diff options
author | Ade Lee <alee@redhat.com> | 2011-12-08 21:15:59 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2011-12-08 21:15:59 -0500 |
commit | 171aaece4f23709d33d180cf36eb3af5e454b0c9 (patch) | |
tree | 1485f9f0a7bd10de4ff25030db575dbb8dafae74 /pki/base/ocsp/src | |
parent | adad2fcee8a29fdb82376fbce07dedb11fccc182 (diff) | |
download | pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.gz pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.xz pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.zip |
Revert "Formatting"
This reverts commit 32150d3ee32f8ac27118af7c792794b538c78a2f.
Diffstat (limited to 'pki/base/ocsp/src')
4 files changed, 241 insertions, 248 deletions
diff --git a/pki/base/ocsp/src/com/netscape/ocsp/EOCSPException.java b/pki/base/ocsp/src/com/netscape/ocsp/EOCSPException.java index 231ab2867..4b06a1aa8 100644 --- a/pki/base/ocsp/src/com/netscape/ocsp/EOCSPException.java +++ b/pki/base/ocsp/src/com/netscape/ocsp/EOCSPException.java @@ -17,12 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.ocsp; + import com.netscape.certsrv.base.EBaseException; + /** * A class represents a OCSP exception. * <P> - * + * * @version $Revision$, $Date$ */ public class EOCSPException extends EBaseException { diff --git a/pki/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java b/pki/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java index f6dbc4853..c8b531429 100644 --- a/pki/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java +++ b/pki/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.ocsp; + import java.io.ByteArrayInputStream; import java.io.IOException; import java.security.MessageDigest; @@ -66,22 +67,21 @@ import com.netscape.cmsutil.ocsp.OCSPResponse; import com.netscape.cmsutil.ocsp.ResponderID; import com.netscape.cmsutil.ocsp.ResponseData; + /** - * A class represents a Certificate Authority that is responsible for - * certificate specific operations. + * A class represents a Certificate Authority that is + * responsible for certificate specific operations. * <P> - * + * * @author lhsiao * @version $Revision$, $Date$ */ -public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, - IAuthority { +public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, IAuthority { private long mServedRequests = 0; private long mServedTime = 0; - public final static OBJECT_IDENTIFIER OCSP_NONCE = new OBJECT_IDENTIFIER( - "1.3.6.1.5.5.7.48.1.2"); + public final static OBJECT_IDENTIFIER OCSP_NONCE = new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.48.1.2"); private Hashtable mStores = new Hashtable(); private String mId = "ocsp"; @@ -91,7 +91,7 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, private X509CertImpl mCert = null; private String[] mSigningAlgorithms = null; private X500Name mName = null; - private String mNickname = null; + private String mNickname = null; private String[] mOCSPSigningAlgorithms = null; private IOCSPStore mDefStore = null; @@ -106,7 +106,7 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, /** * Retrieves the name of this subsystem. */ - public String getId() { + public String getId() { return mId; } @@ -118,15 +118,16 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, } /** - * Initializes this subsystem with the given configuration store. + * Initializes this subsystem with the given configuration + * store. * <P> - * + * * @param owner owner of this subsystem * @param config configuration store * @exception EBaseException failed to initialize */ - public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException { try { mConfig = config; @@ -145,10 +146,8 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, while (ids.hasMoreElements()) { String id = (String) ids.nextElement(); - String className = mConfig.getString(PROP_STORE + "." + id - + ".class", null); - IOCSPStore store = (IOCSPStore) Class.forName(className) - .newInstance(); + String className = mConfig.getString(PROP_STORE + "." + id + ".class", null); + IOCSPStore store = (IOCSPStore) Class.forName(className).newInstance(); store.init(this, mConfig.getSubStore(PROP_STORE + "." + id)); mStores.put(id, store); @@ -157,17 +156,11 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, } } } catch (ClassNotFoundException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_SIGNING_UNIT", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_OCSP_SIGNING_UNIT", e.toString())); } catch (InstantiationException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_SIGNING_UNIT", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_OCSP_SIGNING_UNIT", e.toString())); } catch (IllegalAccessException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_SIGNING_UNIT", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_OCSP_SIGNING_UNIT", e.toString())); } } catch (EBaseException ee) { if (CMS.isPreOpMode()) @@ -192,9 +185,7 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, try { return mConfig.getString(PROP_STORE + "." + id + ".class", null); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_CLASSPATH", id, - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_OCSP_CLASSPATH", id, e.toString())); return null; } } @@ -204,9 +195,8 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, X500Name name = getName(); Name.Template nameTemplate = new Name.Template(); - return new NameID( - (Name) nameTemplate.decode(new ByteArrayInputStream(name - .getEncoded()))); + return new NameID((Name) nameTemplate.decode( + new ByteArrayInputStream(name.getEncoded()))); } catch (IOException e) { return null; } catch (InvalidBERException e) { @@ -217,18 +207,18 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, public ResponderID getResponderIDByHash() { /* - * KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key - * --(excluding the tag and length fields) + KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key + --(excluding the tag and length fields) */ - PublicKey publicKey = getSigningUnit().getPublicKey(); + PublicKey publicKey = getSigningUnit().getPublicKey(); MessageDigest md = null; try { - md = MessageDigest.getInstance("SHA1"); + md = MessageDigest.getInstance("SHA1"); } catch (NoSuchAlgorithmException e) { return null; } - md.update(publicKey.getEncoded()); + md.update(publicKey.getEncoded()); byte digested[] = md.digest(); return new KeyHashID(new OCTET_STRING(digested)); @@ -249,47 +239,47 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, X509Key caPubKey = null; try { - caPubKey = (X509Key) mCert.get(X509CertImpl.PUBLIC_KEY); + caPubKey = (X509Key) mCert.get(X509CertImpl.PUBLIC_KEY); } catch (CertificateParsingException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_OCSP_RETRIEVE_KEY", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_OCSP_RETRIEVE_KEY", e.toString())); } if (caPubKey == null) { - return null; // something seriously wrong. + return null; // something seriously wrong. } AlgorithmId alg = caPubKey.getAlgorithmId(); if (alg == null) { - return null; // something seriously wrong. + return null; // something seriously wrong. } mOCSPSigningAlgorithms = AlgorithmId.getSigningAlgorithms(alg); if (mOCSPSigningAlgorithms == null) { - CMS.debug("OCSP - no signing algorithms for " + alg.getName()); + CMS.debug( + "OCSP - no signing algorithms for " + alg.getName()); } else { CMS.debug("OCSP First signing algorithm "); } return mOCSPSigningAlgorithms; } - public static final OBJECT_IDENTIFIER MD2 = new OBJECT_IDENTIFIER( - "1.2.840.113549.2.2"); - public static final OBJECT_IDENTIFIER MD5 = new OBJECT_IDENTIFIER( - "1.2.840.113549.2.5"); - public static final OBJECT_IDENTIFIER SHA1 = new OBJECT_IDENTIFIER( - "1.3.14.3.2.26"); + public static final OBJECT_IDENTIFIER MD2 = + new OBJECT_IDENTIFIER("1.2.840.113549.2.2"); + public static final OBJECT_IDENTIFIER MD5 = + new OBJECT_IDENTIFIER("1.2.840.113549.2.5"); + public static final OBJECT_IDENTIFIER SHA1 = + new OBJECT_IDENTIFIER("1.3.14.3.2.26"); - public String getDigestName(AlgorithmIdentifier alg) { - if (alg == null) { - return null; - } else if (alg.getOID().equals(MD2)) { - return "MD2"; - } else if (alg.getOID().equals(MD5)) { - return "MD5"; - } else if (alg.getOID().equals(SHA1)) { - return "SHA1"; // 1.3.14.3.2.26 - } else { - return null; - } + public String getDigestName(AlgorithmIdentifier alg) { + if (alg == null) { + return null; + } else if (alg.getOID().equals(MD2)) { + return "MD2"; + } else if (alg.getOID().equals(MD5)) { + return "MD5"; + } else if (alg.getOID().equals(SHA1)) { + return "SHA1"; // 1.3.14.3.2.26 + } else { + return null; + } } /** @@ -312,11 +302,12 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, // init cert chain CryptoManager manager = CryptoManager.getInstance(); - org.mozilla.jss.crypto.X509Certificate[] chain = manager - .buildCertificateChain(mSigningUnit.getCert()); + org.mozilla.jss.crypto.X509Certificate[] chain = + manager.buildCertificateChain(mSigningUnit.getCert()); // XXX do this in case other subsyss expect a X509CertImpl // until JSS implements all methods of X509Certificate - java.security.cert.X509Certificate[] implchain = new java.security.cert.X509Certificate[chain.length]; + java.security.cert.X509Certificate[] implchain = + new java.security.cert.X509Certificate[chain.length]; for (int i = 0; i < chain.length; i++) { implchain[i] = new X509CertImpl(chain[i].getEncoded()); @@ -334,17 +325,17 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, } catch (CryptoManager.NotInitializedException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_SIGNING", e.toString())); + CMS.getLogMessage("CMSCORE_OCSP_SIGNING", e.toString())); } catch (CertificateException e) { if (Debug.ON) e.printStackTrace(); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_CHAIN", e.toString())); + CMS.getLogMessage("CMSCORE_OCSP_CHAIN", e.toString())); } catch (TokenException e) { if (Debug.ON) e.printStackTrace(); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_CHAIN", e.toString())); + CMS.getLogMessage("CMSCORE_OCSP_CHAIN", e.toString())); } } @@ -367,7 +358,8 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, /** * Process OCSPRequest. */ - public OCSPResponse validate(OCSPRequest request) throws EBaseException { + public OCSPResponse validate(OCSPRequest request) + throws EBaseException { long startTime = (CMS.getCurrentDate()).getTime(); OCSPResponse response = mDefStore.validate(request); long endTime = (CMS.getCurrentDate()).getTime(); @@ -395,8 +387,8 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, } /** - * Stops this system. The owner may call shutdown anytime after - * initialization. + * Stops this system. The owner may call shutdown + * anytime after initialization. * <P> */ public void shutdown() { @@ -405,7 +397,7 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, /** * Returns the root configuration storage of this system. * <P> - * + * * @return configuration store of this subsystem */ public IConfigStore getConfigStore() { @@ -418,35 +410,38 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, /** * logs a message in the CA area. - * * @param level the debug level. * @param msg the message to debug. */ public void log(int event, int level, String msg) { - mLogger.log(event, ILogger.S_OCSP, level, msg); + mLogger.log(event, ILogger.S_OCSP, + level, msg); } public void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OCSP, level, msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OCSP, + level, msg); } - public void setDefaultAlgorithm(String algorithm) throws EBaseException { + public void setDefaultAlgorithm(String algorithm) + throws EBaseException { mSigningUnit.setDefaultAlgorithm(algorithm); } /** * Signs the Response Data. */ - public BasicOCSPResponse sign(ResponseData rd) throws EBaseException { + public BasicOCSPResponse sign(ResponseData rd) + throws EBaseException { try { DerOutputStream out = new DerOutputStream(); DerOutputStream tmp = new DerOutputStream(); - String algname = mSigningUnit.getDefaultAlgorithm(); + String algname = mSigningUnit.getDefaultAlgorithm(); byte rd_data[] = ASN1Util.encode(rd); if (rd_data != null) { - mTotalData += rd_data.length; + mTotalData += rd_data.length; } rd.encode(tmp); AlgorithmId.get(algname).encode(tmp); @@ -456,30 +451,29 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, tmp.putBitString(signature); // XXX - optional, put the certificate chains in also + DerOutputStream tmpChain = new DerOutputStream(); DerOutputStream tmp1 = new DerOutputStream(); DerOutputStream outChain = new DerOutputStream(); - java.security.cert.X509Certificate chains[] = mCertChain.getChain(); + java.security.cert.X509Certificate chains[] = + mCertChain.getChain(); for (int i = 0; i < chains.length; i++) { tmpChain.putDerValue(new DerValue(chains[i].getEncoded())); } tmp1.write(DerValue.tag_Sequence, tmpChain); tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0), - tmp1); + tmp1); out.write(DerValue.tag_Sequence, tmp); - - BasicOCSPResponse response = new BasicOCSPResponse( - out.toByteArray()); + + BasicOCSPResponse response = new BasicOCSPResponse(out.toByteArray()); return response; } catch (Exception e) { e.printStackTrace(); // error e - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_SIGN_RESPONSE", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_OCSP_SIGN_RESPONSE", e.toString())); return null; } @@ -488,7 +482,7 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, /** * Returns default signing unit used by this CA * <P> - * + * * @return request identifier */ public ISigningUnit getSigningUnit() { @@ -498,7 +492,6 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, /** * Retrieves the request queue for the Authority. * <P> - * * @return the request queue. */ public IRequestQueue getRequestQueue() { @@ -548,90 +541,115 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, */ /** - * public OCSPResponse processOCSPRequest(OCSPRequest req, OCSPReqProcessor - * p) throws EBaseException { try { log(ILogger.LL_INFO, - * "start OCSP request"); TBSRequest tbsReq = request.getTBSRequest(); - * - * Vector singleResponses = new Vector(); for (int i = 0; i < - * tbsReq.getRequestCount(); i++) { com.netscape.certsrv.ocsp.asn1.Request - * req = tbsReq.getRequestAt(i); CertID cid = req.getCertID(); - * SingleResponse sr = p.process(cid); singleResponses.addElement(sr); } - * - * - * SingleResponse res[] = new SingleResponse[singleResponses.size()]; - * singleResponses.copyInto(res); - * - * X500Name name = getName(); Name.Template nameTemplate = new - * Name.Template(); NameID rid = new NameID((Name)nameTemplate.decode( new - * ByteArrayInputStream(name.getEncoded()))); ResponseData rd = new - * ResponseData(rid, new GeneralizedTime( CMS.getCurrentDate()), res); - * - * BasicOCSPResponse basicRes = sign(rd); - * - * OCSPResponse response = new OCSPResponse( OCSPResponseStatus.SUCCESSFUL, - * new ResponseBytes(ResponseBytes.OCSP_BASIC, new - * OCTET_STRING(ASN1Util.encode(basicRes)))); - * - * log(ILogger.LL_INFO, "done OCSP request"); return response; } catch - * (Exception e) { log(ILogger.LL_FAILURE, "request processing failure " + - * e); return null; } } + public OCSPResponse processOCSPRequest(OCSPRequest req, OCSPReqProcessor p) + throws EBaseException + { + try { + log(ILogger.LL_INFO, "start OCSP request"); + TBSRequest tbsReq = request.getTBSRequest(); + + Vector singleResponses = new Vector(); + for (int i = 0; i < tbsReq.getRequestCount(); i++) + { + com.netscape.certsrv.ocsp.asn1.Request req = + tbsReq.getRequestAt(i); + CertID cid = req.getCertID(); + SingleResponse sr = p.process(cid); + singleResponses.addElement(sr); + } + + + SingleResponse res[] = new SingleResponse[singleResponses.size()]; + singleResponses.copyInto(res); + + X500Name name = getName(); + Name.Template nameTemplate = new Name.Template(); + NameID rid = new NameID((Name)nameTemplate.decode( + new ByteArrayInputStream(name.getEncoded()))); + ResponseData rd = new ResponseData(rid, new GeneralizedTime( + CMS.getCurrentDate()), res); + + BasicOCSPResponse basicRes = sign(rd); + + OCSPResponse response = new OCSPResponse( + OCSPResponseStatus.SUCCESSFUL, + new ResponseBytes(ResponseBytes.OCSP_BASIC, + new OCTET_STRING(ASN1Util.encode(basicRes)))); + + log(ILogger.LL_INFO, "done OCSP request"); + return response; + } catch (Exception e) { + log(ILogger.LL_FAILURE, "request processing failure " + e); + return null; + } + } **/ /** * Returns the in-memory count of the processed OCSP requests. - * + * * @return number of processed OCSP requests in memory */ - public long getNumOCSPRequest() { + public long getNumOCSPRequest() + { return mNumOCSPRequest; } /** - * Returns the in-memory time (in mini-second) of the processed time for - * OCSP requests. - * + * Returns the in-memory time (in mini-second) of + * the processed time for OCSP requests. + * * @return processed times for OCSP requests */ - public long getOCSPRequestTotalTime() { - return mTotalTime; + public long getOCSPRequestTotalTime() + { + return mTotalTime; } /** - * Returns the in-memory time (in mini-second) of the signing time for OCSP - * requests. - * + * Returns the in-memory time (in mini-second) of + * the signing time for OCSP requests. + * * @return processed times for OCSP requests */ - public long getOCSPTotalSignTime() { - return mSignTime; + public long getOCSPTotalSignTime() + { + return mSignTime; } - public long getOCSPTotalLookupTime() { - return mLookupTime; + public long getOCSPTotalLookupTime() + { + return mLookupTime; } /** - * Returns the total data signed for OCSP requests. - * + * Returns the total data signed + * for OCSP requests. + * * @return processed times for OCSP requests */ - public long getOCSPTotalData() { - return mTotalData; + public long getOCSPTotalData() + { + return mTotalData; } - public void incTotalTime(long inc) { + public void incTotalTime(long inc) + { mTotalTime += inc; } - public void incSignTime(long inc) { + public void incSignTime(long inc) + { mSignTime += inc; - } + } - public void incLookupTime(long inc) { + public void incLookupTime(long inc) + { mLookupTime += inc; - } + } - public void incNumOCSPRequest(long inc) { + public void incNumOCSPRequest(long inc) + { mNumOCSPRequest += inc; } } diff --git a/pki/base/ocsp/src/com/netscape/ocsp/OCSPResources.java b/pki/base/ocsp/src/com/netscape/ocsp/OCSPResources.java index 5c3439c63..6c9032f11 100644 --- a/pki/base/ocsp/src/com/netscape/ocsp/OCSPResources.java +++ b/pki/base/ocsp/src/com/netscape/ocsp/OCSPResources.java @@ -17,12 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.ocsp; + import java.util.ListResourceBundle; + /** * A class represents a resource bundle for OCSP subsystem. * <P> - * + * * @version $Revision$ $Date$ */ public class OCSPResources extends ListResourceBundle { @@ -35,7 +37,8 @@ public class OCSPResources extends ListResourceBundle { } /** - * Constants. The suffix represents the number of possible parameters. + * Constants. The suffix represents the number of + * possible parameters. */ static final Object[][] contents = {}; } diff --git a/pki/base/ocsp/src/com/netscape/ocsp/SigningUnit.java b/pki/base/ocsp/src/com/netscape/ocsp/SigningUnit.java index 65990a5ee..d1447de27 100644 --- a/pki/base/ocsp/src/com/netscape/ocsp/SigningUnit.java +++ b/pki/base/ocsp/src/com/netscape/ocsp/SigningUnit.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.ocsp; + import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.PublicKey; @@ -50,7 +51,7 @@ import com.netscape.cmsutil.util.Cert; /** * OCSP signing unit based on JSS. - * + * * $Revision$ $Date$ */ @@ -75,8 +76,8 @@ public final class SigningUnit implements ISigningUnit { private ISubsystem mOwner = null; - private String mDefSigningAlgname = null; - private SignatureAlgorithm mDefSigningAlgorithm = null; + private String mDefSigningAlgname = null; + private SignatureAlgorithm mDefSigningAlgorithm = null; public SigningUnit() { } @@ -123,8 +124,8 @@ public final class SigningUnit implements ISigningUnit { } public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { - mOwner = owner; + throws EBaseException { + mOwner = owner; mConfig = config; String tokenname = null; @@ -137,8 +138,8 @@ public final class SigningUnit implements ISigningUnit { CMS.debug("OCSP nickname " + mNickname); tokenname = config.getString(PROP_TOKEN_NAME); - if (tokenname.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) - || tokenname.equalsIgnoreCase("Internal Key Storage Token")) { + if (tokenname.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) || + tokenname.equalsIgnoreCase("Internal Key Storage Token")) { mToken = mManager.getInternalKeyStorageToken(); } else { mToken = mManager.getTokenByName(tokenname); @@ -148,13 +149,12 @@ public final class SigningUnit implements ISigningUnit { CMS.debug(config.getName() + " Signing Unit nickname " + mNickname); CMS.debug("Got token " + tokenname + " by name"); - PasswordCallback cb = JssSubsystem.getInstance().getPWCB(); + PasswordCallback cb = JssSubsystem.getInstance().getPWCB(); mToken.login(cb); // ONE_TIME by default. mCert = mManager.findCertByNickname(mNickname); - CMS.debug("Found cert by nickname: '" + mNickname - + "' with serial number: " + mCert.getSerialNumber()); + CMS.debug("Found cert by nickname: '"+mNickname+"' with serial number: "+mCert.getSerialNumber()); mCertImpl = new X509CertImpl(mCert.getEncoded()); CMS.debug("converted to x509CertImpl"); @@ -167,42 +167,32 @@ public final class SigningUnit implements ISigningUnit { // get def alg and check if def sign alg is valid for token. mDefSigningAlgname = config.getString(PROP_DEFAULT_SIGNALG); - mDefSigningAlgorithm = checkSigningAlgorithmFromName(mDefSigningAlgname); - CMS.debug("got signing algorithm " + mDefSigningAlgorithm); + mDefSigningAlgorithm = + checkSigningAlgorithmFromName(mDefSigningAlgname); + CMS.debug( + "got signing algorithm " + mDefSigningAlgorithm); mInited = true; } catch (java.security.cert.CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_CONVERT_X509", - e.getMessage())); - throw new EOCSPException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_CONVERT_X509", e.getMessage())); + throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (CryptoManager.NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_SIGNING", e.toString())); - throw new EOCSPException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_SIGNING", e.toString())); + throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (IncorrectPasswordException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_INCORRECT_PWD", - e.toString())); - throw new EOCSPException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_INCORRECT_PWD", e.toString())); + throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (NoSuchTokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_OCSP_TOKEN_NOT_FOUND", tokenname, e.toString())); - throw new EOCSPException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_OCSP_TOKEN_NOT_FOUND", tokenname, e.toString())); + throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (ObjectNotFoundException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_OBJECT_NOT_FOUND", - e.toString())); - throw new EOCSPException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_OCSP_OBJECT_NOT_FOUND", e.toString())); + throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("OPERATION_ERROR", e.toString())); - throw new EOCSPException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } } @@ -216,44 +206,41 @@ public final class SigningUnit implements ISigningUnit { * @exception EBaseException if signing algorithm is not supported. */ public SignatureAlgorithm checkSigningAlgorithmFromName(String algname) - throws EBaseException { + throws EBaseException { try { SignatureAlgorithm sigalg = null; sigalg = mapAlgorithmToJss(algname); if (sigalg == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); - throw new EOCSPException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); + throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "")); } Signature signer = mToken.getSignatureContext(sigalg); signer.initSign(mPrivk); return sigalg; } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); - throw new EOCSPException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); + throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (TokenException e) { // from get signature context or from initSign - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); - throw new EOCSPException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); + throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (InvalidKeyException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); - throw new EOCSPException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); + throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } } /** * @param algname is expected to be one of JCA's algorithm names. */ - public byte[] sign(byte[] data, String algname) throws EBaseException { + public byte[] sign(byte[] data, String algname) + throws EBaseException { if (!mInited) { throw new EBaseException("OCSPSigningUnit not initialized!"); } @@ -266,10 +253,10 @@ public final class SigningUnit implements ISigningUnit { signAlg = checkSigningAlgorithmFromName(algname); } - // XXX use a pool of signers based on alg ? + // XXX use a pool of signers based on alg ? // XXX Map algor. name to id. hack: use hardcoded define for now. - CMS.debug("Getting algorithm context for " + algname + " " - + signAlg); + CMS.debug( + "Getting algorithm context for " + algname + " " + signAlg); Signature signer = mToken.getSignatureContext(signAlg); signer.initSign(mPrivk); @@ -277,31 +264,23 @@ public final class SigningUnit implements ISigningUnit { CMS.debug("Signing OCSP Response"); return signer.sign(); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("OPERATION_ERROR", e.toString())); - throw new EOCSPException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (TokenException e) { // from get signature context or from initSign - log(ILogger.LL_FAILURE, - CMS.getLogMessage("OPERATION_ERROR", e.toString())); - throw new EOCSPException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (InvalidKeyException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("OPERATION_ERROR", e.toString())); - throw new EOCSPException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (SignatureException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("OPERATION_ERROR", e.toString())); - throw new EOCSPException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } } public boolean verify(byte[] data, byte[] signature, String algname) - throws EBaseException { + throws EBaseException { if (!mInited) { throw new EBaseException("OCSPSigningUnit not initialized!"); } @@ -309,10 +288,9 @@ public final class SigningUnit implements ISigningUnit { SignatureAlgorithm signAlg = mapAlgorithmToJss(algname); if (signAlg == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); - throw new EOCSPException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); + throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "")); } // XXX make this configurable. hack: use hardcoded for now. Signature signer = mToken.getSignatureContext(signAlg); @@ -321,34 +299,26 @@ public final class SigningUnit implements ISigningUnit { signer.update(data); return signer.verify(signature); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("OPERATION_ERROR", e.toString())); - throw new EOCSPException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (TokenException e) { // from get signature context or from initSign - log(ILogger.LL_FAILURE, - CMS.getLogMessage("OPERATION_ERROR", e.toString())); - throw new EOCSPException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (InvalidKeyException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("OPERATION_ERROR", e.toString())); - throw new EOCSPException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (SignatureException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("OPERATION_ERROR", e.toString())); - throw new EOCSPException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } } private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OCSP, level, - "OCSPSigningUnit: " + msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OCSP, + level, "OCSPSigningUnit: " + msg); } /** @@ -366,14 +336,15 @@ public final class SigningUnit implements ISigningUnit { } public void setDefaultAlgorithm(String algorithm) throws EBaseException { - mConfig.putString(PROP_DEFAULT_SIGNALG, algorithm); + mConfig.putString(PROP_DEFAULT_SIGNALG, algorithm); mDefSigningAlgname = algorithm; - log(ILogger.LL_INFO, "Default signing algorithm is set to " + algorithm); + log(ILogger.LL_INFO, + "Default signing algorithm is set to " + algorithm); } /** * get all possible algorithms for the OCSP signing key type. - */ + */ public String[] getAllAlgorithms() throws EBaseException { byte[] keybytes = mPubk.getEncoded(); X509Key key = new X509Key(); @@ -383,10 +354,8 @@ public final class SigningUnit implements ISigningUnit { } catch (java.security.InvalidKeyException e) { String msg = "Invalid encoding in OCSP signing key."; - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_INVALID_ENCODING")); - throw new EOCSPException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", msg)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_OCSP_INVALID_ENCODING")); + throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg)); } if (key.getAlgorithmId().getOID().equals(AlgorithmId.DSA_oid)) { @@ -400,3 +369,4 @@ public final class SigningUnit implements ISigningUnit { return Cert.mapAlgorithmToJss(algname); } } + |