.get(ConfigConstants.PR_HASH_TYPE); + String hashtype = (String) mProperties + .get(ConfigConstants.PR_HASH_TYPE); - algm = KeyCertUtil.getSigningAlgorithm(getKeyAlgorithm(), hashtype); + algm = KeyCertUtil.getSigningAlgorithm(getKeyAlgorithm(), + hashtype); mProperties.put(Constants.PR_SIGNATURE_ALGORITHM, algm); } AlgorithmId sigAlgId = getAlgorithmId(); if (sigAlgId == null) { - byte[]encodedOID = ASN1Util.encode(algm.toOID()); + byte[] encodedOID = ASN1Util.encode(algm.toOID()); sigAlgId = new AlgorithmId(new ObjectIdentifier( - new DerInputStream(encodedOID))); + new DerInputStream(encodedOID))); } - certInfo.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId(sigAlgId)); + certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId( + sigAlgId)); } catch (InvalidKeyException e) { throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY")); - } catch (CertificateException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT", e.toString())); + } catch (CertificateException e) { + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_INVALID_CERT", e.toString())); } catch (IOException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_INVALID_CERT", e.toString())); } catch (NoSuchAlgorithmException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", "")); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_ALG_NOT_SUPPORTED", "")); } return certInfo; @@ -225,7 +218,7 @@ public abstract class CertificateInfo { KeyCertUtil.setDERExtension(exts, mProperties); KeyCertUtil.setBasicConstraintsExtension(exts, mProperties); KeyCertUtil.setSubjectKeyIdentifier(mKeyPair, exts, mProperties); - //KeyCertUtil.setOCSPSigning(mKeyPair, exts, mProperties); + // KeyCertUtil.setOCSPSigning(mKeyPair, exts, mProperties); KeyCertUtil.setAuthInfoAccess(mKeyPair, exts, mProperties); KeyCertUtil.setOCSPNoCheck(mKeyPair, exts, mProperties); KeyPair caKeyPair = (KeyPair) mProperties.get(Constants.PR_CA_KEYPAIR); @@ -245,8 +238,7 @@ public abstract class CertificateInfo { boolean isKeyUsageEnabled = mProperties.getKeyUsageExtension(); if (isKeyUsageEnabled) { - KeyCertUtil.setKeyUsageExtension( - exts, getKeyUsageExtension()); + KeyCertUtil.setKeyUsageExtension(exts, getKeyUsageExtension()); } return exts; } @@ -255,27 +247,27 @@ public abstract class CertificateInfo { return (AlgorithmId) (mProperties.get(Constants.PR_ALGORITHM_ID)); } - public void setAuthorityKeyIdExt(CertificateExtensions caexts, CertificateExtensions ext) - throws IOException, CertificateException, CertificateEncodingException, + public void setAuthorityKeyIdExt(CertificateExtensions caexts, + CertificateExtensions ext) throws IOException, + CertificateException, CertificateEncodingException, CertificateParsingException { SubjectKeyIdentifierExtension subjKeyExt = null; try { - subjKeyExt = - (SubjectKeyIdentifierExtension) caexts.get(SubjectKeyIdentifierExtension.NAME); + subjKeyExt = (SubjectKeyIdentifierExtension) caexts + .get(SubjectKeyIdentifierExtension.NAME); } catch (IOException e) { } if (subjKeyExt == null) return; else { - KeyIdentifier keyId = (KeyIdentifier) subjKeyExt.get( - SubjectKeyIdentifierExtension.KEY_ID); - AuthorityKeyIdentifierExtension authExt = - new AuthorityKeyIdentifierExtension(false, keyId, null, null); + KeyIdentifier keyId = (KeyIdentifier) subjKeyExt + .get(SubjectKeyIdentifierExtension.KEY_ID); + AuthorityKeyIdentifierExtension authExt = new AuthorityKeyIdentifierExtension( + false, keyId, null, null); ext.set(AuthorityKeyIdentifierExtension.NAME, authExt); } } } - diff --git a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java index d0df7d1a9..976b8e7ec 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.ByteArrayOutputStream; import java.io.FileInputStream; import java.io.FileOutputStream; @@ -101,10 +100,10 @@ import com.netscape.cmscore.cert.CertUtils; import com.netscape.cmscore.util.Debug; import com.netscape.cmsutil.crypto.CryptoUtil; - /** * Subsystem for initializing JSS> * <P> + * * @version $Revision$ $Date$ */ public final class JssSubsystem implements ICryptoSubsystem { @@ -131,13 +130,15 @@ public final class JssSubsystem implements ICryptoSubsystem { private Hashtable mNicknameMapCertsTable = new Hashtable(); private Hashtable mNicknameMapUserCertsTable = new Hashtable(); - private FileInputStream devRandomInputStream=null; + private FileInputStream devRandomInputStream = null; - // This date format is to format the date string of the certificate in such a way as + // This date format is to format the date string of the certificate in such + // a way as // May 01, 1999 01:55:55. - private static SimpleDateFormat mFormatter = new SimpleDateFormat("MMMMM dd, yyyy HH:mm:ss"); + private static SimpleDateFormat mFormatter = new SimpleDateFormat( + "MMMMM dd, yyyy HH:mm:ss"); - // SSL related variables. + // SSL related variables. private IConfigStore mSSLConfig = null; @@ -147,20 +148,20 @@ public final class JssSubsystem implements ICryptoSubsystem { private static Hashtable mCipherNames = new Hashtable(); - /* default sslv2 and sslv3 cipher suites(all), set if no prefs in config.*/ - private static final String DEFAULT_CIPHERPREF = - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + - "TLS_RSA_WITH_AES_128_CBC_SHA," + - "TLS_RSA_WITH_AES_256_CBC_SHA," + - "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + -// "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + -// "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + -// "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"; + /* default sslv2 and sslv3 cipher suites(all), set if no prefs in config. */ + private static final String DEFAULT_CIPHERPREF = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + + "TLS_RSA_WITH_AES_128_CBC_SHA," + + "TLS_RSA_WITH_AES_256_CBC_SHA," + + "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + + + // "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + + // "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + + // "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + + "TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + + "TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"; /* list of all ciphers JSS supports */ private static final int mJSSCipherSuites[] = { @@ -178,50 +179,51 @@ public final class JssSubsystem implements ICryptoSubsystem { SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA, SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, - SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, - }; + SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, }; static { /* set ssl cipher string names. */ - /* disallowing SSL2 ciphers to be turned on - mCipherNames.put(Constants.PR_SSL2_RC4_128_WITH_MD5, - Integer.valueOf(SSLSocket.SSL2_RC4_128_WITH_MD5)); - mCipherNames.put(Constants.PR_SSL2_RC4_128_EXPORT40_WITH_MD5, - Integer.valueOf(SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5)); - mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_WITH_MD5, - Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_WITH_MD5)); - mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_EXPORT40_WITH_MD5, - Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5)); - mCipherNames.put(Constants.PR_SSL2_DES_64_CBC_WITH_MD5, - Integer.valueOf(SSLSocket.SSL2_DES_64_CBC_WITH_MD5)); - mCipherNames.put(Constants.PR_SSL2_DES_192_EDE3_CBC_WITH_MD5, - Integer.valueOf(SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5)); - */ + /* + * disallowing SSL2 ciphers to be turned on + * mCipherNames.put(Constants.PR_SSL2_RC4_128_WITH_MD5, + * Integer.valueOf(SSLSocket.SSL2_RC4_128_WITH_MD5)); + * mCipherNames.put(Constants.PR_SSL2_RC4_128_EXPORT40_WITH_MD5, + * Integer.valueOf(SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5)); + * mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_WITH_MD5, + * Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_WITH_MD5)); + * mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_EXPORT40_WITH_MD5, + * Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5)); + * mCipherNames.put(Constants.PR_SSL2_DES_64_CBC_WITH_MD5, + * Integer.valueOf(SSLSocket.SSL2_DES_64_CBC_WITH_MD5)); + * mCipherNames.put(Constants.PR_SSL2_DES_192_EDE3_CBC_WITH_MD5, + * Integer.valueOf(SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5)); + */ mCipherNames.put(Constants.PR_SSL3_RSA_WITH_NULL_MD5, - Integer.valueOf(SSLSocket.SSL3_RSA_WITH_NULL_MD5)); + Integer.valueOf(SSLSocket.SSL3_RSA_WITH_NULL_MD5)); mCipherNames.put(Constants.PR_SSL3_RSA_EXPORT_WITH_RC4_40_MD5, - Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5)); + Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5)); mCipherNames.put(Constants.PR_SSL3_RSA_WITH_RC4_128_MD5, - Integer.valueOf(SSLSocket.SSL3_RSA_WITH_RC4_128_MD5)); + Integer.valueOf(SSLSocket.SSL3_RSA_WITH_RC4_128_MD5)); mCipherNames.put(Constants.PR_SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5, - Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5)); + Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5)); mCipherNames.put(Constants.PR_SSL3_RSA_WITH_DES_CBC_SHA, - Integer.valueOf(SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA)); + Integer.valueOf(SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA)); mCipherNames.put(Constants.PR_SSL3_RSA_WITH_3DES_EDE_CBC_SHA, - Integer.valueOf(SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA)); - mCipherNames.put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, - Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA)); + Integer.valueOf(SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA)); + mCipherNames + .put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, + Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA)); mCipherNames.put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA, - Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA)); + Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA)); mCipherNames.put(Constants.PR_SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, - Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA)); + Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA)); mCipherNames.put(Constants.PR_SSL_RSA_FIPS_WITH_DES_CBC_SHA, - Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA)); + Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA)); mCipherNames.put(Constants.PR_TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, - Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA)); + Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA)); mCipherNames.put(Constants.PR_TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, - Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA)); + Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA)); } public static JssSubsystem getInstance() { @@ -239,44 +241,43 @@ public final class JssSubsystem implements ICryptoSubsystem { } public void setId(String id) throws EBaseException { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_OPERATION")); - - } - - // Add entropy to the 'default' RNG token - public void addEntropy(int bits) - throws org.mozilla.jss.util.NotImplementedException, - IOException, - TokenException - { - int read=0; - int bytes = (7+bits)/8; - byte[] b = new byte[bytes]; - if (devRandomInputStream == null) { - throw new IOException(CMS.getLogMessage("CMSCORE_SECURITY_NO_ENTROPY_STREAM")); - } - do { - int c = devRandomInputStream.read(b,read,bytes-read); - read += c; - } - while (read < bytes); - - CMS.debug("JssSubsystem adding "+bits+" bits ("+bytes+" bytes) of entropy to default RNG token"); - CMS.debug(b); - PK11SecureRandom sr = new PK11SecureRandom(); - sr.setSeed(b); - } - + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_INVALID_OPERATION")); + + } + + // Add entropy to the 'default' RNG token + public void addEntropy(int bits) + throws org.mozilla.jss.util.NotImplementedException, IOException, + TokenException { + int read = 0; + int bytes = (7 + bits) / 8; + byte[] b = new byte[bytes]; + if (devRandomInputStream == null) { + throw new IOException( + CMS.getLogMessage("CMSCORE_SECURITY_NO_ENTROPY_STREAM")); + } + do { + int c = devRandomInputStream.read(b, read, bytes - read); + read += c; + } while (read < bytes); + + CMS.debug("JssSubsystem adding " + bits + " bits (" + bytes + + " bytes) of entropy to default RNG token"); + CMS.debug(b); + PK11SecureRandom sr = new PK11SecureRandom(); + sr.setSeed(b); + } + /** - * Initializes the Jss security subsystem. + * Initializes the Jss security subsystem. * <P> */ - public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException { mLogger = CMS.getLogger(); - - if (mInited) - { + + if (mInited) { // This used to throw an exeception (e.g. - on Solaris). // If JSS is already initialized simply return. CMS.debug("JssSubsystem already inited.. returning."); @@ -309,10 +310,9 @@ public final class JssSubsystem implements ICryptoSubsystem { String certDir; certDir = config.getString(CONFIG_DIR, null); - - CryptoManager.InitializationValues vals = - new CryptoManager.InitializationValues(certDir, - "", "", "secmod.db"); + + CryptoManager.InitializationValues vals = new CryptoManager.InitializationValues( + certDir, "", "", "secmod.db"); vals.removeSunProvider = false; vals.installJSSProvider = true; @@ -321,11 +321,13 @@ public final class JssSubsystem implements ICryptoSubsystem { } catch (AlreadyInitializedException e) { // do nothing } catch (Exception e) { - String[] params = {mId, e.toString()}; - EBaseException ex = new EBaseException( - CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = { mId, e.toString() }; + EBaseException ex = new EBaseException(CMS.getUserMessage( + "CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", + ex.toString())); throw ex; } @@ -333,19 +335,21 @@ public final class JssSubsystem implements ICryptoSubsystem { mCryptoManager = CryptoManager.getInstance(); initSSL(); } catch (CryptoManager.NotInitializedException e) { - String[] params = {mId, e.toString()}; - EBaseException ex = new EBaseException( - CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = { mId, e.toString() }; + EBaseException ex = new EBaseException(CMS.getUserMessage( + "CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", + ex.toString())); throw ex; } - + mInited = true; } public String getCipherVersion() throws EBaseException { - return "cipherdomestic"; + return "cipherdomestic"; } public String getCipherPreferences() throws EBaseException { @@ -363,36 +367,36 @@ public final class JssSubsystem implements ICryptoSubsystem { public String getECType(String certType) throws EBaseException { if (mSSLConfig != null) { // for SSL server, check the value of jss.ssl.sslserver.ectype - return mSSLConfig.getString(certType + "." + PROP_SSL_ECTYPE, "ECDHE"); + return mSSLConfig.getString(certType + "." + PROP_SSL_ECTYPE, + "ECDHE"); } else { return "ECDHE"; } } public String isCipherFortezza() throws EBaseException { - // we always display fortezza suites. - // too much work to display tokens/certs corresponding to the - // suites. + // we always display fortezza suites. + // too much work to display tokens/certs corresponding to the + // suites. return "true"; } void installProvider() { int position = java.security.Security.insertProviderAt( - new com.netscape.cmscore.security.Provider(), - 1); + new com.netscape.cmscore.security.Provider(), 1); if (position == -1) { Debug.trace("Unable to install CMS provider"); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_INSTALL_PROVIDER")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_INSTALL_PROVIDER")); } } - public void setCipherPreferences(String cipherPrefs) - throws EBaseException { + public void setCipherPreferences(String cipherPrefs) throws EBaseException { if (mSSLConfig != null) { if (cipherPrefs.equals("")) - throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_EMPTY_CIPHERPREFS")); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_NO_EMPTY_CIPHERPREFS")); mSSLConfig.putString(Constants.PR_CIPHER_PREF, cipherPrefs); } } @@ -402,7 +406,7 @@ public final class JssSubsystem implements ICryptoSubsystem { * */ private void initSSL() throws EBaseException { - // JSS will AND what is set and what is allowed by export policy + // JSS will AND what is set and what is allowed by export policy // so we can set what is requested. try { @@ -418,11 +422,11 @@ public final class JssSubsystem implements ICryptoSubsystem { if (Debug.ON) Debug.trace("configured ssl cipher prefs is " + sslCiphers); - // first, disable all ciphers, since JSS defaults to all-enabled + // first, disable all ciphers, since JSS defaults to all-enabled for (int i = mJSSCipherSuites.length - 1; i >= 0; i--) { try { - SSLSocket.setCipherPreferenceDefault(mJSSCipherSuites[i], - false); + SSLSocket + .setCipherPreferenceDefault(mJSSCipherSuites[i], false); } catch (SocketException e) { } } @@ -433,9 +437,10 @@ public final class JssSubsystem implements ICryptoSubsystem { StringTokenizer ciphers = new StringTokenizer(sslCiphers, ","); if (!ciphers.hasMoreTokens()) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_INVALID_CIPHER", sslCiphers)); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY", PROP_SSL_CIPHERPREF)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_SECURITY_INVALID_CIPHER", sslCiphers)); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_INVALID_PROPERTY", PROP_SSL_CIPHERPREF)); } while (ciphers.hasMoreTokens()) { String cipher = ciphers.nextToken(); @@ -444,13 +449,13 @@ public final class JssSubsystem implements ICryptoSubsystem { if (sslcipher != null) { String msg = "setting ssl cipher " + cipher; - CMS.debug("JSSSubsystem: initSSL(): "+msg); + CMS.debug("JSSSubsystem: initSSL(): " + msg); log(ILogger.LL_INFO, msg); if (Debug.ON) Debug.trace(msg); try { SSLSocket.setCipherPreferenceDefault( - sslcipher.intValue(), true); + sslcipher.intValue(), true); } catch (SocketException e) { } } @@ -458,7 +463,7 @@ public final class JssSubsystem implements ICryptoSubsystem { } } - + /** * Retrieves a configuration store of this subsystem. * <P> @@ -472,26 +477,26 @@ public final class JssSubsystem implements ICryptoSubsystem { */ public void startup() throws EBaseException { } - + /** * Shutdowns this subsystem. * <P> */ public void shutdown() { try { - // After talking to NSS teamm, we should not call close databases - // which will call NSS_Shutdown. Web Server will call NSS_Shutdown - boolean isClosing = mConfig.getBoolean("closeDatabases", false); - if (isClosing) { - JSSDatabaseCloser closer = new JSSDatabaseCloser(); - closer.closeDatabases(); - } + // After talking to NSS teamm, we should not call close databases + // which will call NSS_Shutdown. Web Server will call NSS_Shutdown + boolean isClosing = mConfig.getBoolean("closeDatabases", false); + if (isClosing) { + JSSDatabaseCloser closer = new JSSDatabaseCloser(); + closer.closeDatabases(); + } } catch (Exception e) { } } public void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "JSS " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "JSS " + msg); } public PasswordCallback getPWCB() { @@ -505,11 +510,13 @@ public final class JssSubsystem implements ICryptoSubsystem { try { name = c.getName(); } catch (TokenException e) { - String[] params = {mId, e.toString()}; - EBaseException ex = new EBaseException( - CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = { mId, e.toString() }; + EBaseException ex = new EBaseException(CMS.getUserMessage( + "CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", + ex.toString())); throw ex; } @@ -526,26 +533,29 @@ public final class JssSubsystem implements ICryptoSubsystem { CryptoToken c = (CryptoToken) tokens.nextElement(); // skip builtin object token - if (c.getName() != null && c.getName().equals("Builtin Object Token")) { + if (c.getName() != null + && c.getName().equals("Builtin Object Token")) { continue; } if (num++ == 0) - tokenList = tokenList + c.getName(); - else + tokenList = tokenList + c.getName(); + else tokenList = tokenList + "," + c.getName(); } } catch (TokenException e) { - String[] params = {mId, e.toString()}; - EBaseException ex = new EBaseException( - CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = { mId, e.toString() }; + EBaseException ex = new EBaseException(CMS.getUserMessage( + "CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", + ex.toString())); throw ex; } - if (tokenList.equals("")) - return Constants.PR_INTERNAL_TOKEN; + if (tokenList.equals("")) + return Constants.PR_INTERNAL_TOKEN; else return (tokenList + "," + Constants.PR_INTERNAL_TOKEN); } @@ -558,48 +568,74 @@ public final class JssSubsystem implements ICryptoSubsystem { return ctoken.isLoggedIn(); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", + e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR")); } catch (NoSuchTokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", "")); } } - public void loggedInToken(String tokenName, String pwd) throws EBaseException { + public void loggedInToken(String tokenName, String pwd) + throws EBaseException { try { CryptoToken ctoken = mCryptoManager.getTokenByName(tokenName); Password clk = new Password(pwd.toCharArray()); ctoken.login(clk); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", + e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR")); } catch (IncorrectPasswordException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_LOGIN_FAILED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_LOGIN_FAILED")); } catch (NoSuchTokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", "")); } } - public String getCertSubjectName(String tokenname, String nickname) - throws EBaseException { + public String getCertSubjectName(String tokenname, String nickname) + throws EBaseException { try { return KeyCertUtil.getCertSubjectName(tokenname, nickname); } catch (NoSuchTokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + "")); } } @@ -624,18 +660,21 @@ public final class JssSubsystem implements ICryptoSubsystem { } } } catch (TokenException e) { - String[] params = {mId, e.toString()}; - EBaseException ex = new EBaseException( - CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = { mId, e.toString() }; + EBaseException ex = new EBaseException(CMS.getUserMessage( + "CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", + ex.toString())); throw ex; } return certNames; } - public String getCertListWithoutTokenName(String name) throws EBaseException { + public String getCertListWithoutTokenName(String name) + throws EBaseException { CryptoToken c = null; String certNames = ""; @@ -653,7 +692,7 @@ public final class JssSubsystem implements ICryptoSubsystem { if (list == null) return ""; - + for (int i = 0; i < list.length; i++) { String nickname = list[i].getNickname(); int index = nickname.indexOf(":"); @@ -670,18 +709,22 @@ public final class JssSubsystem implements ICryptoSubsystem { return ""; } catch (TokenException e) { - String[] params = {mId, e.toString()}; - EBaseException ex = new EBaseException( - CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = { mId, e.toString() }; + EBaseException ex = new EBaseException(CMS.getUserMessage( + "CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", + ex.toString())); throw ex; } catch (NoSuchTokenException e) { - String[] params = {mId, e.toString()}; - EBaseException ex = new EBaseException( - CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = { mId, e.toString() }; + EBaseException ex = new EBaseException(CMS.getUserMessage( + "CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", + ex.toString())); throw ex; } } @@ -704,7 +747,7 @@ public final class JssSubsystem implements ICryptoSubsystem { if (list == null) return ""; - + for (int i = 0; i < list.length; i++) { String nickname = list[i].getNickname(); @@ -718,24 +761,28 @@ public final class JssSubsystem implements ICryptoSubsystem { return ""; } catch (TokenException e) { - String[] params = {mId, e.toString()}; - EBaseException ex = new EBaseException( - CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = { mId, e.toString() }; + EBaseException ex = new EBaseException(CMS.getUserMessage( + "CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", + ex.toString())); throw ex; } catch (NoSuchTokenException e) { - String[] params = {mId, e.toString()}; - EBaseException ex = new EBaseException( - CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = { mId, e.toString() }; + EBaseException ex = new EBaseException(CMS.getUserMessage( + "CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", + ex.toString())); throw ex; } } - public AlgorithmId getAlgorithmId(String algname, IConfigStore store) - throws EBaseException { + public AlgorithmId getAlgorithmId(String algname, IConfigStore store) + throws EBaseException { try { if (algname.equals("DSA")) { byte[] p = store.getByteArray("ca.dsaP", null); @@ -752,60 +799,72 @@ public final class JssSubsystem implements ICryptoSubsystem { } return AlgorithmId.getAlgorithmId(algname); } catch (NoSuchAlgorithmException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", "")); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_ALG_NOT_SUPPORTED", "")); } } public String getSignatureAlgorithm(String nickname) throws EBaseException { try { - X509Certificate cert = - CryptoManager.getInstance().findCertByNickname(nickname); + X509Certificate cert = CryptoManager.getInstance() + .findCertByNickname(nickname); X509CertImpl impl = new X509CertImpl(cert.getEncoded()); return impl.getSigAlgName(); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (ObjectNotFoundException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); - } + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + "")); + } } public KeyPair getKeyPair(String nickname) throws EBaseException { try { - X509Certificate cert = - CryptoManager.getInstance().findCertByNickname(nickname); - PrivateKey priKey = - CryptoManager.getInstance().findPrivKeyByCert(cert); + X509Certificate cert = CryptoManager.getInstance() + .findCertByNickname(nickname); + PrivateKey priKey = CryptoManager.getInstance().findPrivKeyByCert( + cert); PublicKey publicKey = cert.getPublicKey(); return new KeyPair(publicKey, priKey); } catch (NotInitializedException e) { log(ILogger.LL_FAILURE, "Key Pair Error " + e); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (ObjectNotFoundException e) { log(ILogger.LL_FAILURE, "Key Pair Error " + e); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); } catch (TokenException e) { log(ILogger.LL_FAILURE, "Key Pair Error " + e); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", "")); } } - public KeyPair getKeyPair(String tokenName, String alg, - int keySize) throws EBaseException { + public KeyPair getKeyPair(String tokenName, String alg, int keySize) + throws EBaseException { return getKeyPair(tokenName, alg, keySize, null); } - public KeyPair getKeyPair(String tokenName, String alg, - int keySize, PQGParams pqg) throws EBaseException { + public KeyPair getKeyPair(String tokenName, String alg, int keySize, + PQGParams pqg) throws EBaseException { String t = tokenName; if (tokenName.equals(Constants.PR_INTERNAL_TOKEN)) @@ -813,12 +872,13 @@ public final class JssSubsystem implements ICryptoSubsystem { CryptoToken token = null; try { - token = mCryptoManager.getTokenByName(t); + token = mCryptoManager.getTokenByName(t); } catch (NoSuchTokenException e) { log(ILogger.LL_FAILURE, "Generate Key Pair Error " + e); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", tokenName)); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", tokenName)); } - + KeyPairAlgorithm kpAlg = null; if (alg.equals("RSA")) @@ -828,26 +888,35 @@ public final class JssSubsystem implements ICryptoSubsystem { } try { - KeyPair kp = KeyCertUtil.generateKeyPair(token, kpAlg, keySize, pqg); + KeyPair kp = KeyCertUtil + .generateKeyPair(token, kpAlg, keySize, pqg); return kp; } catch (InvalidParameterException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEYSIZE_PARAMS", - "" + keySize)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_SECURITY_KEY_PAIR", e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_INVALID_KEYSIZE_PARAMS", "" + keySize)); } catch (PQGParamGenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_SECURITY_KEY_PAIR", e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", - kpAlg.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_SECURITY_KEY_PAIR", e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_ALG_NOT_SUPPORTED", kpAlg.toString())); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_KEY_GEN_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_SECURITY_KEY_PAIR", e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_KEY_GEN_FAILED")); } catch (InvalidAlgorithmParameterException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", "DSA")); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_SECURITY_KEY_PAIR", e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_ALG_NOT_SUPPORTED", "DSA")); } } @@ -855,69 +924,108 @@ public final class JssSubsystem implements ICryptoSubsystem { try { X500Name name = new X500Name(dn); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_X500_NAME", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_X500_NAME", dn)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_X500_NAME", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_INVALID_X500_NAME", dn)); } } - public String getCertRequest(String subjectName, KeyPair kp) - throws EBaseException { + public String getCertRequest(String subjectName, KeyPair kp) + throws EBaseException { try { - netscape.security.pkcs.PKCS10 pkcs = - KeyCertUtil.getCertRequest(subjectName, kp); + netscape.security.pkcs.PKCS10 pkcs = KeyCertUtil.getCertRequest( + subjectName, kp); ByteArrayOutputStream bs = new ByteArrayOutputStream(); PrintStream ps = new PrintStream(bs); pkcs.print(ps); return bs.toString(); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_ALG_NOT_SUPPORTED", "")); } catch (NoSuchProviderException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_PROVIDER_NOT_SUPPORTED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_PROVIDER_NOT_SUPPORTED")); } catch (InvalidKeyException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", + e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY")); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_REQ_FAILED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CERT_REQ_FAILED")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_INVALID_CERT", e.toString())); } catch (SignatureException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_SIGNATURE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_INVALID_SIGNATURE")); } } - public void importCert(String b64E, String nickname, String certType) - throws EBaseException { + public void importCert(String b64E, String nickname, String certType) + throws EBaseException { try { KeyCertUtil.importCert(b64E, nickname, certType); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { String eString = e.toString(); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); - if (eString.contains("Failed to find certificate that was just imported")) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", + e.toString())); + if (eString + .contains("Failed to find certificate that was just imported")) { throw new EBaseException(eString); } else { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", "")); } } catch (UserCertConflictException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_USERCERT_CONFLICT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_USERCERT_CONFLICT")); } catch (NicknameConflictException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_NICKNAME_CONFLICT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_NICKNAME_CONFLICT")); } catch (NoSuchItemOnTokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } } @@ -928,8 +1036,7 @@ public final class JssSubsystem implements ICryptoSubsystem { String tmp = (String) properties.get(Constants.PR_TOKEN_NAME); - if ((tmp != null) && - (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) + if ((tmp != null) && (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) tokenname = tmp; tmp = (String) properties.get(Constants.PR_KEY_TYPE); if (tmp != null) @@ -951,9 +1058,9 @@ public final class JssSubsystem implements ICryptoSubsystem { KeyPair pair = null; String tmp = (String) properties.get(Constants.PR_TOKEN_NAME); - if (tmp != null) + if (tmp != null) token = tmp; - + tmp = (String) properties.get(Constants.PR_KEY_CURVENAME); if (tmp != null) keyCurve = tmp; @@ -964,77 +1071,110 @@ public final class JssSubsystem implements ICryptoSubsystem { return pair; } - - public KeyPair getECCKeyPair(String token, String keyCurve, String certType) throws EBaseException { + + public KeyPair getECCKeyPair(String token, String keyCurve, String certType) + throws EBaseException { KeyPair pair = null; if ((token == null) || (token.equals(""))) token = Constants.PR_INTERNAL_TOKEN_NAME; if ((keyCurve == null) || (keyCurve.equals(""))) - keyCurve = "nistp512"; + keyCurve = "nistp512"; String ectype = getECType(certType); // ECDHE needs "SIGN" but no "DERIVE" - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE - }; + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE }; // ECDH needs "DERIVE" but no any kind of "SIGN" org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = { - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, - }; + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, }; try { - if (ectype.equals("ECDHE")) - pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, usages_mask); + if (ectype.equals("ECDHE")) + pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, + usages_mask); else - pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, ECDH_usages_mask); + pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, + ECDH_usages_mask); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (NoSuchTokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_SUCH_ALGORITHM", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_NO_SUCH_ALGORITHM", e.toString())); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", "")); } return pair; - } + } public void importCert(X509CertImpl signedCert, String nickname, - String certType) throws EBaseException { + String certType) throws EBaseException { try { KeyCertUtil.importCert(signedCert, nickname, certType); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_ENCODE_CERT_FAILED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_ENCODE_CERT_FAILED")); } catch (UserCertConflictException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_USERCERT_CONFLICT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_USERCERT_CONFLICT")); } catch (NicknameConflictException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_NICKNAME_CONFLICT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_NICKNAME_CONFLICT")); } catch (NoSuchItemOnTokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_ENCODE_CERT_FAILED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_ENCODE_CERT_FAILED")); } } @@ -1044,70 +1184,94 @@ public final class JssSubsystem implements ICryptoSubsystem { X509CertImpl impl = new X509CertImpl(b); NameValuePairs results = new NameValuePairs(); - results.add(Constants.PR_CERT_SUBJECT_NAME, impl.getSubjectDN().getName()); + results.add(Constants.PR_CERT_SUBJECT_NAME, impl.getSubjectDN() + .getName()); results.add(Constants.PR_ISSUER_NAME, impl.getIssuerDN().getName()); - results.add(Constants.PR_SERIAL_NUMBER, impl.getSerialNumber().toString()); - results.add(Constants.PR_BEFORE_VALIDDATE, impl.getNotBefore().toString()); - results.add(Constants.PR_AFTER_VALIDDATE, impl.getNotAfter().toString()); + results.add(Constants.PR_SERIAL_NUMBER, impl.getSerialNumber() + .toString()); + results.add(Constants.PR_BEFORE_VALIDDATE, impl.getNotBefore() + .toString()); + results.add(Constants.PR_AFTER_VALIDDATE, impl.getNotAfter() + .toString()); // fingerprint is using MD5 hash return results; } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_INFO", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_CERT_INFO", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_INFO", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_CERT_INFO", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); } } - public void deleteUserCert(String nickname, String serialno, String issuername) - throws EBaseException { + public void deleteUserCert(String nickname, String serialno, + String issuername) throws EBaseException { try { - X509Certificate cert = getCertificate(nickname, serialno, issuername); + X509Certificate cert = getCertificate(nickname, serialno, + issuername); if (cert instanceof TokenCertificate) { TokenCertificate tcert = (TokenCertificate) cert; CryptoStore store = tcert.getOwningToken().getCryptoStore(); -CMS.debug("*** deleting this token cert"); + CMS.debug("*** deleting this token cert"); tcert.getOwningToken().getCryptoStore().deleteCert(tcert); -CMS.debug("*** finish deleting this token cert"); + CMS.debug("*** finish deleting this token cert"); } else { - CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken(); - CryptoStore store = token.getCryptoStore(); + CryptoToken token = CryptoManager.getInstance() + .getInternalKeyStorageToken(); + CryptoStore store = token.getCryptoStore(); -CMS.debug("*** deleting this interna cert"); - store.deleteCert(cert); -CMS.debug("*** removing this interna cert"); + CMS.debug("*** deleting this interna cert"); + store.deleteCert(cert); + CMS.debug("*** removing this interna cert"); } } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NoSuchItemOnTokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } } - public void deleteRootCert(String nickname, String serialno, - String issuername) throws EBaseException { + public void deleteRootCert(String nickname, String serialno, + String issuername) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = nickname.substring(index+1); + nickname = nickname.substring(index + 1); } try { if (mNicknameMapCertsTable != null) { - X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname); + X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable + .get(nickname); if (certs == null) { - EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + EBaseException e = new EBaseException( + CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CA_CERT", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_SECURITY_DELETE_CA_CERT", e.toString())); throw e; } else { for (int i = 0; i < certs.length; i++) { @@ -1115,24 +1279,27 @@ CMS.debug("*** removing this interna cert"); X509CertImpl impl = new X509CertImpl(cert.getEncoded()); String num = impl.getSerialNumber().toString(); String issuer = impl.getIssuerDN().toString(); -CMS.debug("*** num "+num); -CMS.debug("*** issuer "+issuer); + CMS.debug("*** num " + num); + CMS.debug("*** issuer " + issuer); if (num.equals(serialno) && issuername.equals(issuer)) { -CMS.debug("*** removing root cert"); + CMS.debug("*** removing root cert"); if (cert instanceof TokenCertificate) { TokenCertificate tcert = (TokenCertificate) cert; - CryptoStore store = tcert.getOwningToken().getCryptoStore(); - -CMS.debug("*** deleting this token cert"); - tcert.getOwningToken().getCryptoStore().deleteCert(tcert); -CMS.debug("*** finish deleting this token cert"); + CryptoStore store = tcert.getOwningToken() + .getCryptoStore(); + + CMS.debug("*** deleting this token cert"); + tcert.getOwningToken().getCryptoStore() + .deleteCert(tcert); + CMS.debug("*** finish deleting this token cert"); } else { - CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken(); + CryptoToken token = CryptoManager.getInstance() + .getInternalKeyStorageToken(); CryptoStore store = token.getCryptoStore(); - -CMS.debug("*** deleting this interna cert"); + + CMS.debug("*** deleting this interna cert"); store.deleteCert(cert); -CMS.debug("*** removing this interna cert"); + CMS.debug("*** removing this interna cert"); } mNicknameMapCertsTable.remove(nickname); break; @@ -1142,17 +1309,29 @@ CMS.debug("*** removing this interna cert"); } } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NoSuchItemOnTokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + e.toString())); } } @@ -1175,14 +1354,15 @@ CMS.debug("*** removing this interna cert"); for (int i = 0; i < list.length; i++) { try { - PrivateKey key = - CryptoManager.getInstance().findPrivKeyByCert(list[i]); + PrivateKey key = CryptoManager.getInstance() + .findPrivKeyByCert(list[i]); Debug.trace("JssSubsystem getRootCerts: find private key " - +list[i].getNickname()); + + list[i].getNickname()); } catch (ObjectNotFoundException e) { String nickname = list[i].getNickname(); - if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = Constants.PR_INTERNAL_TOKEN_NAME+":"+nickname; + if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { + nickname = Constants.PR_INTERNAL_TOKEN_NAME + ":" + + nickname; } X509CertImpl impl = null; @@ -1203,14 +1383,15 @@ CMS.debug("*** removing this interna cert"); } String serialno = impl.getSerialNumber().toString(); String issuer = impl.getIssuerDN().toString(); - nvps.add(nickname+","+serialno, issuer); - Debug.trace("getRootCerts: nickname="+nickname+", serialno="+ - serialno+", issuer="+issuer); + nvps.add(nickname + "," + serialno, issuer); + Debug.trace("getRootCerts: nickname=" + nickname + + ", serialno=" + serialno + ", issuer=" + + issuer); continue; } catch (CryptoManager.NotInitializedException e) { continue; } - } + } // convert hashtable of vectors to hashtable of arrays Enumeration elms = vecTable.keys(); @@ -1224,8 +1405,11 @@ CMS.debug("*** removing this interna cert"); } } } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + "")); } return nvps; @@ -1246,16 +1430,18 @@ CMS.debug("*** removing this interna cert"); for (int i = 0; i < list.length; i++) { try { - PrivateKey key = - CryptoManager.getInstance().findPrivKeyByCert(list[i]); + PrivateKey key = CryptoManager.getInstance() + .findPrivKeyByCert(list[i]); String nickname = list[i].getNickname(); - if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME) || - tokenName.equals(Constants.PR_FULL_INTERNAL_TOKEN_NAME)) { - nickname = Constants.PR_INTERNAL_TOKEN_NAME+":"+nickname; + if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME) + || tokenName + .equals(Constants.PR_FULL_INTERNAL_TOKEN_NAME)) { + nickname = Constants.PR_INTERNAL_TOKEN_NAME + ":" + + nickname; } X509CertImpl impl = null; - try { + try { impl = new X509CertImpl(list[i].getEncoded()); } catch (CertificateException e) { // skip bad certificate @@ -1264,21 +1450,25 @@ CMS.debug("*** removing this interna cert"); } String serialno = impl.getSerialNumber().toString(); String issuer = impl.getIssuerDN().toString(); - nvps.add(nickname+","+serialno, issuer); - Debug.trace("getUserCerts: nickname="+nickname+", serialno="+ - serialno+", issuer="+issuer); + nvps.add(nickname + "," + serialno, issuer); + Debug.trace("getUserCerts: nickname=" + nickname + + ", serialno=" + serialno + ", issuer=" + + issuer); } catch (ObjectNotFoundException e) { Debug.trace("JssSubsystem getUserCerts: cant find private key " - +list[i].getNickname()); + + list[i].getNickname()); continue; } catch (CryptoManager.NotInitializedException e) { continue; } - } + } } } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + "")); } return nvps; @@ -1291,8 +1481,8 @@ CMS.debug("*** removing this interna cert"); public NameValuePairs getAllCertsManage() throws EBaseException { /* - * first get all CA certs (internal only), - * then all user certs (both internal and external) + * first get all CA certs (internal only), then all user certs (both + * internal and external) */ NameValuePairs pairs = getCACerts(); @@ -1312,14 +1502,14 @@ CMS.debug("*** removing this interna cert"); for (int i = 0; i < list.length; i++) { String nickname = list[i].getNickname(); - X509Certificate[] certificates = - CryptoManager.getInstance().findCertsByNickname(nickname); + X509Certificate[] certificates = CryptoManager + .getInstance().findCertsByNickname(nickname); mNicknameMapUserCertsTable.put(nickname, certificates); X509CertImpl impl = null; - try { + try { impl = new X509CertImpl(list[i].getEncoded()); } catch (CertificateException e) { // skip bad certificate @@ -1330,7 +1520,7 @@ CMS.debug("*** removing this interna cert"); String dateStr = mFormatter.format(date); NameValuePair pair = pairs.getPair(nickname); - /* always user cert here*/ + /* always user cert here */ String certValue = dateStr + "," + "u"; if (pair == null) @@ -1341,19 +1531,27 @@ CMS.debug("*** removing this interna cert"); if (vvalue.endsWith(",u")) { pair.setValue(vvalue + ";" + certValue); } - } + } } } /* while */ } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); // } catch (CertificateException e) { - // log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString())); - // throw new EBaseException(BaseResources.CERT_ERROR); + // log(ILogger.LL_FAILURE, + // CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", + // e.toString())); + // throw new EBaseException(BaseResources.CERT_ERROR); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + "")); } return pairs; @@ -1362,26 +1560,28 @@ CMS.debug("*** removing this interna cert"); public NameValuePairs getCACerts() throws EBaseException { NameValuePairs pairs = new NameValuePairs(); - //InternalCertificate[] certs; + // InternalCertificate[] certs; X509Certificate[] certs; try { - certs = - CryptoManager.getInstance().getCACerts(); + certs = CryptoManager.getInstance().getCACerts(); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } - if( mNicknameMapCertsTable == null ) { - CMS.debug( "JssSubsystem::getCACerts() - " - + "mNicknameMapCertsTable is null!" ); - throw new EBaseException( "mNicknameMapCertsTable is null" ); + if (mNicknameMapCertsTable == null) { + CMS.debug("JssSubsystem::getCACerts() - " + + "mNicknameMapCertsTable is null!"); + throw new EBaseException("mNicknameMapCertsTable is null"); } else { mNicknameMapCertsTable.clear(); } - // a temp hashtable with vectors + // a temp hashtable with vectors Hashtable vecTable = new Hashtable(); for (int i = 0; i < certs.length; i++) { @@ -1411,12 +1611,13 @@ CMS.debug("*** removing this interna cert"); mNicknameMapCertsTable.put(key, a); } - Enumeration keys = mNicknameMapCertsTable.keys(); + Enumeration keys = mNicknameMapCertsTable.keys(); while (keys.hasMoreElements()) { String nickname = (String) keys.nextElement(); - X509Certificate[] value = (X509Certificate[]) mNicknameMapCertsTable.get(nickname); - + X509Certificate[] value = (X509Certificate[]) mNicknameMapCertsTable + .get(nickname); + for (int i = 0; i < value.length; i++) { InternalCertificate icert = null; @@ -1426,14 +1627,13 @@ CMS.debug("*** removing this interna cert"); Debug.trace("cert is not an InternalCertificate"); Debug.trace("nickname: " + nickname + " index " + i); Debug.trace("cert: " + value[i]); - continue; + continue; } - + int flag = icert.getSSLTrust(); String trust = "U"; - if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == - InternalCertificate.TRUSTED_CLIENT_CA) + if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == InternalCertificate.TRUSTED_CLIENT_CA) trust = "T"; X509CertImpl impl = null; @@ -1450,96 +1650,122 @@ CMS.debug("*** removing this interna cert"); String vvalue = pair.getValue(); pair.setValue(vvalue + ";" + certValue); - } + } } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT_FOR", nickname, e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_SECURITY_GET_CA_CERT_FOR", nickname, + e.toString())); // allow it to continue with other certs even if one blows // up - // throw new EBaseException(BaseResources.CERT_ERROR); + // throw new EBaseException(BaseResources.CERT_ERROR); } } } return pairs; } - public void trustCert(String nickname, String date, String trust) throws - EBaseException { + public void trustCert(String nickname, String date, String trust) + throws EBaseException { try { if (mNicknameMapCertsTable != null) { - X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname); + X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable + .get(nickname); if (certs == null) { - EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + EBaseException e = new EBaseException( + CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", + e.toString())); throw e; } else { for (int i = 0; i < certs.length; i++) { X509Certificate cert = certs[i]; - X509CertImpl certImpl = new X509CertImpl(cert.getEncoded()); + X509CertImpl certImpl = new X509CertImpl( + cert.getEncoded()); Date notAfter = certImpl.getNotAfter(); Date qualifier = mFormatter.parse(date); if (notAfter.equals(qualifier)) { if (cert instanceof InternalCertificate) { if (trust.equals("Trust")) { - int trustflag = InternalCertificate.TRUSTED_CA | - InternalCertificate.TRUSTED_CLIENT_CA | - InternalCertificate.VALID_CA; + int trustflag = InternalCertificate.TRUSTED_CA + | InternalCertificate.TRUSTED_CLIENT_CA + | InternalCertificate.VALID_CA; - ((InternalCertificate) cert).setSSLTrust(trustflag); + ((InternalCertificate) cert) + .setSSLTrust(trustflag); } else - ((InternalCertificate) cert).setSSLTrust(InternalCertificate.VALID_CA); + ((InternalCertificate) cert) + .setSSLTrust(InternalCertificate.VALID_CA); break; } else { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_CERT_ERROR", "")); } } } } } - } catch (ParseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + } catch (ParseException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + e.toString())); } } /** * Delete the CA certificate from the perm database. + * * @param nickname The nickname of the CA certificate. - * @param notAfterTime The notAfter of the certificate. It is possible to get multiple - * certificates under the same nickname. If one of the certificates match the notAfterTime, - * then the certificate will get deleted. The format of the notAfterTime has to be - * in "MMMMM dd, yyyy HH:mm:ss" format. - */ - public void deleteCACert(String nickname, String notAfterTime) throws EBaseException { + * @param notAfterTime The notAfter of the certificate. It is possible to + * get multiple certificates under the same nickname. If one of + * the certificates match the notAfterTime, then the certificate + * will get deleted. The format of the notAfterTime has to be in + * "MMMMM dd, yyyy HH:mm:ss" format. + */ + public void deleteCACert(String nickname, String notAfterTime) + throws EBaseException { try { if (mNicknameMapCertsTable != null) { - X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname); + X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable + .get(nickname); if (certs == null) { - EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + EBaseException e = new EBaseException( + CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CA_CERT", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_SECURITY_DELETE_CA_CERT", e.toString())); throw e; } else { for (int i = 0; i < certs.length; i++) { X509Certificate cert = certs[i]; - X509CertImpl certImpl = new X509CertImpl(cert.getEncoded()); + X509CertImpl certImpl = new X509CertImpl( + cert.getEncoded()); Date notAfter = certImpl.getNotAfter(); Date qualifier = mFormatter.parse(notAfterTime); if (notAfter.equals(qualifier)) { if (cert instanceof TokenCertificate) { TokenCertificate tcert = (TokenCertificate) cert; - CryptoStore store = tcert.getOwningToken().getCryptoStore(); + CryptoStore store = tcert.getOwningToken() + .getCryptoStore(); - tcert.getOwningToken().getCryptoStore().deleteCert(tcert); + tcert.getOwningToken().getCryptoStore() + .deleteCert(tcert); } else { - CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken(); + CryptoToken token = CryptoManager.getInstance() + .getInternalKeyStorageToken(); CryptoStore store = token.getCryptoStore(); store.deleteCert(cert); @@ -1551,45 +1777,64 @@ CMS.debug("*** removing this interna cert"); } } } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NoSuchItemOnTokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } catch (ParseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + e.toString())); } } /** * Delete any certificate from the any token. + * * @param nickname The nickname of the certificate. - * @param notAfterTime The notAfter of the certificate. It is possible to get multiple - * certificates under the same nickname. If one of the certificates match the notAfterTime, - * then the certificate will get deleted. The format of the notAfterTime has to be - * in "MMMMM dd, yyyy HH:mm:ss" format. - */ - public void deleteCert(String nickname, String notAfterTime) throws EBaseException { + * @param notAfterTime The notAfter of the certificate. It is possible to + * get multiple certificates under the same nickname. If one of + * the certificates match the notAfterTime, then the certificate + * will get deleted. The format of the notAfterTime has to be in + * "MMMMM dd, yyyy HH:mm:ss" format. + */ + public void deleteCert(String nickname, String notAfterTime) + throws EBaseException { boolean isUserCert = false; - X509Certificate[] certs = null;; + X509Certificate[] certs = null; + ; try { if (mNicknameMapCertsTable != null) { - certs = - (X509Certificate[]) mNicknameMapCertsTable.get(nickname); + certs = (X509Certificate[]) mNicknameMapCertsTable + .get(nickname); } if (certs == null) { if (mNicknameMapUserCertsTable != null) { - certs = - (X509Certificate[]) mNicknameMapUserCertsTable.get(nickname); + certs = (X509Certificate[]) mNicknameMapUserCertsTable + .get(nickname); if (certs != null) { CMS.debug("in mNicknameMapUserCertsTable, isUserCert is true"); isUserCert = true; @@ -1600,9 +1845,12 @@ CMS.debug("*** removing this interna cert"); } if (certs == null) { - EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + EBaseException e = new EBaseException( + CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); throw e; } else { @@ -1615,11 +1863,14 @@ CMS.debug("*** removing this interna cert"); if (notAfter.equals(qualifier)) { if (cert instanceof TokenCertificate) { TokenCertificate tcert = (TokenCertificate) cert; - CryptoStore store = tcert.getOwningToken().getCryptoStore(); + CryptoStore store = tcert.getOwningToken() + .getCryptoStore(); - tcert.getOwningToken().getCryptoStore().deleteCert(tcert); + tcert.getOwningToken().getCryptoStore() + .deleteCert(tcert); } else { - CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken(); + CryptoToken token = CryptoManager.getInstance() + .getInternalKeyStorageToken(); CryptoStore store = token.getCryptoStore(); store.deleteCert(cert); @@ -1635,33 +1886,51 @@ CMS.debug("*** removing this interna cert"); } } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NoSuchItemOnTokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } catch (ParseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + e.toString())); } } - public void deleteTokenCertificate(String nickname, String pathname) throws EBaseException { + public void deleteTokenCertificate(String nickname, String pathname) + throws EBaseException { try { - X509Certificate cert = CryptoManager.getInstance().findCertByNickname(nickname); + X509Certificate cert = CryptoManager.getInstance() + .findCertByNickname(nickname); String issuerName = cert.getSubjectDN().getName(); Principal principal = cert.getSubjectDN(); DN dn = new DN(principal.getName()); BigInteger serialno = cert.getSerialNumber(); String suffix = "." + System.currentTimeMillis(); String b64E = com.netscape.osutil.OSUtil.BtoA(cert.getEncoded()); - PrintStream stream = new PrintStream(new FileOutputStream(pathname + suffix)); + PrintStream stream = new PrintStream(new FileOutputStream(pathname + + suffix)); stream.println("-----BEGIN CERTIFICATE-----"); stream.print(b64E); @@ -1672,212 +1941,279 @@ CMS.debug("*** removing this interna cert"); CryptoStore store = tcert.getOwningToken().getCryptoStore(); tcert.getOwningToken().getCryptoStore().deleteCert(tcert); - } else - throw new EBaseException(CMS.getUserMessage("CMS_BASE_NOT_TOKEN_CERT")); + } else + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_NOT_TOKEN_CERT")); int index = nickname.indexOf(":"); - - // the deleted certificate is on the hardware token. We should delete the same one from + + // the deleted certificate is on the hardware token. We should + // delete the same one from // the internal token. if (index > 0) { - CryptoToken cToken = CryptoManager.getInstance().getInternalKeyStorageToken(); + CryptoToken cToken = CryptoManager.getInstance() + .getInternalKeyStorageToken(); CryptoStore store = cToken.getCryptoStore(); - X509Certificate[] allcerts = CryptoManager.getInstance().getCACerts(); + X509Certificate[] allcerts = CryptoManager.getInstance() + .getCACerts(); for (int i = 0; i < allcerts.length; i++) { try { - X509CertImpl certImpl = new X509CertImpl(allcerts[i].getEncoded()); - String certIssuerName = certImpl.getSubjectDN().getName(); + X509CertImpl certImpl = new X509CertImpl( + allcerts[i].getEncoded()); + String certIssuerName = certImpl.getSubjectDN() + .getName(); Principal certPrincipal = certImpl.getSubjectDN(); DN certdn = new DN(certPrincipal.getName()); BigInteger certSerialNo = certImpl.getSerialNumber(); - if (dn.equals(certdn) && certSerialNo.compareTo(serialno) == 0) { + if (dn.equals(certdn) + && certSerialNo.compareTo(serialno) == 0) { store.deleteCert(allcerts[i]); break; } } catch (Exception ee) { - Debug.trace("JssSubsystem:deleteTokenCertificate: " + ee.toString()); + Debug.trace("JssSubsystem:deleteTokenCertificate: " + + ee.toString()); } } } } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NoSuchItemOnTokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (ObjectNotFoundException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); - } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + e.toString())); + } catch (IOException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + e.toString())); } } public String getSubjectDN(String nickname) throws EBaseException { try { - X509Certificate cert = - CryptoManager.getInstance().findCertByNickname(nickname); + X509Certificate cert = CryptoManager.getInstance() + .findCertByNickname(nickname); X509CertImpl impl = new X509CertImpl(cert.getEncoded()); return impl.getSubjectDN().getName(); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (ObjectNotFoundException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + e.toString())); } } public void setRootCertTrust(String nickname, String serialno, - String issuerName, String trust) throws EBaseException { - + String issuerName, String trust) throws EBaseException { + X509Certificate cert = getCertificate(nickname, serialno, issuerName); if (cert instanceof InternalCertificate) { if (trust.equals("trust")) { - int trustflag = InternalCertificate.TRUSTED_CA | - InternalCertificate.TRUSTED_CLIENT_CA | - InternalCertificate.VALID_CA; + int trustflag = InternalCertificate.TRUSTED_CA + | InternalCertificate.TRUSTED_CLIENT_CA + | InternalCertificate.VALID_CA; ((InternalCertificate) cert).setSSLTrust(trustflag); } else { - ((InternalCertificate) cert).setSSLTrust(InternalCertificate.VALID_CA); + ((InternalCertificate) cert) + .setSSLTrust(InternalCertificate.VALID_CA); } } } public X509Certificate getCertificate(String nickname, String serialno, - String issuerName) throws EBaseException { + String issuerName) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = nickname.substring(index+1); + nickname = nickname.substring(index + 1); } try { - X509Certificate[] certs = - CryptoManager.getInstance().findCertsByNickname(nickname); + X509Certificate[] certs = CryptoManager.getInstance() + .findCertsByNickname(nickname); X509CertImpl impl = null; - int i=0; + int i = 0; if (certs != null && certs.length > 0) { for (; i < certs.length; i++) { impl = new X509CertImpl(certs[i].getEncoded()); - if (impl.getIssuerDN().toString().equals(issuerName) && - impl.getSerialNumber().toString().equals(serialno)) + if (impl.getIssuerDN().toString().equals(issuerName) + && impl.getSerialNumber().toString() + .equals(serialno)) return certs[i]; } } else { - EBaseException e = - new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + EBaseException e = new EBaseException( + CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); throw e; } } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", "")); + } catch (CertificateException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + e.toString())); } - + return null; } public String getRootCertTrustBit(String nickname, String serialno, - String issuerName) throws EBaseException { + String issuerName) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = nickname.substring(index+1); + nickname = nickname.substring(index + 1); } try { - X509Certificate[] certs = - CryptoManager.getInstance().findCertsByNickname(nickname); + X509Certificate[] certs = CryptoManager.getInstance() + .findCertsByNickname(nickname); X509CertImpl impl = null; - int i=0; + int i = 0; if (certs != null && certs.length > 0) { for (; i < certs.length; i++) { impl = new X509CertImpl(certs[i].getEncoded()); - if (impl.getIssuerDN().toString().equals(issuerName) && - impl.getSerialNumber().toString().equals(serialno)) + if (impl.getIssuerDN().toString().equals(issuerName) + && impl.getSerialNumber().toString() + .equals(serialno)) break; } } else { - EBaseException e = - new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + EBaseException e = new EBaseException( + CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); throw e; } String trust = "U"; if (certs[i] instanceof InternalCertificate) { - InternalCertificate icert = (InternalCertificate)certs[i]; + InternalCertificate icert = (InternalCertificate) certs[i]; int flag = icert.getSSLTrust(); - if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == - InternalCertificate.TRUSTED_CLIENT_CA) + if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == InternalCertificate.TRUSTED_CLIENT_CA) trust = "T"; - } else + } else trust = "N/A"; return trust; } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", "")); + } catch (CertificateException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + e.toString())); } } public String getCertPrettyPrint(String nickname, String serialno, - String issuerName, Locale locale) throws EBaseException { + String issuerName, Locale locale) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = nickname.substring(index+1); + nickname = nickname.substring(index + 1); } try { - X509Certificate[] certs = - CryptoManager.getInstance().findCertsByNickname(nickname); + X509Certificate[] certs = CryptoManager.getInstance() + .findCertsByNickname(nickname); X509CertImpl impl = null; if (certs != null && certs.length > 0) { for (int i = 0; i < certs.length; i++) { impl = new X509CertImpl(certs[i].getEncoded()); - if (impl.getIssuerDN().toString().equals(issuerName) && - impl.getSerialNumber().toString().equals(serialno)) + if (impl.getIssuerDN().toString().equals(issuerName) + && impl.getSerialNumber().toString() + .equals(serialno)) break; } } else { - EBaseException e = - new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + EBaseException e = new EBaseException( + CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); throw e; } CertPrettyPrint print = null; @@ -1890,86 +2226,114 @@ CMS.debug("*** removing this interna cert"); else return null; } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + e.toString())); } } - public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno, - String issuerName, Locale locale) throws EBaseException { + public String getCertPrettyPrintAndFingerPrint(String nickname, + String serialno, String issuerName, Locale locale) + throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = nickname.substring(index+1); + nickname = nickname.substring(index + 1); } try { - X509Certificate[] certs = - CryptoManager.getInstance().findCertsByNickname(nickname); + X509Certificate[] certs = CryptoManager.getInstance() + .findCertsByNickname(nickname); X509CertImpl impl = null; if (certs != null && certs.length > 0) { for (int i = 0; i < certs.length; i++) { impl = new X509CertImpl(certs[i].getEncoded()); - if (impl.getIssuerDN().toString().equals(issuerName) && - impl.getSerialNumber().toString().equals(serialno)) + if (impl.getIssuerDN().toString().equals(issuerName) + && impl.getSerialNumber().toString() + .equals(serialno)) break; } } else { - EBaseException e = - new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + EBaseException e = new EBaseException( + CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); throw e; } CertPrettyPrint print = null; - String fingerPrint = ""; + String fingerPrint = ""; if (impl != null) { print = new CertPrettyPrint(impl); - fingerPrint = CMS.getFingerPrints(impl.getEncoded()); - } + fingerPrint = CMS.getFingerPrints(impl.getEncoded()); + } if ((print != null) && (fingerPrint != "")) { - String pp = print.toString(locale) + "\n" + - "Certificate Fingerprints:"+ '\n' + fingerPrint; + String pp = print.toString(locale) + "\n" + + "Certificate Fingerprints:" + '\n' + fingerPrint; return pp; } else return null; } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + e.toString())); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_SUCH_ALGORITHM", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_NO_SUCH_ALGORITHM", e.toString())); } } - public String getCertPrettyPrint(String nickname, String date, - Locale locale) throws EBaseException { + public String getCertPrettyPrint(String nickname, String date, Locale locale) + throws EBaseException { try { - X509Certificate[] certs = - CryptoManager.getInstance().findCertsByNickname(nickname); + X509Certificate[] certs = CryptoManager.getInstance() + .findCertsByNickname(nickname); - if ((certs == null || certs.length == 0) && - mNicknameMapCertsTable != null) { - certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname); + if ((certs == null || certs.length == 0) + && mNicknameMapCertsTable != null) { + certs = (X509Certificate[]) mNicknameMapCertsTable + .get(nickname); } if (certs == null) { - EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + EBaseException e = new EBaseException( + CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); throw e; } X509CertImpl impl = null; @@ -1993,22 +2357,35 @@ CMS.debug("*** removing this interna cert"); else return null; } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + e.toString())); } catch (ParseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + e.toString())); } } - public String getCertPrettyPrint(String b64E, Locale locale) throws EBaseException { - try { + public String getCertPrettyPrint(String b64E, Locale locale) + throws EBaseException { + try { try { byte[] b = KeyCertUtil.convertB64EToByteArray(b64E); X509CertImpl impl = new X509CertImpl(b); @@ -2023,8 +2400,8 @@ CMS.debug("*** removing this interna cert"); String normalized = CertUtils.normalizeCertStr(noHeader); byte data[] = com.netscape.osutil.OSUtil.AtoB(normalized); - ContentInfo ci = (ContentInfo) - ASN1Util.decode(ContentInfo.getTemplate(), data); + ContentInfo ci = (ContentInfo) ASN1Util.decode( + ContentInfo.getTemplate(), data); if (!ci.getContentType().equals(ContentInfo.SIGNED_DATA)) { throw new CertificateException( @@ -2050,20 +2427,28 @@ CMS.debug("*** removing this interna cert"); return content; } } catch (InvalidBERException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - "Failed to decode")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + "Failed to decode")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.getMessage())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + e.getMessage())); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + "")); } } - public X509CertImpl getSignedCert(KeyCertData data, String certType, java.security.PrivateKey priKey) - throws EBaseException { + public X509CertImpl getSignedCert(KeyCertData data, String certType, + java.security.PrivateKey priKey) throws EBaseException { CertificateInfo cert = null; if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { @@ -2077,7 +2462,8 @@ CMS.debug("*** removing this interna cert"); } if (cert == null) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + "")); } X509CertInfo certInfo = null; @@ -2085,19 +2471,28 @@ CMS.debug("*** removing this interna cert"); try { certInfo = cert.getCertInfo(); - SignatureAlgorithm sigAlg = - (SignatureAlgorithm) data.get(Constants.PR_SIGNATURE_ALGORITHM); + SignatureAlgorithm sigAlg = (SignatureAlgorithm) data + .get(Constants.PR_SIGNATURE_ALGORITHM); signedCert = KeyCertUtil.signCert(priKey, certInfo, sigAlg); } catch (NoSuchTokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (PQGParamGenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); } return signedCert; @@ -2105,28 +2500,30 @@ CMS.debug("*** removing this interna cert"); public boolean isCACert(String fullNickname) throws EBaseException { try { - X509Certificate cert = mCryptoManager.findCertByNickname(fullNickname); + X509Certificate cert = mCryptoManager + .findCertByNickname(fullNickname); X509CertImpl impl = new X509CertImpl(cert.getEncoded()); - X509CertInfo certinfo = (X509CertInfo) impl.get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + X509CertInfo certinfo = (X509CertInfo) impl.get(X509CertImpl.NAME + + "." + X509CertImpl.INFO); if (certinfo == null) return false; else { - CertificateExtensions exts = - (CertificateExtensions) certinfo.get(X509CertInfo.EXTENSIONS); + CertificateExtensions exts = (CertificateExtensions) certinfo + .get(X509CertInfo.EXTENSIONS); if (exts == null) return false; else { try { - BasicConstraintsExtension ext = (BasicConstraintsExtension) - exts.get(BasicConstraintsExtension.NAME); + BasicConstraintsExtension ext = (BasicConstraintsExtension) exts + .get(BasicConstraintsExtension.NAME); if (ext == null) return false; else { - Boolean bool = (Boolean) ext.get(BasicConstraintsExtension.IS_CA); + Boolean bool = (Boolean) ext + .get(BasicConstraintsExtension.IS_CA); return bool.booleanValue(); } @@ -2136,42 +2533,69 @@ CMS.debug("*** removing this interna cert"); } } } catch (ObjectNotFoundException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", + e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR")); } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", + e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + "")); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); } } - public CertificateExtensions getExtensions(String tokenname, String nickname) - throws EBaseException { + public CertificateExtensions getExtensions(String tokenname, String nickname) + throws EBaseException { try { return KeyCertUtil.getExtensions(tokenname, nickname); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", + e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR")); } catch (ObjectNotFoundException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", + e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + "")); } } @@ -2179,8 +2603,10 @@ CMS.debug("*** removing this interna cert"); KeyCertUtil.checkCertificateExt(ext); } - public void checkKeyLength(String keyType, int keyLength, String certType, int minRSAKeyLen) throws EBaseException { - // KeyCertUtil.checkKeyLength(keyType, keyLength, certType, minRSAKeyLen); + public void checkKeyLength(String keyType, int keyLength, String certType, + int minRSAKeyLen) throws EBaseException { + // KeyCertUtil.checkKeyLength(keyType, keyLength, certType, + // minRSAKeyLen); } public PQGParams getPQG(int keysize) { @@ -2188,25 +2614,25 @@ CMS.debug("*** removing this interna cert"); } public PQGParams getCAPQG(int keysize, IConfigStore store) - throws EBaseException { + throws EBaseException { return KeyCertUtil.getCAPQG(keysize, store); } - public CertificateExtensions getCertExtensions(String tokenname, String nickname) - throws NotInitializedException, TokenException, ObjectNotFoundException, + public CertificateExtensions getCertExtensions(String tokenname, + String nickname) throws NotInitializedException, TokenException, + ObjectNotFoundException, IOException, CertificateException { return KeyCertUtil.getExtensions(tokenname, nickname); } } -class JSSDatabaseCloser extends org.mozilla.jss.DatabaseCloser -{ +class JSSDatabaseCloser extends org.mozilla.jss.DatabaseCloser { public JSSDatabaseCloser() throws Exception { - super(); + super(); } public void closeDatabases() { - super.closeDatabases(); + super.closeDatabases(); } } diff --git a/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java b/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java index 35b7cdf2b..7dadc7afa 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java +++ b/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.IOException; import java.security.KeyPair; @@ -29,16 +28,14 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; - /** - * KRA transport certificate + * KRA transport certificate * * @author Christine Ho * @version $Revision$, $Date$ */ public class KRATransportCert extends CertificateInfo { - public static final String SUBJECT_NAME = - "CN=Data Recovery Manager, O=Netscape Communications, C=US"; + public static final String SUBJECT_NAME = "CN=Data Recovery Manager, O=Netscape Communications, C=US"; private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME; public KRATransportCert(KeyCertData properties) { @@ -49,8 +46,7 @@ public class KRATransportCert extends CertificateInfo { super(properties, pair); String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME); - if ((tmp != null) && - (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) + if ((tmp != null) && (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) mTokenname = tmp; mProperties.put(Constants.PR_AKI, Constants.TRUE); } @@ -62,7 +58,8 @@ public class KRATransportCert extends CertificateInfo { if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) cmsFileTmp.putString("kra.transportUnit.nickName", nickname); else - cmsFileTmp.putString("kra.transportUnit.nickName", tokenname + ":" + nickname); + cmsFileTmp.putString("kra.transportUnit.nickName", tokenname + ":" + + nickname); cmsFileTmp.commit(false); } @@ -72,8 +69,8 @@ public class KRATransportCert extends CertificateInfo { public String getNickname() { String name = (String) mProperties.get(Constants.PR_NICKNAME); - String instanceName = - (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); + String instanceName = (String) mProperties + .get(ConfigConstants.PR_CERT_INSTANCE_NAME); if (name != null) return name; @@ -81,19 +78,14 @@ public class KRATransportCert extends CertificateInfo { } /* - public SignatureAlgorithm getSigningAlgorithm() { - SignatureAlgorithm sAlg = - (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM); - if (sAlg != null) { - return sAlg; - } - String alg = (String)mProperties.get(Constants.PR_KEY_TYPE); - - if (alg.equals("RSA")) - return SignatureAlgorithm.RSASignatureWithMD5Digest; - else - return SignatureAlgorithm.DSASignatureWithSHA1Digest; - } + * public SignatureAlgorithm getSigningAlgorithm() { SignatureAlgorithm sAlg + * = (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM); + * if (sAlg != null) { return sAlg; } String alg = + * (String)mProperties.get(Constants.PR_KEY_TYPE); + * + * if (alg.equals("RSA")) return + * SignatureAlgorithm.RSASignatureWithMD5Digest; else return + * SignatureAlgorithm.DSASignatureWithSHA1Digest; } */ public String getKeyAlgorithm() { @@ -107,4 +99,3 @@ public class KRATransportCert extends CertificateInfo { return extension; } } - diff --git a/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java b/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java index 589d5a68c..95772307e 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java +++ b/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.FilterOutputStream; @@ -116,7 +115,6 @@ import com.netscape.cmscore.dbs.DateMapper; import com.netscape.cmscore.dbs.X509CertImplMapper; import com.netscape.cmsutil.crypto.CryptoUtil; - /** * This class provides all the base methods to generate the key for different * kinds of certificates. @@ -149,14 +147,15 @@ public class KeyCertUtil { try { Extension de = new Extension(new DerValue(b)); } catch (IOException ex) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT_EXTENSION")); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_INVALID_CERT_EXTENSION")); } } } } - public static String getTokenNames(CryptoManager manager) - throws TokenException { + public static String getTokenNames(CryptoManager manager) + throws TokenException { String tokenList = ""; Enumeration tokens = manager.getExternalTokens(); int num = 0; @@ -180,11 +179,8 @@ public class KeyCertUtil { // All this streaming is lame, but Base64OutputStream needs a // PrintStream ByteArrayOutputStream output = new ByteArrayOutputStream(); - Base64OutputStream b64 = new Base64OutputStream(new - PrintStream(new - FilterOutputStream(output) - ) - ); + Base64OutputStream b64 = new Base64OutputStream(new PrintStream( + new FilterOutputStream(output))); b64.write(bytes); b64.flush(); @@ -195,7 +191,7 @@ public class KeyCertUtil { } public static byte[] makeDSSParms(BigInteger P, BigInteger Q, BigInteger G) - throws IOException { + throws IOException { // Write P, Q, G to a DER stream DerOutputStream contents = new DerOutputStream(); @@ -212,42 +208,43 @@ public class KeyCertUtil { return sequence.toByteArray(); } - public static PrivateKey getPrivateKey(String tokenname, String nickname) - throws TokenException, EBaseException, - NoSuchTokenException, NotInitializedException, CertificateException, - CertificateEncodingException, EBaseException, ObjectNotFoundException { + public static PrivateKey getPrivateKey(String tokenname, String nickname) + throws TokenException, EBaseException, NoSuchTokenException, + NotInitializedException, CertificateException, + CertificateEncodingException, EBaseException, + ObjectNotFoundException { /* - String caNickname = store.getString("ca.signing.tokenname"); - String tokenName = store.getString("ca.signing.cacertnickname"); + * String caNickname = store.getString("ca.signing.tokenname"); String + * tokenName = store.getString("ca.signing.cacertnickname"); */ X509Certificate cert = getCertificate(tokenname, nickname); - + return CryptoManager.getInstance().findPrivKeyByCert(cert); } - public static String getCertSubjectName(String tokenname, String nickname) - throws TokenException, EBaseException, NoSuchTokenException, + public static String getCertSubjectName(String tokenname, String nickname) + throws TokenException, EBaseException, NoSuchTokenException, NotInitializedException, CertificateException, CertificateEncodingException, EBaseException { - + X509Certificate cert = getCertificate(tokenname, nickname); X509CertImpl impl = new X509CertImpl(cert.getEncoded()); return impl.getSubjectDN().getName(); } - public static X509CertImpl signCert(PrivateKey privateKey, X509CertInfo certInfo, - SignatureAlgorithm sigAlg) - throws NoSuchTokenException, EBaseException, NotInitializedException { + public static X509CertImpl signCert(PrivateKey privateKey, + X509CertInfo certInfo, SignatureAlgorithm sigAlg) + throws NoSuchTokenException, EBaseException, + NotInitializedException { try { - CertificateAlgorithmId sId = (CertificateAlgorithmId) - certInfo.get(X509CertInfo.ALGORITHM_ID); - AlgorithmId sigAlgId = - (AlgorithmId) sId.get(CertificateAlgorithmId.ALGORITHM); + CertificateAlgorithmId sId = (CertificateAlgorithmId) certInfo + .get(X509CertInfo.ALGORITHM_ID); + AlgorithmId sigAlgId = (AlgorithmId) sId + .get(CertificateAlgorithmId.ALGORITHM); - org.mozilla.jss.crypto.PrivateKey priKey = - (org.mozilla.jss.crypto.PrivateKey) privateKey; + org.mozilla.jss.crypto.PrivateKey priKey = (org.mozilla.jss.crypto.PrivateKey) privateKey; CryptoToken token = priKey.getOwningToken(); DerOutputStream tmp = new DerOutputStream(); @@ -270,19 +267,25 @@ public class KeyCertUtil { return signedCert; } catch (IOException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_SIGNED_FAILED", e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_SIGNED_FAILED", e.toString())); } catch (NoSuchAlgorithmException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_ALG_NOT_SUPPORTED", e.toString())); } catch (TokenException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR_1", e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_ERROR_1", e.toString())); } catch (SignatureException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_SIGNED_FAILED", e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_SIGNED_FAILED", e.toString())); } catch (InvalidKeyException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_INVALID_KEY_1", e.toString())); } catch (CertificateException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + e.toString())); } - } + } public static SignatureAlgorithm getSigningAlgorithm(String keyType) { SignatureAlgorithm sAlg = null; @@ -295,7 +298,8 @@ public class KeyCertUtil { return sAlg; } - public static SignatureAlgorithm getSigningAlgorithm(String keyType, String hashtype) { + public static SignatureAlgorithm getSigningAlgorithm(String keyType, + String hashtype) { SignatureAlgorithm sAlg = null; if (keyType.equals("RSA")) { @@ -317,9 +321,9 @@ public class KeyCertUtil { } public static AlgorithmId getAlgorithmId(String algname, IConfigStore store) - throws EBaseException { + throws EBaseException { try { - + if (algname.equals("DSA")) { byte[] p = store.getByteArray("ca.dsaP", null); byte[] q = store.getByteArray("ca.dsaQ", null); @@ -335,15 +339,16 @@ public class KeyCertUtil { } return AlgorithmId.getAlgorithmId(algname); } catch (NoSuchAlgorithmException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED")); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED")); } } public static X509Certificate getCertificate(String tokenname, - String nickname) throws NotInitializedException, NoSuchTokenException, - EBaseException, TokenException { + String nickname) throws NotInitializedException, + NoSuchTokenException, EBaseException, TokenException { CryptoManager manager = CryptoManager.getInstance(); - CryptoToken token = null; + CryptoToken token = null; if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { token = manager.getInternalKeyStorageToken(); @@ -360,16 +365,16 @@ public class KeyCertUtil { try { return manager.findCertByNickname(certname.toString()); } catch (ObjectNotFoundException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CA_SIGNINGCERT_NOT_FOUND")); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CA_SIGNINGCERT_NOT_FOUND")); } } - public static KeyPair getKeyPair(String tokenname, String nickname) - throws NotInitializedException, NoSuchTokenException, TokenException, - ObjectNotFoundException, EBaseException { + public static KeyPair getKeyPair(String tokenname, String nickname) + throws NotInitializedException, NoSuchTokenException, + TokenException, ObjectNotFoundException, EBaseException { X509Certificate cert = getCertificate(tokenname, nickname); - PrivateKey priKey = - CryptoManager.getInstance().findPrivKeyByCert(cert); + PrivateKey priKey = CryptoManager.getInstance().findPrivKeyByCert(cert); PublicKey publicKey = cert.getPublicKey(); return new KeyPair(publicKey, priKey); @@ -383,8 +388,8 @@ public class KeyCertUtil { } } - public static PQGParams getCAPQG(int keysize, IConfigStore store) - throws EBaseException { + public static PQGParams getCAPQG(int keysize, IConfigStore store) + throws EBaseException { if (store != null) { try { int pqgKeySize = store.getInteger("ca.dsaPQG.keyLength", 0); @@ -410,40 +415,44 @@ public class KeyCertUtil { PQGParams pqg = PQGParams.generate(keysize); store.putInteger("ca.dsaPQG.keyLength", keysize); - store.putString("ca.dsaP", KeyCertUtil.base64Encode( - pqg.getP().toByteArray())); - store.putString("ca.dsaQ", KeyCertUtil.base64Encode( - pqg.getQ().toByteArray())); - store.putString("ca.dsaG", KeyCertUtil.base64Encode( - pqg.getG().toByteArray())); - store.putString("ca.dsaSeed", KeyCertUtil.base64Encode( - pqg.getSeed().toByteArray())); + store.putString("ca.dsaP", + KeyCertUtil.base64Encode(pqg.getP().toByteArray())); + store.putString("ca.dsaQ", + KeyCertUtil.base64Encode(pqg.getQ().toByteArray())); + store.putString("ca.dsaG", + KeyCertUtil.base64Encode(pqg.getG().toByteArray())); + store.putString("ca.dsaSeed", + KeyCertUtil.base64Encode(pqg.getSeed().toByteArray())); store.putInteger("ca.dsaCounter", pqg.getCounter()); - store.putString("ca.dsaH", KeyCertUtil.base64Encode( - pqg.getH().toByteArray())); - store.putString("ca.DSSParms", - KeyCertUtil.base64Encode( - KeyCertUtil.makeDSSParms(pqg.getP(), pqg.getQ(), pqg.getG()))); + store.putString("ca.dsaH", + KeyCertUtil.base64Encode(pqg.getH().toByteArray())); + store.putString( + "ca.DSSParms", + KeyCertUtil.base64Encode(KeyCertUtil.makeDSSParms( + pqg.getP(), pqg.getQ(), pqg.getG()))); store.commit(false); return pqg; } catch (IOException ee) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); } catch (EBaseException ee) { throw ee; } catch (PQGParamGenException ee) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); } } return null; } public static KeyPair generateKeyPair(CryptoToken token, - KeyPairAlgorithm kpAlg, int keySize, PQGParams pqg) - throws NoSuchAlgorithmException, TokenException, InvalidAlgorithmParameterException, - InvalidParameterException, PQGParamGenException { + KeyPairAlgorithm kpAlg, int keySize, PQGParams pqg) + throws NoSuchAlgorithmException, TokenException, + InvalidAlgorithmParameterException, InvalidParameterException, + PQGParamGenException { KeyPairGenerator kpGen = token.getKeyPairGenerator(kpAlg); - + if (kpAlg == KeyPairAlgorithm.DSA) { if (pqg == null) { kpGen.initialize(keySize); @@ -463,18 +472,16 @@ public class KeyCertUtil { do { // 602548 NSS bug - to overcome it, we use isBadDSAKeyPair kp = kpGen.genKeyPair(); - } - while (isBadDSAKeyPair(kp)); + } while (isBadDSAKeyPair(kp)); return kp; } } /** - * Test for a DSA key pair that will trigger a bug in NSS. - * The problem occurs when the first byte of the key is 0. This - * happens when the value otherwise would have been negative, and a - * zero byte is prepended to force it to be positive. - * This is blackflag bug 602548. + * Test for a DSA key pair that will trigger a bug in NSS. The problem + * occurs when the first byte of the key is 0. This happens when the value + * otherwise would have been negative, and a zero byte is prepended to force + * it to be positive. This is blackflag bug 602548. */ public static boolean isBadDSAKeyPair(KeyPair pair) { try { @@ -487,9 +494,10 @@ public class KeyCertUtil { BIT_STRING bs = (BIT_STRING) seq.elementAt(1); byte[] bits = bs.getBits(); - ByteArrayInputStream bitstream = new ByteArrayInputStream(bs.getBits()); + ByteArrayInputStream bitstream = new ByteArrayInputStream( + bs.getBits()); ASN1Header wrapper = new ASN1Header(bitstream); - byte[] valBytes = new byte[ (int) wrapper.getContentLength() ]; + byte[] valBytes = new byte[(int) wrapper.getContentLength()]; ASN1Util.readFully(valBytes, bitstream); @@ -503,7 +511,7 @@ public class KeyCertUtil { } public static KeyPair generateKeyPair(String tokenName, String alg, - int keySize, PQGParams pqg) throws EBaseException { + int keySize, PQGParams pqg) throws EBaseException { CryptoToken token = null; @@ -512,14 +520,17 @@ public class KeyCertUtil { try { if (tokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN)) { - token = CryptoManager.getInstance().getInternalKeyStorageToken(); + token = CryptoManager.getInstance() + .getInternalKeyStorageToken(); } else { token = CryptoManager.getInstance().getTokenByName(tokenName); } } catch (NoSuchTokenException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", tokenName)); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_NOT_FOUND", tokenName)); } catch (NotInitializedException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } KeyPairAlgorithm kpAlg = null; @@ -534,22 +545,25 @@ public class KeyCertUtil { return kp; } catch (InvalidParameterException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEYSIZE_PARAMS", - "" + keySize)); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_INVALID_KEYSIZE_PARAMS", "" + keySize)); } catch (PQGParamGenException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); } catch (NoSuchAlgorithmException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", - kpAlg.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_ALG_NOT_SUPPORTED", kpAlg.toString())); } catch (TokenException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR_1", e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_TOKEN_ERROR_1", e.toString())); } catch (InvalidAlgorithmParameterException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", "DSA")); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_ALG_NOT_SUPPORTED", "DSA")); } } - public static PKCS10 getCertRequest(String subjectName, KeyPair keyPair) - throws NoSuchAlgorithmException, NoSuchProviderException, + public static PKCS10 getCertRequest(String subjectName, KeyPair keyPair) + throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException, CertificateException, SignatureException { PublicKey pubk = keyPair.getPublic(); @@ -563,8 +577,8 @@ public class KeyCertUtil { } else { alg = "DSA"; } - java.security.Signature sig = - java.security.Signature.getInstance(alg, "Mozilla-JSS"); + java.security.Signature sig = java.security.Signature.getInstance(alg, + "Mozilla-JSS"); sig.initSign(keyPair.getPrivate()); @@ -578,12 +592,10 @@ public class KeyCertUtil { return pkcs10; } - public static PKCS10 getCertRequest(String subjectName, KeyPair - keyPair, Extensions - exts) - throws NoSuchAlgorithmException, NoSuchProviderException, - InvalidKeyException, IOException, CertificateException, - SignatureException { + public static PKCS10 getCertRequest(String subjectName, KeyPair keyPair, + Extensions exts) throws NoSuchAlgorithmException, + NoSuchProviderException, InvalidKeyException, IOException, + CertificateException, SignatureException { PublicKey pubk = keyPair.getPublic(); X509Key key = convertPublicKeyToX509Key(pubk); String alg; @@ -595,17 +607,16 @@ public class KeyCertUtil { } else { alg = "DSA"; } - java.security.Signature sig = - java.security.Signature.getInstance(alg, "Mozilla-JSS"); + java.security.Signature sig = java.security.Signature.getInstance(alg, + "Mozilla-JSS"); sig.initSign(keyPair.getPrivate()); PKCS10 pkcs10 = null; if (exts != null) { - PKCS10Attribute attr = new - PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, - (CertAttrSet) exts); + PKCS10Attribute attr = new PKCS10Attribute( + PKCS9Attribute.EXTENSION_REQUEST_OID, (CertAttrSet) exts); PKCS10Attributes attrs = new PKCS10Attributes(); attrs.setAttribute(attr.getAttributeValue().getName(), attr); @@ -623,8 +634,8 @@ public class KeyCertUtil { return pkcs10; } - public static X509Key convertPublicKeyToX509Key(PublicKey pubk) - throws InvalidKeyException { + public static X509Key convertPublicKeyToX509Key(PublicKey pubk) + throws InvalidKeyException { X509Key xKey; @@ -632,9 +643,9 @@ public class KeyCertUtil { RSAPublicKey rsaKey = (RSAPublicKey) pubk; // REMOVED constructors from parameters by MLH on 1/9/99 - xKey = new netscape.security.provider.RSAPublicKey( - new BigInt(rsaKey.getModulus()), - new BigInt(rsaKey.getPublicExponent())); + xKey = new netscape.security.provider.RSAPublicKey(new BigInt( + rsaKey.getModulus()), + new BigInt(rsaKey.getPublicExponent())); } else if (pubk instanceof PK11ECPublicKey) { byte encoded[] = pubk.getEncoded(); xKey = CryptoUtil.getPublicX509ECCKey(encoded); @@ -643,44 +654,41 @@ public class KeyCertUtil { DSAPublicKey dsaKey = (DSAPublicKey) pubk; DSAParams params = dsaKey.getParams(); - xKey = new netscape.security.provider.DSAPublicKey( - dsaKey.getY(), - params.getP(), - params.getQ(), - params.getG()); + xKey = new netscape.security.provider.DSAPublicKey(dsaKey.getY(), + params.getP(), params.getQ(), params.getG()); } return xKey; } - public static X509Certificate - importCert(X509CertImpl signedCert, String nickname, - String certType) throws NotInitializedException, TokenException, - CertificateEncodingException, UserCertConflictException, - NicknameConflictException, NoSuchItemOnTokenException, CertificateException { - + public static X509Certificate importCert(X509CertImpl signedCert, + String nickname, String certType) throws NotInitializedException, + TokenException, CertificateEncodingException, + UserCertConflictException, NicknameConflictException, + NoSuchItemOnTokenException, CertificateException { + return importCert(signedCert.getEncoded(), nickname, certType); } - public static X509Certificate - importCert(String b64E, String nickname, String certType) - throws NotInitializedException, TokenException, + public static X509Certificate importCert(String b64E, String nickname, + String certType) throws NotInitializedException, TokenException, CertificateEncodingException, UserCertConflictException, - NicknameConflictException, NoSuchItemOnTokenException, CertificateException { - + NicknameConflictException, NoSuchItemOnTokenException, + CertificateException { + byte b[] = b64E.getBytes(); X509Certificate cert = getInternalCertificate(b, nickname, certType); - + if (cert instanceof InternalCertificate) { setTrust(certType, (InternalCertificate) cert); } return cert; } - public static X509Certificate - importCert(byte[] b, String nickname, String certType) - throws NotInitializedException, TokenException, - CertificateEncodingException, UserCertConflictException, - NicknameConflictException, NoSuchItemOnTokenException, CertificateException { + public static X509Certificate importCert(byte[] b, String nickname, + String certType) throws NotInitializedException, TokenException, + CertificateEncodingException, UserCertConflictException, + NicknameConflictException, NoSuchItemOnTokenException, + CertificateException { X509Certificate cert = getInternalCertificate(b, nickname, certType); @@ -690,43 +698,43 @@ public class KeyCertUtil { return cert; } - public static X509Certificate getInternalCertificate(byte[] b, String nickname, String certType) - throws NotInitializedException, TokenException, CertificateEncodingException, - UserCertConflictException, NicknameConflictException, NoSuchItemOnTokenException, - CertificateException { + public static X509Certificate getInternalCertificate(byte[] b, + String nickname, String certType) throws NotInitializedException, + TokenException, CertificateEncodingException, + UserCertConflictException, NicknameConflictException, + NoSuchItemOnTokenException, CertificateException { X509Certificate cert = null; if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { cert = CryptoManager.getInstance().importUserCACertPackage(b, - nickname); - } else if (certType.equals(Constants.PR_RA_SIGNING_CERT) || - certType.equals(Constants.PR_KRA_TRANSPORT_CERT) || - certType.equals(Constants.PR_OCSP_SIGNING_CERT) || - certType.equals(Constants.PR_SERVER_CERT) || - certType.equals(Constants.PR_SERVER_CERT_RADM) || - certType.equals(Constants.PR_OTHER_CERT) || - certType.equals(Constants.PR_SUBSYSTEM_CERT)) { - cert = CryptoManager.getInstance().importCertPackage(b, - nickname); + nickname); + } else if (certType.equals(Constants.PR_RA_SIGNING_CERT) + || certType.equals(Constants.PR_KRA_TRANSPORT_CERT) + || certType.equals(Constants.PR_OCSP_SIGNING_CERT) + || certType.equals(Constants.PR_SERVER_CERT) + || certType.equals(Constants.PR_SERVER_CERT_RADM) + || certType.equals(Constants.PR_OTHER_CERT) + || certType.equals(Constants.PR_SUBSYSTEM_CERT)) { + cert = CryptoManager.getInstance().importCertPackage(b, nickname); } else if (certType.equals(Constants.PR_SERVER_CERT_CHAIN)) { cert = CryptoManager.getInstance().importCACertPackage(b); } else if (certType.equals(Constants.PR_TRUSTED_CA_CERT)) { cert = CryptoManager.getInstance().importCACertPackage(b); - X509Certificate[] certchain = CryptoManager.getInstance().buildCertificateChain(cert); + X509Certificate[] certchain = CryptoManager.getInstance() + .buildCertificateChain(cert); if (certchain != null) { cert = certchain[certchain.length - 1]; } } - return cert; + return cert; } public static void setTrust(String certType, InternalCertificate inCert) { if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { - int flag = InternalCertificate.VALID_CA | - InternalCertificate.TRUSTED_CA | - InternalCertificate.USER | - InternalCertificate.TRUSTED_CLIENT_CA; + int flag = InternalCertificate.VALID_CA + | InternalCertificate.TRUSTED_CA | InternalCertificate.USER + | InternalCertificate.TRUSTED_CLIENT_CA; inCert.setSSLTrust(flag); inCert.setObjectSigningTrust(flag); @@ -736,72 +744,61 @@ public class KeyCertUtil { inCert.setSSLTrust(flag); inCert.setObjectSigningTrust(flag); - inCert.setEmailTrust(flag); + inCert.setEmailTrust(flag); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { int flag = InternalCertificate.USER | InternalCertificate.VALID_CA; inCert.setSSLTrust(flag); inCert.setObjectSigningTrust(flag); - inCert.setEmailTrust(flag); - } else if (certType.equals(Constants.PR_SERVER_CERT) || - certType.equals(Constants.PR_SUBSYSTEM_CERT)) { + inCert.setEmailTrust(flag); + } else if (certType.equals(Constants.PR_SERVER_CERT) + || certType.equals(Constants.PR_SUBSYSTEM_CERT)) { int flag = InternalCertificate.USER | InternalCertificate.VALID_CA; inCert.setSSLTrust(flag); inCert.setObjectSigningTrust(flag); - inCert.setEmailTrust(flag); + inCert.setEmailTrust(flag); } else if (certType.equals(Constants.PR_TRUSTED_CA_CERT)) { - inCert.setSSLTrust(InternalCertificate.TRUSTED_CA | InternalCertificate.TRUSTED_CLIENT_CA | - InternalCertificate.VALID_CA); - //inCert.setEmailTrust(InternalCertificate.TRUSTED_CA); - - // cannot set this bit. If set, then the cert will not appear when you called getCACerts(). - //inCert.setObjectSigningTrust(InternalCertificate.TRUSTED_CA); + inCert.setSSLTrust(InternalCertificate.TRUSTED_CA + | InternalCertificate.TRUSTED_CLIENT_CA + | InternalCertificate.VALID_CA); + // inCert.setEmailTrust(InternalCertificate.TRUSTED_CA); + + // cannot set this bit. If set, then the cert will not appear when + // you called getCACerts(). + // inCert.setObjectSigningTrust(InternalCertificate.TRUSTED_CA); } } public static byte[] convertB64EToByteArray(String b64E) - throws CertificateException, IOException { + throws CertificateException, IOException { String str = CertUtils.stripCertBrackets(b64E); byte bCert[] = (byte[]) (com.netscape.osutil.OSUtil.AtoB(str)); /* - java.security.cert.X509Certificate cert = - java.security.cert.X509Certificate.getInstance(bCert); - return cert; + * java.security.cert.X509Certificate cert = + * java.security.cert.X509Certificate.getInstance(bCert); return cert; */ return bCert; } /** - * ASN.1 structure: - * 0 30 142: SEQUENCE { - * 3 30 69: SEQUENCE { - * 5 06 3: OBJECT IDENTIFIER issuerAltName (2 5 29 18) - * 10 04 62: OCTET STRING - * : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A - * : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01 - * : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 - * : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01 - * : } - * 74 30 69: SEQUENCE { - * 76 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) - * 81 04 62: OCTET STRING - * : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A - * : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01 - * : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 - * : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01 - * : } - * : } - * Uses the following to test with configuration wizard: + * ASN.1 structure: 0 30 142: SEQUENCE { 3 30 69: SEQUENCE { 5 06 3: OBJECT + * IDENTIFIER issuerAltName (2 5 29 18) 10 04 62: OCTET STRING : 30 3C 82 01 + * 61 82 01 61 A4 10 30 0E 31 0C 30 0A : 06 03 55 04 03 13 03 64 73 61 87 04 + * 01 01 01 01 : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 : 73 63 61 + * 70 65 2E 63 6F 6D 88 03 29 01 01 : } 74 30 69: SEQUENCE { 76 06 3: OBJECT + * IDENTIFIER subjectAltName (2 5 29 17) 81 04 62: OCTET STRING : 30 3C 82 + * 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A : 06 03 55 04 03 13 03 64 73 61 87 + * 04 01 01 01 01 : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 : 73 63 + * 61 70 65 2E 63 6F 6D 88 03 29 01 01 : } : } Uses the following to test + * with configuration wizard: * MIGOMEUGA1UdEQQ+MDyCAWGCAWGkEDAOMQwwCgYDVQQDEwNkc2GHBAEBAQGGAWGB * FHRob21hc2tAbmV0c2NhcGUuY29tiAMpAQEwRQYDVR0SBD4wPIIBYYIBYaQQMA4x - * DDAKBgNVBAMTA2RzYYcEAQEBAYYBYYEUdGhvbWFza0BuZXRzY2FwZS5jb22IAykB - * AQ== + * DDAKBgNVBAMTA2RzYYcEAQEBAYYBYYEUdGhvbWFza0BuZXRzY2FwZS5jb22IAykB AQ== */ - public static void setDERExtension( - CertificateExtensions ext, KeyCertData properties) - throws IOException { + public static void setDERExtension(CertificateExtensions ext, + KeyCertData properties) throws IOException { String b64E = properties.getDerExtension(); @@ -825,9 +822,8 @@ public class KeyCertUtil { } } - public static void setBasicConstraintsExtension( - CertificateExtensions ext, KeyCertData properties) - throws IOException { + public static void setBasicConstraintsExtension(CertificateExtensions ext, + KeyCertData properties) throws IOException { String isCA = properties.isCA(); String certLen = properties.getCertLen(); @@ -843,30 +839,29 @@ public class KeyCertUtil { else len = Integer.parseInt(certLen); - if ((isCA == null) || (isCA.equals("")) || - (isCA.equals(Constants.FALSE))) + if ((isCA == null) || (isCA.equals("")) + || (isCA.equals(Constants.FALSE))) bool = false; else bool = true; - - BasicConstraintsExtension basic = new BasicConstraintsExtension( - bool, len); + + BasicConstraintsExtension basic = new BasicConstraintsExtension(bool, + len); ext.set(BasicConstraintsExtension.NAME, basic); } - public static void setExtendedKeyUsageExtension( - CertificateExtensions ext, KeyCertData properties) throws IOException, - CertificateException { + public static void setExtendedKeyUsageExtension(CertificateExtensions ext, + KeyCertData properties) throws IOException, CertificateException { ExtendedKeyUsageExtension ns = new ExtendedKeyUsageExtension(); boolean anyExt = false; - + String sslClient = properties.getSSLClientBit(); - + if ((sslClient != null) && (sslClient.equals(Constants.TRUE))) { ns.addOID(new ObjectIdentifier("1.3.6.1.5.5.7.3.2")); anyExt = true; - } + } String sslServer = properties.getSSLServerBit(); @@ -907,8 +902,8 @@ public class KeyCertUtil { } public static void setNetscapeCertificateExtension( - CertificateExtensions ext, KeyCertData properties) throws IOException, - CertificateException { + CertificateExtensions ext, KeyCertData properties) + throws IOException, CertificateException { NSCertTypeExtension ns = new NSCertTypeExtension(); boolean anyExt = false; @@ -957,7 +952,8 @@ public class KeyCertUtil { String objectSigningCA = properties.getObjectSigningCABit(); - if ((objectSigningCA != null) && (objectSigningCA.equals(Constants.TRUE))) { + if ((objectSigningCA != null) + && (objectSigningCA.equals(Constants.TRUE))) { ns.set(NSCertTypeExtension.OBJECT_SIGNING_CA, new Boolean(true)); anyExt = true; } @@ -965,38 +961,36 @@ public class KeyCertUtil { ext.set(NSCertTypeExtension.NAME, ns); } - public static void setOCSPNoCheck(KeyPair keypair, - CertificateExtensions ext, KeyCertData properties) throws IOException, - NoSuchAlgorithmException, InvalidKeyException { + public static void setOCSPNoCheck(KeyPair keypair, + CertificateExtensions ext, KeyCertData properties) + throws IOException, NoSuchAlgorithmException, InvalidKeyException { String noCheck = properties.getOCSPNoCheck(); if ((noCheck != null) && (noCheck.equals(Constants.TRUE))) { - OCSPNoCheckExtension noCheckExt = - new OCSPNoCheckExtension(); + OCSPNoCheckExtension noCheckExt = new OCSPNoCheckExtension(); ext.set(OCSPNoCheckExtension.NAME, noCheckExt); } } - public static void setOCSPSigning(KeyPair keypair, - CertificateExtensions ext, KeyCertData properties) throws IOException, - NoSuchAlgorithmException, InvalidKeyException { + public static void setOCSPSigning(KeyPair keypair, + CertificateExtensions ext, KeyCertData properties) + throws IOException, NoSuchAlgorithmException, InvalidKeyException { String signing = properties.getOCSPSigning(); - if ((signing != null) && (signing.equals(Constants.TRUE))) { - Vector oidSet = new Vector(); - oidSet.addElement( - ObjectIdentifier.getObjectIdentifier( - ExtendedKeyUsageExtension.OID_OCSPSigning)); - ExtendedKeyUsageExtension ocspExt = - new ExtendedKeyUsageExtension(false, oidSet); + if ((signing != null) && (signing.equals(Constants.TRUE))) { + Vector oidSet = new Vector(); + oidSet.addElement(ObjectIdentifier + .getObjectIdentifier(ExtendedKeyUsageExtension.OID_OCSPSigning)); + ExtendedKeyUsageExtension ocspExt = new ExtendedKeyUsageExtension( + false, oidSet); ext.set(ExtendedKeyUsageExtension.NAME, ocspExt); } } - public static void setAuthInfoAccess(KeyPair keypair, - CertificateExtensions ext, KeyCertData properties) throws IOException, - NoSuchAlgorithmException, InvalidKeyException { + public static void setAuthInfoAccess(KeyPair keypair, + CertificateExtensions ext, KeyCertData properties) + throws IOException, NoSuchAlgorithmException, InvalidKeyException { String aia = properties.getAIA(); if ((aia != null) && (aia.equals(Constants.TRUE))) { @@ -1004,137 +998,131 @@ public class KeyCertUtil { String port = CMS.getEENonSSLPort(); AuthInfoAccessExtension aiaExt = new AuthInfoAccessExtension(false); if (hostname != null && port != null) { - String location = "http://"+hostname+":"+port+"/ca/ocsp"; + String location = "http://" + hostname + ":" + port + + "/ca/ocsp"; GeneralName ocspName = new GeneralName(new URIName(location)); - aiaExt.addAccessDescription(AuthInfoAccessExtension.METHOD_OCSP, ocspName); + aiaExt.addAccessDescription( + AuthInfoAccessExtension.METHOD_OCSP, ocspName); } ext.set(AuthInfoAccessExtension.NAME, aiaExt); } } - public static void setAuthorityKeyIdentifier(KeyPair keypair, - CertificateExtensions ext, KeyCertData properties) throws IOException, - NoSuchAlgorithmException, InvalidKeyException { + public static void setAuthorityKeyIdentifier(KeyPair keypair, + CertificateExtensions ext, KeyCertData properties) + throws IOException, NoSuchAlgorithmException, InvalidKeyException { String aki = properties.getAKI(); if ((aki != null) && (aki.equals(Constants.TRUE))) { KeyIdentifier id = createKeyIdentifier(keypair); - AuthorityKeyIdentifierExtension akiExt = - new AuthorityKeyIdentifierExtension(id, null, null); + AuthorityKeyIdentifierExtension akiExt = new AuthorityKeyIdentifierExtension( + id, null, null); ext.set(AuthorityKeyIdentifierExtension.NAME, akiExt); } } - public static void setSubjectKeyIdentifier(KeyPair keypair, - CertificateExtensions ext, - KeyCertData properties) throws IOException, NoSuchAlgorithmException, - InvalidKeyException { + public static void setSubjectKeyIdentifier(KeyPair keypair, + CertificateExtensions ext, KeyCertData properties) + throws IOException, NoSuchAlgorithmException, InvalidKeyException { String ski = properties.getSKI(); if ((ski != null) && (ski.equals(Constants.TRUE))) { KeyIdentifier id = createKeyIdentifier(keypair); - SubjectKeyIdentifierExtension skiExt = - new SubjectKeyIdentifierExtension(id.getIdentifier()); + SubjectKeyIdentifierExtension skiExt = new SubjectKeyIdentifierExtension( + id.getIdentifier()); ext.set(SubjectKeyIdentifierExtension.NAME, skiExt); } } public static void setKeyUsageExtension(CertificateExtensions ext, - KeyUsageExtension keyUsage) throws IOException { + KeyUsageExtension keyUsage) throws IOException { ext.set(KeyUsageExtension.NAME, keyUsage); } - public static KeyIdentifier createKeyIdentifier(KeyPair keypair) - throws NoSuchAlgorithmException, InvalidKeyException { + public static KeyIdentifier createKeyIdentifier(KeyPair keypair) + throws NoSuchAlgorithmException, InvalidKeyException { MessageDigest md = MessageDigest.getInstance("SHA-1"); - X509Key subjectKeyInfo = convertPublicKeyToX509Key( - keypair.getPublic()); + X509Key subjectKeyInfo = convertPublicKeyToX509Key(keypair.getPublic()); - //md.update(subjectKeyInfo.getEncoded()); + // md.update(subjectKeyInfo.getEncoded()); md.update(subjectKeyInfo.getKey()); return new KeyIdentifier(md.digest()); } - public static BigInteger getSerialNumber(LDAPConnection conn, String baseDN) - throws LDAPException { + public static BigInteger getSerialNumber(LDAPConnection conn, String baseDN) + throws LDAPException { String dn = "ou=certificateRepository,ou=ca," + baseDN; BigInteger serialno = null; LDAPEntry entry = conn.read(dn); - String serialnoStr = (String) entry.getAttribute( - "serialno").getStringValues().nextElement(); + String serialnoStr = (String) entry.getAttribute("serialno") + .getStringValues().nextElement(); serialno = BigIntegerMapper.BigIntegerFromDB(serialnoStr); LDAPAttribute attr = new LDAPAttribute("serialno"); - attr.addValue(BigIntegerMapper.BigIntegerToDB( - serialno.add(new BigInteger("1")))); - LDAPModification mod = new LDAPModification( - LDAPModification.REPLACE, attr); + attr.addValue(BigIntegerMapper.BigIntegerToDB(serialno + .add(new BigInteger("1")))); + LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, + attr); conn.modify(dn, mod); return serialno; } - public static void setSerialNumber(LDAPConnection conn, - String baseDN, BigInteger serial) - throws LDAPException { + public static void setSerialNumber(LDAPConnection conn, String baseDN, + BigInteger serial) throws LDAPException { String dn = "ou=certificateRepository,ou=ca," + baseDN; LDAPAttribute attr = new LDAPAttribute("serialno"); // the serial number should already be set - attr.addValue(BigIntegerMapper.BigIntegerToDB( - serial)); - LDAPModification mod = new LDAPModification( - LDAPModification.REPLACE, attr); + attr.addValue(BigIntegerMapper.BigIntegerToDB(serial)); + LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, + attr); conn.modify(dn, mod); } - public static void addCertToDB(LDAPConnection conn, String dn, X509CertImpl cert) - throws LDAPException, EBaseException { + public static void addCertToDB(LDAPConnection conn, String dn, + X509CertImpl cert) throws LDAPException, EBaseException { BigInteger serialno = cert.getSerialNumber(); X509CertImplMapper mapper = new X509CertImplMapper(); LDAPAttributeSet attrs = new LDAPAttributeSet(); - mapper.mapObjectToLDAPAttributeSet(null, null, - cert, attrs); + mapper.mapObjectToLDAPAttributeSet(null, null, cert, attrs); attrs.add(new LDAPAttribute("objectclass", "top")); - attrs.add(new LDAPAttribute("objectclass", - "certificateRecord")); - attrs.add(new LDAPAttribute("serialno", - BigIntegerMapper.BigIntegerToDB( - serialno))); - attrs.add(new LDAPAttribute("dateOfCreate", - DateMapper.dateToDB((CMS.getCurrentDate())))); - attrs.add(new LDAPAttribute("dateOfModify", - DateMapper.dateToDB((CMS.getCurrentDate())))); - attrs.add(new LDAPAttribute("certStatus", - "VALID")); - attrs.add(new LDAPAttribute("autoRenew", - "ENABLED")); - attrs.add(new LDAPAttribute("issuedBy", - "installation")); - LDAPEntry entry = new LDAPEntry("cn=" + serialno.toString() + "," + dn, attrs); + attrs.add(new LDAPAttribute("objectclass", "certificateRecord")); + attrs.add(new LDAPAttribute("serialno", BigIntegerMapper + .BigIntegerToDB(serialno))); + attrs.add(new LDAPAttribute("dateOfCreate", DateMapper.dateToDB((CMS + .getCurrentDate())))); + attrs.add(new LDAPAttribute("dateOfModify", DateMapper.dateToDB((CMS + .getCurrentDate())))); + attrs.add(new LDAPAttribute("certStatus", "VALID")); + attrs.add(new LDAPAttribute("autoRenew", "ENABLED")); + attrs.add(new LDAPAttribute("issuedBy", "installation")); + LDAPEntry entry = new LDAPEntry("cn=" + serialno.toString() + "," + dn, + attrs); conn.add(entry); } - public static CertificateExtensions getExtensions(String tokenname, String nickname) - throws NotInitializedException, TokenException, ObjectNotFoundException, - IOException, CertificateException { + public static CertificateExtensions getExtensions(String tokenname, + String nickname) throws NotInitializedException, TokenException, + ObjectNotFoundException, IOException, CertificateException { String fullnickname = nickname; - if (!tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) + if (!tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) fullnickname = tokenname + ":" + nickname; CryptoManager manager = CryptoManager.getInstance(); X509Certificate cert = manager.findCertByNickname(fullnickname); X509CertImpl impl = new X509CertImpl(cert.getEncoded()); - X509CertInfo info = (X509CertInfo) impl.get(X509CertImpl.NAME + "." + X509CertImpl.INFO); + X509CertInfo info = (X509CertInfo) impl.get(X509CertImpl.NAME + "." + + X509CertImpl.INFO); return (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS); } diff --git a/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java b/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java index efeade921..c04bc19f9 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java +++ b/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.IOException; import java.math.BigInteger; import java.security.KeyPair; @@ -34,7 +33,6 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; - /** * OCSP signing certificate. * @@ -42,8 +40,7 @@ import com.netscape.certsrv.security.KeyCertData; * @version $Revision$, $Date$ */ public class OCSPSigningCert extends CertificateInfo { - public static final String SUBJECT_NAME = - "CN=Certificate Authority, O=Netscape Communications, C=US"; + public static final String SUBJECT_NAME = "CN=Certificate Authority, O=Netscape Communications, C=US"; public OCSPSigningCert(KeyCertData properties) { this(properties, null); @@ -51,19 +48,16 @@ public class OCSPSigningCert extends CertificateInfo { public OCSPSigningCert(KeyCertData properties, KeyPair pair) { super(properties, pair); - /* included in console UI - try { - if (mProperties.get(Constants.PR_OCSP_SIGNING) == null) { - mProperties.put(Constants.PR_OCSP_SIGNING, Constants.TRUE); - } - if (mProperties.get(Constants.PR_OCSP_NOCHECK) == null) { - mProperties.put(Constants.PR_OCSP_NOCHECK, Constants.TRUE); - } - } catch (Exception e) { - mProperties.put(Constants.PR_OCSP_SIGNING, Constants.TRUE); - mProperties.put(Constants.PR_OCSP_NOCHECK, Constants.TRUE); - } - */ + /* + * included in console UI try { if + * (mProperties.get(Constants.PR_OCSP_SIGNING) == null) { + * mProperties.put(Constants.PR_OCSP_SIGNING, Constants.TRUE); } if + * (mProperties.get(Constants.PR_OCSP_NOCHECK) == null) { + * mProperties.put(Constants.PR_OCSP_NOCHECK, Constants.TRUE); } } catch + * (Exception e) { mProperties.put(Constants.PR_OCSP_SIGNING, + * Constants.TRUE); mProperties.put(Constants.PR_OCSP_NOCHECK, + * Constants.TRUE); } + */ } public String getSubjectName() { @@ -85,7 +79,7 @@ public class OCSPSigningCert extends CertificateInfo { BigInteger P = new BigInteger(p); BigInteger Q = new BigInteger(q); BigInteger G = new BigInteger(g); - BigInteger pqgSeed = new BigInteger(seed); + BigInteger pqgSeed = new BigInteger(seed); BigInteger pqgH = new BigInteger(H); return new PQGParams(P, Q, G, pqgSeed, counter, pqgH); @@ -106,20 +100,22 @@ public class OCSPSigningCert extends CertificateInfo { else if (keyType.equals("DSA")) alg = "SHA1withDSA"; else - throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", keyType)); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_ALG_NOT_SUPPORTED", keyType)); cmsFileTmp.putString("ca.signing.defaultSigningAlgorithm", alg); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) cmsFileTmp.putString("ca.signing.cacertnickname", nickname); else - cmsFileTmp.putString("ca.signing.cacertnickname", - tokenname + ":" + nickname); + cmsFileTmp.putString("ca.signing.cacertnickname", tokenname + ":" + + nickname); cmsFileTmp.commit(false); } public String getNickname() { String name = (String) mProperties.get(Constants.PR_NICKNAME); - String instanceName = (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); + String instanceName = (String) mProperties + .get(ConfigConstants.PR_CERT_INSTANCE_NAME); if (name != null) return name; @@ -140,4 +136,3 @@ public class OCSPSigningCert extends CertificateInfo { return extension; } } - diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java b/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java index 48b19f62b..3e94d601d 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java +++ b/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.File; import java.io.InputStream; import java.io.OutputStream; @@ -30,7 +29,6 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.logging.ILogger; import com.netscape.cmscore.base.JDialogPasswordCallback; - /* * A class to retrieve passwords from the SDR password cache * @@ -41,7 +39,7 @@ import com.netscape.cmscore.base.JDialogPasswordCallback; public class PWCBsdr implements PasswordCallback { InputStream in = null; OutputStream out = null; - String mprompt = ""; + String mprompt = ""; boolean firsttime = true; private PasswordCallback mCB = null; private String mPWcachedb = null; @@ -50,38 +48,38 @@ public class PWCBsdr implements PasswordCallback { public PWCBsdr() { this(null); } - + public PWCBsdr(String prompt) { in = System.in; out = System.out; mprompt = prompt; - /* to get the test program work - System.out.println("before CMS.getLogger"); - try { + /* + * to get the test program work + * System.out.println("before CMS.getLogger"); try { */ mLogger = CMS.getLogger(); /* - } catch (NullPointerException e) { - System.out.println("after CMS.getLoggergot NullPointerException ... testing ok"); - } - System.out.println("after CMS.getLogger"); + * } catch (NullPointerException e) { System.out.println( + * "after CMS.getLoggergot NullPointerException ... testing ok"); } + * System.out.println("after CMS.getLogger"); */ // get path to password cache try { mPWcachedb = CMS.getConfigStore().getString("pwCache"); - CMS.debug("got pwCache from configstore: " + - mPWcachedb); + CMS.debug("got pwCache from configstore: " + mPWcachedb); } catch (NullPointerException e) { - System.out.println("after CMS.getConfigStore got NullPointerException ... testing ok"); + System.out + .println("after CMS.getConfigStore got NullPointerException ... testing ok"); } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CONFIG")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GET_CONFIG")); // let it fall through } - // System.out.println("after CMS.getConfigStore"); - if (File.separator.equals("/")) { + // System.out.println("after CMS.getConfigStore"); + if (File.separator.equals("/")) { // Unix mCB = new PWsdrConsolePasswordCallback(prompt); } else { @@ -90,33 +88,27 @@ public class PWCBsdr implements PasswordCallback { } // System.out.println( "Created PWCBsdr with prompt of " - // + mprompt ); + // + mprompt ); } - /* We are now assuming that PasswordCallbackInfo.getname() returns - * the tag we are hoping to match in the cache. + /* + * We are now assuming that PasswordCallbackInfo.getname() returns the tag + * we are hoping to match in the cache. */ public Password getPasswordFirstAttempt(PasswordCallbackInfo info) - throws PasswordCallback.GiveUpException { + throws PasswordCallback.GiveUpException { CMS.debug("in getPasswordFirstAttempt"); - /* debugging code to see if token is logged in - try { - CryptoManager cm = CryptoManager.getInstance(); - CryptoToken token = - cm.getInternalKeyStorageToken(); - if (token.isLoggedIn() == false) { - // missed it. - CMS.debug("token not yet logged in!!"); - } else { - CMS.debug("token logged in."); - } - } catch (Exception e) { - CMS.debug("crypto manager error:"+e.toString()); - } - CMS.debug("still in getPasswordFirstAttempt"); + /* + * debugging code to see if token is logged in try { CryptoManager cm = + * CryptoManager.getInstance(); CryptoToken token = + * cm.getInternalKeyStorageToken(); if (token.isLoggedIn() == false) { + * // missed it. CMS.debug("token not yet logged in!!"); } else { + * CMS.debug("token logged in."); } } catch (Exception e) { + * CMS.debug("crypto manager error:"+e.toString()); } + * CMS.debug("still in getPasswordFirstAttempt"); */ Password pw = null; String tmpPrompt = info.getName(); @@ -144,7 +136,7 @@ public class PWCBsdr implements PasswordCallback { if (tmpPrompt == null) { /* no name, fail */ System.out.println("Shouldn't get here"); throw new PasswordCallback.GiveUpException(); - } else { /* get password from password cache */ + } else { /* get password from password cache */ CMS.debug("getting tag = " + tmpPrompt); PWsdrCache pwc = new PWsdrCache(mPWcachedb, mLogger); @@ -157,8 +149,9 @@ public class PWCBsdr implements PasswordCallback { return (pw); } else { /* password not found */ - // we don't want caller to do getPasswordAgain, for now - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_THROW_CALLBACK")); + // we don't want caller to do getPasswordAgain, for now + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_THROW_CALLBACK")); throw new PasswordCallback.GiveUpException(); } } @@ -169,12 +162,13 @@ public class PWCBsdr implements PasswordCallback { } } - /* The password cache has failed to return a password (or a usable password. - * Now we will try and get the password from the user and hopefully add - * the password to the cache pw cache + /* + * The password cache has failed to return a password (or a usable password. + * Now we will try and get the password from the user and hopefully add the + * password to the cache pw cache */ public Password getPasswordAgain(PasswordCallbackInfo info) - throws PasswordCallback.GiveUpException { + throws PasswordCallback.GiveUpException { CMS.debug("in getPasswordAgain"); try { @@ -198,7 +192,7 @@ public class PWCBsdr implements PasswordCallback { } } catch (Throwable e) { // System.out.println( "BUG HERE!! in the password again!!" - // + "!!!!!!!!!!!" ); + // + "!!!!!!!!!!!" ); // e.printStackTrace(); throw new PasswordCallback.GiveUpException(); } @@ -208,12 +202,12 @@ public class PWCBsdr implements PasswordCallback { if (mLogger == null) { System.out.println(msg); } else { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "PWCBsdr " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "PWCBsdr " + + msg); } } } - class PWsdrConsolePasswordCallback implements PasswordCallback { private String mPrompt = null; @@ -226,7 +220,7 @@ class PWsdrConsolePasswordCallback implements PasswordCallback { } public Password getPasswordFirstAttempt(PasswordCallbackInfo info) - throws PasswordCallback.GiveUpException { + throws PasswordCallback.GiveUpException { if (mPrompt == null) { System.out.println("Get password " + info.getName()); } else { @@ -239,7 +233,7 @@ class PWsdrConsolePasswordCallback implements PasswordCallback { } public Password getPasswordAgain(PasswordCallbackInfo info) - throws PasswordCallback.GiveUpException { + throws PasswordCallback.GiveUpException { System.out.println("Password Incorrect."); if (mPrompt == null) { System.out.println("Get password " + info.getName()); @@ -253,7 +247,6 @@ class PWsdrConsolePasswordCallback implements PasswordCallback { } } - class PWsdrDialogPasswordCallback extends JDialogPasswordCallback { private String mPrompt = null; @@ -270,4 +263,3 @@ class PWsdrDialogPasswordCallback extends JDialogPasswordCallback { } } } - diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java b/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java index 3be636912..908ac1db7 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java +++ b/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java @@ -17,23 +17,19 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.BufferedReader; import java.io.InputStreamReader; import org.mozilla.jss.util.Password; import org.mozilla.jss.util.PasswordCallback; - -public class -PWUtil { - public static Password - readPasswordFromStream() - throws PasswordCallback.GiveUpException { +public class PWUtil { + public static Password readPasswordFromStream() + throws PasswordCallback.GiveUpException { BufferedReader in; in = new BufferedReader(new InputStreamReader(System.in)); - + StringBuffer buf = new StringBuffer(); String passwordString = new String(); int c; @@ -49,7 +45,7 @@ PWUtil { if (ch != '\r') { if (ch != '\n') { buf.append(ch); - } else { + } else { passwordString = buf.toString(); buf.setLength(0); break; @@ -61,10 +57,10 @@ PWUtil { } // memory problem? - // String passwordString = in.readLine(); - // System.out.println( "done read" ); - // System.out.println( " password recieved is [" - // + passwordString + "]" ); + // String passwordString = in.readLine(); + // System.out.println( "done read" ); + // System.out.println( " password recieved is [" + // + passwordString + "]" ); if (passwordString == null) { throw new PasswordCallback.GiveUpException(); } @@ -80,4 +76,3 @@ PWUtil { } } } - diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java b/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java index 12412f59c..51c1a3b77 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java +++ b/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.BufferedReader; import java.io.ByteArrayOutputStream; import java.io.File; @@ -46,7 +45,6 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.logging.ILogger; import com.netscape.cmsutil.util.Utils; - /* * A class for managing passwords in the SDR password cache * @@ -73,7 +71,8 @@ public class PWsdrCache { mPWcachedb = CMS.getConfigStore().getString("pwCache"); CMS.debug("got pwCache file path from configstore"); } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CONFIG")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GET_CONFIG")); // let it fall through } initToken(); @@ -85,14 +84,18 @@ public class PWsdrCache { CryptoManager cm = null; try { cm = CryptoManager.getInstance(); - mTokenName = CMS.getConfigStore().getString(PROP_PWC_TOKEN_NAME); - log (ILogger.LL_DEBUG, "pwcTokenname specified. Use token for SDR key. tokenname= "+mTokenName); + mTokenName = CMS.getConfigStore() + .getString(PROP_PWC_TOKEN_NAME); + log(ILogger.LL_DEBUG, + "pwcTokenname specified. Use token for SDR key. tokenname= " + + mTokenName); mToken = cm.getTokenByName(mTokenName); } catch (NotInitializedException e) { - log (ILogger.LL_FAILURE, e.toString()); + log(ILogger.LL_FAILURE, e.toString()); throw new EBaseException(e.toString()); } catch (Exception e) { - log (ILogger.LL_DEBUG, "no pwcTokenname specified, use internal token for SDR key"); + log(ILogger.LL_DEBUG, + "no pwcTokenname specified, use internal token for SDR key"); mToken = cm.getInternalKeyStorageToken(); } } @@ -103,11 +106,11 @@ public class PWsdrCache { if (mKeyID == null) { try { String keyID = CMS.getConfigStore().getString(PROP_PWC_KEY_ID); - log (ILogger.LL_DEBUG, "retrieved PWC SDR key"); + log(ILogger.LL_DEBUG, "retrieved PWC SDR key"); mKeyID = base64Decode(keyID); - + } catch (Exception e) { - log (ILogger.LL_DEBUG, "no pwcSDRKey specified"); + log(ILogger.LL_DEBUG, "no pwcSDRKey specified"); throw new EBaseException(e.toString()); } } @@ -118,7 +121,7 @@ public class PWsdrCache { // Do not use for PWCBsdr, since we don't want to mistakenly // generate SDR keys in case of configuration errors public PWsdrCache(String pwCache, String pwcTokenname, byte[] keyId, - boolean isTool) throws Exception { + boolean isTool) throws Exception { mPWcachedb = pwCache; mIsTool = isTool; mTokenName = pwcTokenname; @@ -131,10 +134,10 @@ public class PWsdrCache { cm = CryptoManager.getInstance(); if (mTokenName != null) { mToken = cm.getTokenByName(mTokenName); - mToken = cm.getInternalKeyStorageToken(); - debug("PWsdrCache: mToken = "+mTokenName); + mToken = cm.getInternalKeyStorageToken(); + debug("PWsdrCache: mToken = " + mTokenName); } else { - mToken = cm.getInternalKeyStorageToken(); + mToken = cm.getInternalKeyStorageToken(); debug("PWsdrCache: mToken = internal"); } } @@ -147,61 +150,54 @@ public class PWsdrCache { return mTokenName; } - public void deleteUniqueNamedKey( String nickName ) - throws Exception - { - KeyManager km = new KeyManager( mToken ); - km.deleteUniqueNamedKey( nickName ); + public void deleteUniqueNamedKey(String nickName) throws Exception { + KeyManager km = new KeyManager(mToken); + km.deleteUniqueNamedKey(nickName); } - public byte[] generateSDRKey () throws Exception { - return generateSDRKeyWithNickName(PROP_PWC_NICKNAME); + public byte[] generateSDRKey() throws Exception { + return generateSDRKeyWithNickName(PROP_PWC_NICKNAME); } - public byte[] generateSDRKeyWithNickName (String nickName) - throws Exception - { + public byte[] generateSDRKeyWithNickName(String nickName) throws Exception { try { if (mIsTool != true) { // generate SDR key KeyManager km = new KeyManager(mToken); try { - // Bugscape Bug #54838: Due to the CMS cloning feature, - // we must check for the presence of - // a uniquely named symmetric key - // prior to making an attempt to - // generate it! + // Bugscape Bug #54838: Due to the CMS cloning feature, + // we must check for the presence of + // a uniquely named symmetric key + // prior to making an attempt to + // generate it! // - if( !( km.uniqueNamedKeyExists( nickName ) ) ) { - mKeyID = km.generateUniqueNamedKey( nickName ); + if (!(km.uniqueNamedKeyExists(nickName))) { + mKeyID = km.generateUniqueNamedKey(nickName); } } catch (TokenException e) { - log (0, "generateSDRKey() failed on "+e.toString()); + log(0, "generateSDRKey() failed on " + e.toString()); throw e; } } } catch (Exception e) { - log (ILogger.LL_FAILURE, e.toString()); + log(ILogger.LL_FAILURE, e.toString()); throw e; } return mKeyID; } public byte[] base64Decode(String s) throws IOException { - byte[] d = com.netscape.osutil.OSUtil.AtoB(s); - return d; + byte[] d = com.netscape.osutil.OSUtil.AtoB(s); + return d; } public static String base64Encode(byte[] bytes) throws IOException { // All this streaming is lame, but Base64OutputStream needs a // PrintStream ByteArrayOutputStream output = new ByteArrayOutputStream(); - Base64OutputStream b64 = new Base64OutputStream(new - PrintStream(new - FilterOutputStream(output) - ) - ); + Base64OutputStream b64 = new Base64OutputStream(new PrintStream( + new FilterOutputStream(output))); b64.write(bytes); b64.flush(); @@ -211,10 +207,8 @@ public class PWsdrCache { return output.toString("8859_1"); } - // for PWCBsdr - public PWsdrCache(String pwCache, ILogger logger) throws - EBaseException { + public PWsdrCache(String pwCache, ILogger logger) throws EBaseException { mLogger = logger; mPWcachedb = pwCache; initToken(); @@ -235,8 +229,9 @@ public class PWsdrCache { /* * add passwd in pwcache. */ - public void addEntry(String tag, String pwd, Hashtable tagPwds) throws EBaseException { - + public void addEntry(String tag, String pwd, Hashtable tagPwds) + throws EBaseException { + String stringToAdd = null; String bufs = null; @@ -249,7 +244,7 @@ public class PWsdrCache { tag = (String) enum1.nextElement(); pwd = (String) tagPwds.get(tag); debug("password tag: " + tag + " stored in " + mPWcachedb); - + if (stringToAdd == null) { stringToAdd = tag + ":" + pwd + "\n"; } else { @@ -262,7 +257,7 @@ public class PWsdrCache { if (dcrypts != null) { // converts to Hashtable, replace if tag exists, add - // if tag doesn't exist + // if tag doesn't exist Hashtable ht = string2Hashtable(dcrypts); if (ht.containsKey(tag) == false) { @@ -277,7 +272,7 @@ public class PWsdrCache { debug("adding new tag: " + tag); bufs = stringToAdd; } - + // write update to cache writePWcache(bufs); } @@ -292,7 +287,7 @@ public class PWsdrCache { if (dcrypts != null) { // converts to Hashtable, replace if tag exists, add - // if tag doesn't exist + // if tag doesn't exist Hashtable ht = string2Hashtable(dcrypts); if (ht.containsKey(tag) == false) { @@ -307,7 +302,7 @@ public class PWsdrCache { debug("password cache contains no tags"); return; } - + // write update to cache writePWcache(bufs); } @@ -337,10 +332,14 @@ public class PWsdrCache { } inputs.close(); } catch (FileNotFoundException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, + e.toString())); throw new EBaseException(e.toString() + ": " + mPWcachedb); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, + e.toString())); throw new EBaseException(e.toString() + ": " + mPWcachedb); } @@ -351,7 +350,9 @@ public class PWsdrCache { dcrypts = new String(dcryptb, "UTF-8"); } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_DECRYPT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PW_DECRYPT", + e.toString())); e.printStackTrace(); throw new EBaseException("password cache decrypt failed"); } @@ -366,7 +367,7 @@ public class PWsdrCache { public void writePWcache(String bufs) throws EBaseException { try { Encryptor sdr = new Encryptor(mToken, mKeyID, - Encryptor.DEFAULT_ENCRYPTION_ALG); + Encryptor.DEFAULT_ENCRYPTION_ALG); byte[] writebuf = null; @@ -374,7 +375,9 @@ public class PWsdrCache { // now encrypt it again writebuf = sdr.encrypt(bufs.getBytes("UTF-8")); } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_ENCRYPT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PW_ENCRYPT", + e.toString())); e.printStackTrace(); throw new EBaseException("password cache encrypt failed"); } @@ -386,7 +389,8 @@ public class PWsdrCache { tmpPWcache.delete(); tmpPWcache = new File(mPWcachedb + ".tmp"); } - FileOutputStream outstream = new FileOutputStream(mPWcachedb + ".tmp"); + FileOutputStream outstream = new FileOutputStream(mPWcachedb + + ".tmp"); outstream.write(writebuf); outstream.close(); @@ -394,48 +398,54 @@ public class PWsdrCache { File origFile = new File(mPWcachedb); try { - if( Utils.isNT() ) { + if (Utils.isNT()) { // NT is very picky on the path - Utils.exec( "copy " + - tmpPWcache.getAbsolutePath().replace( '/', - '\\' ) + - " " + - origFile.getAbsolutePath().replace( '/', - '\\' ) ); + Utils.exec("copy " + + tmpPWcache.getAbsolutePath().replace('/', '\\') + + " " + + origFile.getAbsolutePath().replace('/', '\\')); } else { // Create a copy of the original file which // preserves the original file permissions. - Utils.exec( "cp -p " + tmpPWcache.getAbsolutePath() + " " + - origFile.getAbsolutePath() ); + Utils.exec("cp -p " + tmpPWcache.getAbsolutePath() + " " + + origFile.getAbsolutePath()); } // Remove the original file if and only if // the backup copy was successful. - if( origFile.exists() ) { - if( !Utils.isNT() ) { + if (origFile.exists()) { + if (!Utils.isNT()) { try { - Utils.exec( "chmod 00660 " + - origFile.getCanonicalPath() ); - } catch( IOException e ) { - CMS.debug( "Unable to change file permissions on " - + origFile.toString() ); + Utils.exec("chmod 00660 " + + origFile.getCanonicalPath()); + } catch (IOException e) { + CMS.debug("Unable to change file permissions on " + + origFile.toString()); } } tmpPWcache.delete(); - debug( "operation completed for " + mPWcachedb ); + debug("operation completed for " + mPWcachedb); } } catch (Exception exx) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_CACHE", exx.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PW_CACHE", + exx.toString())); throw new EBaseException(exx.toString() + ": " + mPWcachedb); } } catch (FileNotFoundException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, + e.toString())); throw new EBaseException(e.toString() + ": " + mPWcachedb); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, + e.toString())); throw new EBaseException(e.toString() + ": " + mPWcachedb); } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, + e.toString())); throw new EBaseException(e.toString() + ": " + mPWcachedb); } } @@ -447,7 +457,7 @@ public class PWsdrCache { while (enum1.hasMoreElements()) { String tag = (String) enum1.nextElement(); String pwd = (String) ht.get(tag); - + if (returnString == null) { returnString = tag + ":" + pwd + "\n"; } else { @@ -470,19 +480,18 @@ public class PWsdrCache { if (colonIdx != -1) { String tag = line.substring(0, colonIdx); - String passwd = line.substring(colonIdx + 1, - line.length()); + String passwd = line.substring(colonIdx + 1, line.length()); ht.put(tag.trim(), passwd.trim()); } else { - //invalid format...log or throw...later + // invalid format...log or throw...later } } return ht; } /* - * get password from cache. This one supplies cache file name + * get password from cache. This one supplies cache file name */ public Password getEntry(String fileName, String tag) { mPWcachedb = fileName; @@ -490,8 +499,8 @@ public class PWsdrCache { } /* - * if tag found with pwd, return it - * if tag not found, return null, which will cause it to give up + * if tag found with pwd, return it if tag not found, return null, which + * will cause it to give up */ public Password getEntry(String tag) { Hashtable pwTable = null; @@ -509,7 +518,8 @@ public class PWsdrCache { try { dcrypts = readPWcache(); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_READ", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PW_READ", e.toString())); return null; } @@ -527,12 +537,13 @@ public class PWsdrCache { debug("getEntry gotten password for " + tag); return new Password(pw.toCharArray()); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_TAG", tag)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PW_TAG", tag)); return null; } } - //copied from IOUtil.java + // copied from IOUtil.java /** * Checks if this is NT. */ @@ -566,22 +577,17 @@ public class PWsdrCache { if (process.exitValue() == 0) { /** - pOut = new BufferedReader( - new InputStreamReader(process.getInputStream())); - while ((l = pOut.readLine()) != null) { - System.out.println(l); - } + * pOut = new BufferedReader( new + * InputStreamReader(process.getInputStream())); while ((l = + * pOut.readLine()) != null) { System.out.println(l); } **/ return true; } else { /** - pOut = new BufferedReader( - new InputStreamReader(process.getErrorStream())); - l = null; - while ((l = pOut.readLine()) != null) { - System.out.println(l); - } + * pOut = new BufferedReader( new + * InputStreamReader(process.getErrorStream())); l = null; while + * ((l = pOut.readLine()) != null) { System.out.println(l); } **/ return false; } @@ -599,7 +605,7 @@ public class PWsdrCache { public void log(int level, String msg) { if (mLogger != null) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, - "PWsdrCache " + msg); + "PWsdrCache " + msg); } else if (mIsTool) { System.out.println(msg); } // else it's most likely the installation wizard...no logging @@ -615,7 +621,8 @@ public class PWsdrCache { try { dcrypts = readPWcache(); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_READ", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PW_READ", e.toString())); return false; } @@ -632,13 +639,11 @@ public class PWsdrCache { if (colonIdx != -1) { String tag = line.substring(0, colonIdx); - String passwd = line.substring(colonIdx + 1, - line.length()); + String passwd = line.substring(colonIdx + 1, line.length()); - debug(tag.trim() + - " : " + passwd.trim()); + debug(tag.trim() + " : " + passwd.trim()); } else { - //invalid format...log or throw...later + // invalid format...log or throw...later debug("invalid format"); } } diff --git a/pki/base/common/src/com/netscape/cmscore/security/Provider.java b/pki/base/common/src/com/netscape/cmscore/security/Provider.java index 0e7f8e2e8..f4d8c03c2 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/Provider.java +++ b/pki/base/common/src/com/netscape/cmscore/security/Provider.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - public class Provider extends java.security.Provider { /** @@ -26,12 +25,11 @@ public class Provider extends java.security.Provider { private static final long serialVersionUID = -8050884788034389693L; public Provider() { - super("CMS", 1.4, - "Provides Signature and Message Digesting"); + super("CMS", 1.4, "Provides Signature and Message Digesting"); - ///////////////////////////////////////////////////////////// + // /////////////////////////////////////////////////////////// // Signature - ///////////////////////////////////////////////////////////// + // /////////////////////////////////////////////////////////// put("Signature.SHA1withDSA", "org.mozilla.jss.provider.DSASignature"); @@ -45,14 +43,13 @@ public class Provider extends java.security.Provider { put("Signature.MD5/RSA", "org.mozilla.jss.provider.MD5RSASignature"); put("Signature.MD2/RSA", "org.mozilla.jss.provider.MD2RSASignature"); - put("Signature.SHA-1/RSA", - "org.mozilla.jss.provider.SHA1RSASignature"); + put("Signature.SHA-1/RSA", "org.mozilla.jss.provider.SHA1RSASignature"); put("Alg.Alias.Signature.SHA1/RSA", "SHA-1/RSA"); - ///////////////////////////////////////////////////////////// + // /////////////////////////////////////////////////////////// // Message Digesting - ///////////////////////////////////////////////////////////// + // /////////////////////////////////////////////////////////// } } diff --git a/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java b/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java index 1ac8f0ea7..5302c5e70 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java +++ b/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.IOException; import java.security.KeyPair; @@ -29,16 +28,14 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; - /** - * RA signing certificate + * RA signing certificate * * @author Christine Ho * @version $Revision$, $Date$ */ public class RASigningCert extends CertificateInfo { - public static final String SUBJECT_NAME = - "CN=Registration Authority, O=Netscape Communications, C=US"; + public static final String SUBJECT_NAME = "CN=Registration Authority, O=Netscape Communications, C=US"; private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME; public RASigningCert(KeyCertData properties) { @@ -49,8 +46,7 @@ public class RASigningCert extends CertificateInfo { super(properties, pair); String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME); - if ((tmp != null) && - (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) + if ((tmp != null) && (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) mTokenname = tmp; try { if (mProperties.get(Constants.PR_AKI) == null) { @@ -78,8 +74,8 @@ public class RASigningCert extends CertificateInfo { public String getNickname() { String name = (String) mProperties.get(Constants.PR_NICKNAME); - String instanceName = - (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); + String instanceName = (String) mProperties + .get(ConfigConstants.PR_CERT_INSTANCE_NAME); if (name != null) return name; @@ -87,19 +83,14 @@ public class RASigningCert extends CertificateInfo { } /* - public SignatureAlgorithm getSigningAlgorithm() { - SignatureAlgorithm sAlg = - (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM); - if (sAlg != null) { - return sAlg; - } - String alg = (String)mProperties.get(Constants.PR_KEY_TYPE); - - if (alg.equals("RSA")) - return SignatureAlgorithm.RSASignatureWithMD5Digest; - else - return SignatureAlgorithm.DSASignatureWithSHA1Digest; - } + * public SignatureAlgorithm getSigningAlgorithm() { SignatureAlgorithm sAlg + * = (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM); + * if (sAlg != null) { return sAlg; } String alg = + * (String)mProperties.get(Constants.PR_KEY_TYPE); + * + * if (alg.equals("RSA")) return + * SignatureAlgorithm.RSASignatureWithMD5Digest; else return + * SignatureAlgorithm.DSASignatureWithSHA1Digest; } */ public String getKeyAlgorithm() { @@ -113,4 +104,3 @@ public class RASigningCert extends CertificateInfo { return extension; } } - diff --git a/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java b/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java index eab48bdf5..b886ec36a 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java +++ b/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.IOException; import java.security.KeyPair; @@ -29,16 +28,14 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; - /** - * SSL server certificate + * SSL server certificate * * @author Christine Ho * @version $Revision$, $Date$ */ public class SSLCert extends CertificateInfo { - public static final String SUBJECT_NAME = - "CN=SSL, O=Netscape Communications, C=US"; + public static final String SUBJECT_NAME = "CN=SSL, O=Netscape Communications, C=US"; private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME; public SSLCert(KeyCertData properties) { @@ -49,8 +46,7 @@ public class SSLCert extends CertificateInfo { super(properties, pair); String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME); - if ((tmp != null) && - (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) + if ((tmp != null) && (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) mTokenname = tmp; try { if (mProperties.get(Constants.PR_AKI) == null) { @@ -62,7 +58,7 @@ public class SSLCert extends CertificateInfo { // 020598: The server bit has to be turned on. Otherwise, it might // crash jss. - //mProperties.put(Constants.PR_SSL_SERVER_BIT, Constants.TRUE); + // mProperties.put(Constants.PR_SSL_SERVER_BIT, Constants.TRUE); } public void updateConfig(IConfigStore cmsFileTmp) throws EBaseException { @@ -87,8 +83,8 @@ public class SSLCert extends CertificateInfo { public String getNickname() { String name = (String) mProperties.get(Constants.PR_NICKNAME); - String instanceName = - (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); + String instanceName = (String) mProperties + .get(ConfigConstants.PR_CERT_INSTANCE_NAME); if (name != null) return name; @@ -96,19 +92,14 @@ public class SSLCert extends CertificateInfo { } /* - public SignatureAlgorithm getSigningAlgorithm() { - SignatureAlgorithm sAlg = - (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM); - if (sAlg != null) { - return sAlg; - } - String alg = (String)mProperties.get(Constants.PR_KEY_TYPE); - - if (alg.equals("RSA")) - return SignatureAlgorithm.RSASignatureWithMD5Digest; - else - return SignatureAlgorithm.DSASignatureWithSHA1Digest; - } + * public SignatureAlgorithm getSigningAlgorithm() { SignatureAlgorithm sAlg + * = (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM); + * if (sAlg != null) { return sAlg; } String alg = + * (String)mProperties.get(Constants.PR_KEY_TYPE); + * + * if (alg.equals("RSA")) return + * SignatureAlgorithm.RSASignatureWithMD5Digest; else return + * SignatureAlgorithm.DSASignatureWithSHA1Digest; } */ public String getKeyAlgorithm() { @@ -125,4 +116,3 @@ public class SSLCert extends CertificateInfo { return extension; } } - diff --git a/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java b/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java index ac7eb2ad9..b210ce7a2 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java +++ b/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.IOException; import java.security.KeyPair; @@ -29,16 +28,14 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; - /** - * SSL server certificate + * SSL server certificate * * @author Christine Ho * @version $Revision$, $Date$ */ public class SSLSelfSignedCert extends CertificateInfo { - public static final String SUBJECT_NAME = - "CN=SSL, O=Netscape Communications, C=US"; + public static final String SUBJECT_NAME = "CN=SSL, O=Netscape Communications, C=US"; private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME; public SSLSelfSignedCert(KeyCertData properties) { @@ -49,8 +46,7 @@ public class SSLSelfSignedCert extends CertificateInfo { super(properties, pair); String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME); - if ((tmp != null) && - (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) + if ((tmp != null) && (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) mTokenname = tmp; mProperties.remove(Constants.PR_AKI); @@ -79,8 +75,8 @@ public class SSLSelfSignedCert extends CertificateInfo { public String getNickname() { String name = (String) mProperties.get(Constants.PR_NICKNAME); - String instanceName = - (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); + String instanceName = (String) mProperties + .get(ConfigConstants.PR_CERT_INSTANCE_NAME); if (name != null) return name; @@ -88,19 +84,14 @@ public class SSLSelfSignedCert extends CertificateInfo { } /* - public SignatureAlgorithm getSigningAlgorithm() { - SignatureAlgorithm sAlg = - (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM); - if (sAlg != null) { - return sAlg; - } - String alg = (String)mProperties.get(Constants.PR_KEY_TYPE); - - if (alg.equals("RSA")) - return SignatureAlgorithm.RSASignatureWithMD5Digest; - else - return SignatureAlgorithm.DSASignatureWithSHA1Digest; - } + * public SignatureAlgorithm getSigningAlgorithm() { SignatureAlgorithm sAlg + * = (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM); + * if (sAlg != null) { return sAlg; } String alg = + * (String)mProperties.get(Constants.PR_KEY_TYPE); + * + * if (alg.equals("RSA")) return + * SignatureAlgorithm.RSASignatureWithMD5Digest; else return + * SignatureAlgorithm.DSASignatureWithSHA1Digest; } */ public String getKeyAlgorithm() { @@ -114,9 +105,8 @@ public class SSLSelfSignedCert extends CertificateInfo { KeyUsageExtension extension = new KeyUsageExtension(); extension.set(KeyUsageExtension.DIGITAL_SIGNATURE, new Boolean(true)); - //extension.set(KeyUsageExtension.NON_REPUDIATION, new Boolean(true)); + // extension.set(KeyUsageExtension.NON_REPUDIATION, new Boolean(true)); extension.set(KeyUsageExtension.KEY_ENCIPHERMENT, new Boolean(true)); return extension; } } - diff --git a/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java b/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java index bd630de84..e5a036d1d 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java +++ b/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; - import java.io.IOException; import java.security.KeyPair; @@ -29,7 +28,6 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; - /** * Subsystem certificate. * @@ -61,7 +59,8 @@ public class SubsystemCert extends CertificateInfo { public String getNickname() { String name = (String) mProperties.get(Constants.PR_NICKNAME); - String instanceName = (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); + String instanceName = (String) mProperties + .get(ConfigConstants.PR_CERT_INSTANCE_NAME); if (name != null) return name; @@ -81,4 +80,3 @@ public class SubsystemCert extends CertificateInfo { return extension; } } - |