diff options
| author | Ade Lee <alee@redhat.com> | 2012-01-11 12:57:53 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2012-01-11 13:49:04 -0500 |
| commit | 10cfe7756e967ac91c66d33b392aeab9cf3780fb (patch) | |
| tree | d5ac9b58442265d2ce5ef60e31f041ddacba1b4f /pki/base/kra/src/com/netscape/kra/RecoveryService.java | |
| parent | edcb24f65cc3700e75d0a1d14dc2483f210b0ee4 (diff) | |
| download | pki-10cfe7756e967ac91c66d33b392aeab9cf3780fb.tar.gz pki-10cfe7756e967ac91c66d33b392aeab9cf3780fb.tar.xz pki-10cfe7756e967ac91c66d33b392aeab9cf3780fb.zip | |
Formatting (no line wrap in comments or code)
Diffstat (limited to 'pki/base/kra/src/com/netscape/kra/RecoveryService.java')
| -rw-r--r-- | pki/base/kra/src/com/netscape/kra/RecoveryService.java | 361 |
1 files changed, 178 insertions, 183 deletions
diff --git a/pki/base/kra/src/com/netscape/kra/RecoveryService.java b/pki/base/kra/src/com/netscape/kra/RecoveryService.java index f364bf4ff..51723e530 100644 --- a/pki/base/kra/src/com/netscape/kra/RecoveryService.java +++ b/pki/base/kra/src/com/netscape/kra/RecoveryService.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.kra; - import java.io.ByteArrayOutputStream; import java.io.CharConversionException; import java.math.BigInteger; @@ -75,12 +74,10 @@ import com.netscape.cmscore.util.Debug; * are 2 types of recovery modes: (1) administrator or * (2) end-entity. * <P> - * Administrator recovery will create a PKCS12 file where - * stores the certificate and the recovered key. + * Administrator recovery will create a PKCS12 file where stores the certificate and the recovered key. * <P> - * End Entity recovery will send RA or CA a response where - * stores the recovered key. - * + * End Entity recovery will send RA or CA a response where stores the recovered key. + * * @author thomask (original) * @author cfu (non-RSA keys; private keys secure handling); * @version $Revision$, $Date$ @@ -96,12 +93,12 @@ public class RecoveryService implements IService { public static final String ATTR_TRANSPORT_PWD = "transportPwd"; public static final String ATTR_SIGNING_CERT = "signingCert"; public static final String ATTR_PKCS12 = "pkcs12"; - public static final String ATTR_ENCRYPTION_CERTS = - "encryptionCerts"; - public static final String ATTR_AGENT_CREDENTIALS = - "agentCredentials"; + public static final String ATTR_ENCRYPTION_CERTS = + "encryptionCerts"; + public static final String ATTR_AGENT_CREDENTIALS = + "agentCredentials"; // same as encryption certs - public static final String ATTR_USER_CERT = "cert"; + public static final String ATTR_USER_CERT = "cert"; public static final String ATTR_DELIVERY = "delivery"; // for Async Key Recovery @@ -125,7 +122,7 @@ public class RecoveryService implements IService { * (either Administrator or End-Entity), the method reads * the key record from the database, and tried to recover the * key with the storage key unit. - * + * * @param request recovery request * @return operation success or not * @exception EBaseException failed to serve @@ -146,22 +143,22 @@ public class RecoveryService implements IService { CMS.debug("RecoveryService: serviceRequest: use internal token "); ct = cm.getInternalCryptoToken(); } else { - CMS.debug("RecoveryService: serviceRequest: tokenName="+tokName); + CMS.debug("RecoveryService: serviceRequest: tokenName=" + tokName); ct = cm.getTokenByName(tokName); } allowEncDecrypt_recovery = config.getBoolean("kra.allowEncDecrypt.recovery", false); } catch (Exception e) { CMS.debug("RecoveryService exception: use internal token :" - + e.toString()); + + e.toString()); ct = cm.getInternalCryptoToken(); } if (ct == null) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR"+ "cannot get crypto token")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR" + "cannot get crypto token")); } - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("recovery", true /* main action */); + statsSub.startTiming("recovery", true /* main action */); } if (Debug.ON) @@ -184,17 +181,17 @@ public class RecoveryService implements IService { mKRA.log(ILogger.LL_INFO, "KRA reading key record"); if (statsSub != null) { - statsSub.startTiming("get_key"); + statsSub.startTiming("get_key"); } KeyRecord keyRecord = (KeyRecord) mStorage.readKeyRecord(serialno); if (statsSub != null) { - statsSub.endTiming("get_key"); + statsSub.endTiming("get_key"); } // see if the certificate matches the key byte pubData[] = keyRecord.getPublicKeyData(); - X509Certificate x509cert = - request.getExtDataInCert(ATTR_USER_CERT); + X509Certificate x509cert = + request.getExtDataInCert(ATTR_USER_CERT); byte inputPubData[] = x509cert.getPublicKey().getEncoded(); if (inputPubData.length != pubData.length) { @@ -212,49 +209,50 @@ public class RecoveryService implements IService { boolean isRSA = true; String keyAlg = x509cert.getPublicKey().getAlgorithm(); - if (keyAlg != null) { - CMS.debug("RecoveryService: publicKey alg ="+keyAlg); - if (!keyAlg.equals("RSA")) isRSA = false; + if (keyAlg != null) { + CMS.debug("RecoveryService: publicKey alg =" + keyAlg); + if (!keyAlg.equals("RSA")) + isRSA = false; } // Unwrap the archived private key byte privateKeyData[] = null; X509Certificate transportCert = - request.getExtDataInCert(ATTR_TRANSPORT_CERT); + request.getExtDataInCert(ATTR_TRANSPORT_CERT); if (transportCert == null) { if (statsSub != null) { - statsSub.startTiming("recover_key"); + statsSub.startTiming("recover_key"); } PrivateKey privKey = null; if (allowEncDecrypt_recovery == true) { privateKeyData = recoverKey(params, keyRecord); } else { - privKey= recoverKey(params, keyRecord, isRSA); + privKey = recoverKey(params, keyRecord, isRSA); } if (statsSub != null) { - statsSub.endTiming("recover_key"); + statsSub.endTiming("recover_key"); } if ((isRSA == true) && (allowEncDecrypt_recovery == true)) { if (statsSub != null) { - statsSub.startTiming("verify_key"); + statsSub.startTiming("verify_key"); } // verifyKeyPair() is RSA-centric if (verifyKeyPair(pubData, privateKeyData) == false) { mKRA.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_PUBLIC_NOT_FOUND")); + CMS.getLogMessage("CMSCORE_KRA_PUBLIC_NOT_FOUND")); throw new EKRAException( CMS.getUserMessage("CMS_KRA_INVALID_PUBLIC_KEY")); } if (statsSub != null) { - statsSub.endTiming("verify_key"); + statsSub.endTiming("verify_key"); } } if (statsSub != null) { - statsSub.startTiming("create_p12"); + statsSub.startTiming("create_p12"); } if (allowEncDecrypt_recovery == true) { createPFX(request, params, privateKeyData); @@ -262,31 +260,31 @@ public class RecoveryService implements IService { createPFX(request, params, privKey, ct); } if (statsSub != null) { - statsSub.endTiming("create_p12"); + statsSub.endTiming("create_p12"); } } else { if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { - Credential creds[] = (Credential[]) - params.get(ATTR_AGENT_CREDENTIALS); - mKRA.getStorageKeyUnit().login(creds); + Credential creds[] = (Credential[]) + params.get(ATTR_AGENT_CREDENTIALS); + mKRA.getStorageKeyUnit().login(creds); } if (statsSub != null) { - statsSub.startTiming("unwrap_key"); + statsSub.startTiming("unwrap_key"); } PrivateKey privateKey = mKRA.getStorageKeyUnit().unwrap( keyRecord.getPrivateKeyData(), null); if (statsSub != null) { - statsSub.endTiming("unwrap_key"); + statsSub.endTiming("unwrap_key"); } if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { - mKRA.getStorageKeyUnit().logout(); + mKRA.getStorageKeyUnit().logout(); } } - mKRA.log(ILogger.LL_INFO, "key " + - serialno.toString() + - " recovered"); + mKRA.log(ILogger.LL_INFO, "key " + + serialno.toString() + + " recovered"); // for audit log String authMgr = AuditFormat.NOAUTH; @@ -295,32 +293,32 @@ public class RecoveryService implements IService { if (sContext != null) { String agentId = - (String) sContext.get(SessionContext.USER_ID); + (String) sContext.get(SessionContext.USER_ID); initiative = AuditFormat.FROMAGENT + " agentID: " + agentId; AuthToken authToken = (AuthToken) sContext.get(SessionContext.AUTH_TOKEN); - + if (authToken != null) { authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } } CMS.getLogger().log(ILogger.EV_AUDIT, - ILogger.S_KRA, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - IRequest.KEYRECOVERY_REQUEST, - request.getRequestId(), - initiative, - authMgr, - "completed", - ((X509CertImpl) x509cert).getSubjectDN(), - "serial number: 0x" + serialno.toString(16)} - ); + ILogger.S_KRA, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + IRequest.KEYRECOVERY_REQUEST, + request.getRequestId(), + initiative, + authMgr, + "completed", + ((X509CertImpl) x509cert).getSubjectDN(), + "serial number: 0x" + serialno.toString(16) } + ); if (statsSub != null) { - statsSub.endTiming("recovery"); + statsSub.endTiming("recovery"); } return true; @@ -329,63 +327,62 @@ public class RecoveryService implements IService { /* * verifyKeyPair()- RSA-centric key verification */ - public boolean verifyKeyPair(byte publicKeyData[], byte privateKeyData[]) - { - try { - DerValue publicKeyVal = new DerValue(publicKeyData); - DerInputStream publicKeyIn = publicKeyVal.data; - publicKeyIn.getSequence(0); - DerValue publicKeyDer = new DerValue(publicKeyIn.getBitString()); - DerInputStream publicKeyDerIn = publicKeyDer.data; - BigInt publicKeyModulus = publicKeyDerIn.getInteger(); - BigInt publicKeyExponent = publicKeyDerIn.getInteger(); - - DerValue privateKeyVal = new DerValue(privateKeyData); - if (privateKeyVal.tag != DerValue.tag_Sequence) - return false; - DerInputStream privateKeyIn = privateKeyVal.data; - privateKeyIn.getInteger(); - privateKeyIn.getSequence(0); - DerValue privateKeyDer = new DerValue(privateKeyIn.getOctetString()); - DerInputStream privateKeyDerIn = privateKeyDer.data; - BigInt privateKeyVersion = privateKeyDerIn.getInteger(); - BigInt privateKeyModulus = privateKeyDerIn.getInteger(); - BigInt privateKeyExponent = privateKeyDerIn.getInteger(); - - if (!publicKeyModulus.equals(privateKeyModulus)) { - CMS.debug("verifyKeyPair modulus mismatch publicKeyModulus=" + publicKeyModulus + " privateKeyModulus=" + privateKeyModulus); - return false; - } - - if (!publicKeyExponent.equals(privateKeyExponent)) { - CMS.debug("verifyKeyPair exponent mismatch publicKeyExponent=" + publicKeyExponent + " privateKeyExponent=" + privateKeyExponent); - return false; - } - - return true; - } catch (Exception e) { - CMS.debug("verifyKeyPair error " + e); - return false; - } + public boolean verifyKeyPair(byte publicKeyData[], byte privateKeyData[]) { + try { + DerValue publicKeyVal = new DerValue(publicKeyData); + DerInputStream publicKeyIn = publicKeyVal.data; + publicKeyIn.getSequence(0); + DerValue publicKeyDer = new DerValue(publicKeyIn.getBitString()); + DerInputStream publicKeyDerIn = publicKeyDer.data; + BigInt publicKeyModulus = publicKeyDerIn.getInteger(); + BigInt publicKeyExponent = publicKeyDerIn.getInteger(); + + DerValue privateKeyVal = new DerValue(privateKeyData); + if (privateKeyVal.tag != DerValue.tag_Sequence) + return false; + DerInputStream privateKeyIn = privateKeyVal.data; + privateKeyIn.getInteger(); + privateKeyIn.getSequence(0); + DerValue privateKeyDer = new DerValue(privateKeyIn.getOctetString()); + DerInputStream privateKeyDerIn = privateKeyDer.data; + BigInt privateKeyVersion = privateKeyDerIn.getInteger(); + BigInt privateKeyModulus = privateKeyDerIn.getInteger(); + BigInt privateKeyExponent = privateKeyDerIn.getInteger(); + + if (!publicKeyModulus.equals(privateKeyModulus)) { + CMS.debug("verifyKeyPair modulus mismatch publicKeyModulus=" + publicKeyModulus + " privateKeyModulus=" + privateKeyModulus); + return false; + } + + if (!publicKeyExponent.equals(privateKeyExponent)) { + CMS.debug("verifyKeyPair exponent mismatch publicKeyExponent=" + publicKeyExponent + " privateKeyExponent=" + privateKeyExponent); + return false; + } + + return true; + } catch (Exception e) { + CMS.debug("verifyKeyPair error " + e); + return false; + } } /** * Recovers key. (using unwrapping/wrapping on token) - * - used when allowEncDecrypt_recovery is false + * - used when allowEncDecrypt_recovery is false */ - public synchronized PrivateKey recoverKey(Hashtable request, KeyRecord keyRecord, boolean isRSA) - throws EBaseException { + public synchronized PrivateKey recoverKey(Hashtable request, KeyRecord keyRecord, boolean isRSA) + throws EBaseException { - if (!isRSA) { + if (!isRSA) { CMS.debug("RecoverService: recoverKey: currently, non-RSA keys are not supported when allowEncDecrypt_ is false"); throw new EKRAException(CMS.getUserMessage("CMS_KRA_RECOVERY_FAILED_1", "key type not supported")); - } - try { + } + try { if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { - Credential creds[] = (Credential[]) - request.get(ATTR_AGENT_CREDENTIALS); + Credential creds[] = (Credential[]) + request.get(ATTR_AGENT_CREDENTIALS); - mStorageUnit.login(creds); + mStorageUnit.login(creds); } /* wrapped retrieve session key and private key */ @@ -400,50 +397,49 @@ public class RecoveryService implements IService { byte publicKeyData[] = keyRecord.getPublicKeyData(); PublicKey pubkey = null; try { - pubkey = X509Key.parsePublicKey (new DerValue(publicKeyData)); + pubkey = X509Key.parsePublicKey(new DerValue(publicKeyData)); } catch (Exception e) { - CMS.debug("RecoverService: after parsePublicKey:"+e.toString()); + CMS.debug("RecoverService: after parsePublicKey:" + e.toString()); throw new EKRAException(CMS.getUserMessage("CMS_KRA_RECOVERY_FAILED_1", "pubic key parsing failure")); } - byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; + byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; PrivateKey privKey = - mStorageUnit.unwrap( - session, - keyRecord.getAlgorithm(), - iv, - pri, - (PublicKey) pubkey); + mStorageUnit.unwrap( + session, + keyRecord.getAlgorithm(), + iv, + pri, + (PublicKey) pubkey); if (privKey == null) { mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_PRIVATE_KEY_NOT_FOUND")); throw new EKRAException(CMS.getUserMessage("CMS_KRA_RECOVERY_FAILED_1", "private key unwrapping failure")); } if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { - mStorageUnit.logout(); + mStorageUnit.logout(); } return privKey; } catch (Exception e) { - CMS.debug("RecoverService: recoverKey() failed with allowEncDecrypt_recovery=false:"+e.toString()); - throw new EKRAException(CMS.getUserMessage("CMS_KRA_RECOVERY_FAILED_1", "recoverKey() failed with allowEncDecrypt_recovery=false:"+e.toString())); + CMS.debug("RecoverService: recoverKey() failed with allowEncDecrypt_recovery=false:" + e.toString()); + throw new EKRAException(CMS.getUserMessage("CMS_KRA_RECOVERY_FAILED_1", "recoverKey() failed with allowEncDecrypt_recovery=false:" + e.toString())); } } - /** * Creates a PFX (PKCS12) file. (the unwrapping/wrapping way) - * - used when allowEncDecrypt_recovery is false - * + * - used when allowEncDecrypt_recovery is false + * * @param request CRMF recovery request * @param priKey private key handle * @exception EBaseException failed to create P12 file */ - public void createPFX(IRequest request, Hashtable params, - PrivateKey priKey, CryptoToken ct) throws EBaseException { + public void createPFX(IRequest request, Hashtable params, + PrivateKey priKey, CryptoToken ct) throws EBaseException { CMS.debug("RecoverService: createPFX() allowEncDecrypt_recovery=false"); try { // create p12 X509Certificate x509cert = - request.getExtDataInCert(ATTR_USER_CERT); + request.getExtDataInCert(ATTR_USER_CERT); String pwd = (String) params.get(ATTR_TRANSPORT_PWD); // add certificate @@ -461,7 +457,7 @@ public class RecoveryService implements IService { nickname, localKeyId); // attributes: user friendly name, Local Key ID SafeBag certBag = new SafeBag(SafeBag.CERT_BAG, - new CertBag(CertBag.X509_CERT_TYPE, cert), + new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs); encSafeContents.addElement(certBag); @@ -469,21 +465,21 @@ public class RecoveryService implements IService { // add key mKRA.log(ILogger.LL_INFO, "KRA adds key to P12"); CMS.debug("RecoverService: createPFX() adds key to P12"); - org.mozilla.jss.util.Password pass = new - org.mozilla.jss.util.Password( - pwd.toCharArray()); + org.mozilla.jss.util.Password pass = new + org.mozilla.jss.util.Password( + pwd.toCharArray()); SEQUENCE safeContents = new SEQUENCE(); - PasswordConverter passConverter = new - PasswordConverter(); - byte salt[] = {0x01, 0x01, 0x01, 0x01}; + PasswordConverter passConverter = new + PasswordConverter(); + byte salt[] = { 0x01, 0x01, 0x01, 0x01 }; ASN1Value key = EncryptedPrivateKeyInfo.createPBE( - PBEAlgorithm.PBE_SHA1_DES3_CBC, + PBEAlgorithm.PBE_SHA1_DES3_CBC, pass, salt, 1, passConverter, priKey, ct); SET keyAttrs = createBagAttrs( - x509cert.getSubjectDN().toString(), + x509cert.getSubjectDN().toString(), localKeyId); SafeBag keyBag = new SafeBag( @@ -493,15 +489,15 @@ public class RecoveryService implements IService { safeContents.addElement(keyBag); // build contents - AuthenticatedSafes authSafes = new - AuthenticatedSafes(); + AuthenticatedSafes authSafes = new + AuthenticatedSafes(); authSafes.addSafeContents( - safeContents - ); + safeContents + ); authSafes.addSafeContents( - encSafeContents - ); + encSafeContents + ); // authSafes.addEncryptedSafeContents( // authSafes.DEFAULT_KEY_GEN_ALG, @@ -510,8 +506,8 @@ public class RecoveryService implements IService { PFX pfx = new PFX(authSafes); pfx.computeMacData(pass, null, 5); // ?? - ByteArrayOutputStream fos = new - ByteArrayOutputStream(); + ByteArrayOutputStream fos = new + ByteArrayOutputStream(); pfx.encode(fos); pass.clear(); @@ -527,26 +523,25 @@ public class RecoveryService implements IService { mKRA.getRequestQueue().updateRequest(request); } - /** * Recovers key. - * - used when allowEncDecrypt_recovery is true + * - used when allowEncDecrypt_recovery is true */ - public synchronized byte[] recoverKey(Hashtable request, KeyRecord keyRecord) - throws EBaseException { + public synchronized byte[] recoverKey(Hashtable request, KeyRecord keyRecord) + throws EBaseException { if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { - Credential creds[] = (Credential[]) - request.get(ATTR_AGENT_CREDENTIALS); + Credential creds[] = (Credential[]) + request.get(ATTR_AGENT_CREDENTIALS); - mStorageUnit.login(creds); + mStorageUnit.login(creds); } mKRA.log(ILogger.LL_INFO, "KRA decrypts internal private"); - byte privateKeyData[] = - mStorageUnit.decryptInternalPrivate( - keyRecord.getPrivateKeyData()); + byte privateKeyData[] = + mStorageUnit.decryptInternalPrivate( + keyRecord.getPrivateKeyData()); if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { - mStorageUnit.logout(); + mStorageUnit.logout(); } if (privateKeyData == null) { mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_PRIVATE_KEY_NOT_FOUND")); @@ -557,19 +552,19 @@ public class RecoveryService implements IService { /** * Creates a PFX (PKCS12) file. - * - used when allowEncDecrypt_recovery is true - * + * - used when allowEncDecrypt_recovery is true + * * @param request CRMF recovery request * @param priData decrypted private key (PrivateKeyInfo) * @exception EBaseException failed to create P12 file */ - public void createPFX(IRequest request, Hashtable params, - byte priData[]) throws EBaseException { + public void createPFX(IRequest request, Hashtable params, + byte priData[]) throws EBaseException { CMS.debug("RecoverService: createPFX() allowEncDecrypt_recovery=true"); try { // create p12 X509Certificate x509cert = - request.getExtDataInCert(ATTR_USER_CERT); + request.getExtDataInCert(ATTR_USER_CERT); String pwd = (String) params.get(ATTR_TRANSPORT_PWD); // add certificate @@ -586,29 +581,29 @@ public class RecoveryService implements IService { nickname, localKeyId); // attributes: user friendly name, Local Key ID SafeBag certBag = new SafeBag(SafeBag.CERT_BAG, - new CertBag(CertBag.X509_CERT_TYPE, cert), + new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs); encSafeContents.addElement(certBag); // add key mKRA.log(ILogger.LL_INFO, "KRA adds key to P12"); - org.mozilla.jss.util.Password pass = new - org.mozilla.jss.util.Password( - pwd.toCharArray()); + org.mozilla.jss.util.Password pass = new + org.mozilla.jss.util.Password( + pwd.toCharArray()); SEQUENCE safeContents = new SEQUENCE(); - PasswordConverter passConverter = new - PasswordConverter(); - byte salt[] = {0x01, 0x01, 0x01, 0x01}; + PasswordConverter passConverter = new + PasswordConverter(); + byte salt[] = { 0x01, 0x01, 0x01, 0x01 }; PrivateKeyInfo pki = (PrivateKeyInfo) - ASN1Util.decode(PrivateKeyInfo.getTemplate(), - priData); + ASN1Util.decode(PrivateKeyInfo.getTemplate(), + priData); ASN1Value key = EncryptedPrivateKeyInfo.createPBE( - PBEAlgorithm.PBE_SHA1_DES3_CBC, + PBEAlgorithm.PBE_SHA1_DES3_CBC, pass, salt, 1, passConverter, pki); SET keyAttrs = createBagAttrs( - x509cert.getSubjectDN().toString(), + x509cert.getSubjectDN().toString(), localKeyId); SafeBag keyBag = new SafeBag( SafeBag.PKCS8_SHROUDED_KEY_BAG, key, @@ -617,15 +612,15 @@ public class RecoveryService implements IService { safeContents.addElement(keyBag); // build contents - AuthenticatedSafes authSafes = new - AuthenticatedSafes(); + AuthenticatedSafes authSafes = new + AuthenticatedSafes(); authSafes.addSafeContents( - safeContents - ); + safeContents + ); authSafes.addSafeContents( - encSafeContents - ); + encSafeContents + ); // authSafes.addEncryptedSafeContents( // authSafes.DEFAULT_KEY_GEN_ALG, @@ -634,8 +629,8 @@ public class RecoveryService implements IService { PFX pfx = new PFX(authSafes); pfx.computeMacData(pass, null, 5); // ?? - ByteArrayOutputStream fos = new - ByteArrayOutputStream(); + ByteArrayOutputStream fos = new + ByteArrayOutputStream(); pfx.encode(fos); pass.clear(); @@ -655,7 +650,7 @@ public class RecoveryService implements IService { * Creates local key identifier. */ public byte[] createLocalKeyId(X509Certificate cert) - throws EBaseException { + throws EBaseException { try { // SHA1 hash of the X509Cert der encoding byte certDer[] = cert.getEncoded(); @@ -666,12 +661,12 @@ public class RecoveryService implements IService { md.update(certDer); return md.digest(); } catch (CertificateEncodingException e) { - mKRA.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_CREAT_KEY_ID", e.toString())); + mKRA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_CREAT_KEY_ID", e.toString())); throw new EKRAException(CMS.getUserMessage("CMS_KRA_KEYID_FAILED_1", e.toString())); } catch (NoSuchAlgorithmException e) { - mKRA.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_CREAT_KEY_ID", e.toString())); + mKRA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_CREAT_KEY_ID", e.toString())); throw new EKRAException(CMS.getUserMessage("CMS_KRA_KEYID_FAILED_1", e.toString())); } } @@ -679,8 +674,8 @@ public class RecoveryService implements IService { /** * Creates bag attributes. */ - public SET createBagAttrs(String nickName, byte localKeyId[]) - throws EBaseException { + public SET createBagAttrs(String nickName, byte localKeyId[]) + throws EBaseException { try { SET attrs = new SET(); SEQUENCE nickNameAttr = new SEQUENCE(); @@ -701,8 +696,8 @@ public class RecoveryService implements IService { attrs.addElement(localKeyAttr); return attrs; } catch (CharConversionException e) { - mKRA.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_CREAT_KEY_BAG", e.toString())); + mKRA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_CREAT_KEY_BAG", e.toString())); throw new EKRAException(CMS.getUserMessage("CMS_KRA_KEYBAG_FAILED_1", e.toString())); } } |