diff options
| author | Ade Lee <alee@redhat.com> | 2012-01-11 12:59:52 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2012-01-11 13:49:27 -0500 |
| commit | 357d48b4f9897d09244f655d9b1836711947cc32 (patch) | |
| tree | 697e9be4401f683fd552bb72bc036142ea618244 /pki | |
| parent | 10cfe7756e967ac91c66d33b392aeab9cf3780fb (diff) | |
| download | pki-357d48b4f9897d09244f655d9b1836711947cc32.tar.gz pki-357d48b4f9897d09244f655d9b1836711947cc32.tar.xz pki-357d48b4f9897d09244f655d9b1836711947cc32.zip | |
Formatting - line wrap > 120 in code
Diffstat (limited to 'pki')
206 files changed, 1889 insertions, 846 deletions
diff --git a/pki/.settings/org.eclipse.jdt.core.prefs b/pki/.settings/org.eclipse.jdt.core.prefs index 5c9c773a0..e2efdb9b5 100644 --- a/pki/.settings/org.eclipse.jdt.core.prefs +++ b/pki/.settings/org.eclipse.jdt.core.prefs @@ -1,4 +1,4 @@ -#Wed Jan 11 12:53:00 EST 2012 +#Wed Jan 11 12:59:05 EST 2012 eclipse.preferences.version=1 org.eclipse.jdt.core.formatter.align_type_members_on_columns=false org.eclipse.jdt.core.formatter.alignment_for_arguments_in_allocation_expression=16 @@ -256,7 +256,7 @@ org.eclipse.jdt.core.formatter.keep_else_statement_on_same_line=false org.eclipse.jdt.core.formatter.keep_empty_array_initializer_on_one_line=false org.eclipse.jdt.core.formatter.keep_imple_if_on_one_line=false org.eclipse.jdt.core.formatter.keep_then_statement_on_same_line=false -org.eclipse.jdt.core.formatter.lineSplit=500 +org.eclipse.jdt.core.formatter.lineSplit=120 org.eclipse.jdt.core.formatter.never_indent_block_comments_on_first_column=false org.eclipse.jdt.core.formatter.never_indent_line_comments_on_first_column=false org.eclipse.jdt.core.formatter.number_of_blank_lines_at_beginning_of_method_body=0 diff --git a/pki/base/ca/src/com/netscape/ca/CAService.java b/pki/base/ca/src/com/netscape/ca/CAService.java index e6c302ff0..23b00a103 100644 --- a/pki/base/ca/src/com/netscape/ca/CAService.java +++ b/pki/base/ca/src/com/netscape/ca/CAService.java @@ -368,7 +368,8 @@ public class CAService implements ICAService, IService { // short cut profile-based request if (isProfileRequest(request)) { try { - CMS.debug("CAServic: x0 requestStatus=" + request.getRequestStatus().toString() + " instance=" + request); + CMS.debug("CAServic: x0 requestStatus=" + request.getRequestStatus().toString() + " instance=" + + request); serviceProfileRequest(request); request.setExtData(IRequest.RESULT, IRequest.RES_SUCCESS); CMS.debug("CAServic: x1 requestStatus=" + request.getRequestStatus().toString()); @@ -935,7 +936,8 @@ public class CAService implements ICAService, IService { modSet.add(ICertRecord.ATTR_META_INFO, Modification.MOD_REPLACE, oldMeta); mCA.getCertificateRepository().modifyCertificateRecord(oldSerialNo, modSet); - mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_MARK_SERIAL", oldSerialNo.toString(16), newSerialNo.toString(16))); + mCA.log(ILogger.LL_INFO, + CMS.getLogMessage("CMSCORE_CA_MARK_SERIAL", oldSerialNo.toString(16), newSerialNo.toString(16))); if (Debug.ON) { CertRecord check = (CertRecord) mCA.getCertificateRepository().readCertificateRecord(oldSerialNo); @@ -950,7 +952,8 @@ public class CAService implements ICAService, IService { } } } catch (EBaseException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NO_STORE_SERIAL", cert.getSerialNumber().toString(16))); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_NO_STORE_SERIAL", cert.getSerialNumber().toString(16))); if (Debug.ON) e.printStackTrace(); throw e; @@ -1035,7 +1038,8 @@ public class CAService implements ICAService, IService { } } } catch (EBaseException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ERROR_REVOCATION", serialno.toString(), e.toString())); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_ERROR_REVOCATION", serialno.toString(), e.toString())); //e.printStackTrace(); throw e; } @@ -1268,7 +1272,8 @@ class serviceIssue implements IServant { request.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (certinfos == null || certinfos[0] == null) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_REQUEST_NOT_FOUND", request.getRequestId().toString())); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CERT_REQUEST_NOT_FOUND", request.getRequestId().toString())); throw new ECAException(CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_ISSUEREQ")); } String challengePassword = @@ -1282,7 +1287,8 @@ class serviceIssue implements IServant { try { certs[i] = mService.issueX509Cert(rid, certinfos[i]); } catch (EBaseException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUE_ERROR", Integer.toString(i), rid, e.toString())); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_ISSUE_ERROR", Integer.toString(i), rid, e.toString())); throw e; } } @@ -1294,7 +1300,8 @@ class serviceIssue implements IServant { mService.storeX509Cert(rid, certs[i], crmfReqId, challengePassword); } catch (EBaseException e) { e.printStackTrace(); - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_STORE_ERROR", Integer.toString(i), rid, e.toString())); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_STORE_ERROR", Integer.toString(i), rid, e.toString())); ex = e; // save to throw later. break; } @@ -1309,7 +1316,8 @@ class serviceIssue implements IServant { try { mCA.getCertificateRepository().deleteCertificateRecord(serialNo); } catch (EBaseException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_DELETE_CERT_ERROR", serialNo.toString(), e.toString())); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_DELETE_CERT_ERROR", serialNo.toString(), e.toString())); } } throw ex; @@ -1337,7 +1345,8 @@ class serviceRenewal implements IServant { request.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (certinfos == null || certinfos[0] == null) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_REQUEST_NOT_FOUND", request.getRequestId().toString())); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CERT_REQUEST_NOT_FOUND", request.getRequestId().toString())); throw new ECAException( CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ")); } @@ -1426,7 +1435,8 @@ class serviceRenewal implements IServant { if (cert == null) { // something wrong - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_MISSING_RENEWED", serial.toString())); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_MISSING_RENEWED", serial.toString())); svcerrors[i] = new ECAException( CMS.getUserMessage("CMS_CA_ERROR_GETTING_RENEWED_CERT", oldSerialNo.toString(), serial.toString())).toString(); @@ -1464,7 +1474,8 @@ class serviceRenewal implements IServant { mService.storeX509Cert(rid, issuedCerts[i], true, oldSerialNo); } catch (ECAException e) { svcerrors[i] = e.toString(); - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CANNOT_RENEW", Integer.toString(i), request.getRequestId().toString())); + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CANNOT_RENEW", Integer.toString(i), request + .getRequestId().toString())); } } @@ -1687,7 +1698,8 @@ class serviceRevoke implements IServant { crlentries.length == 0 || crlentries[0] == null) { // XXX should this be an error ? - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRL_NOT_FOUND", request.getRequestId().toString())); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CRL_NOT_FOUND", request.getRequestId().toString())); throw new ECAException(CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_REVREQ")); } @@ -1700,7 +1712,8 @@ class serviceRevoke implements IServant { mService.revokeCert(crlentries[i], request.getRequestId().toString()); revokedCerts[i] = crlentries[i]; } catch (ECAException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CANNOT_REVOKE", Integer.toString(i), request.getRequestId().toString(), e.toString())); + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CANNOT_REVOKE", Integer.toString(i), request + .getRequestId().toString(), e.toString())); revokedCerts[i] = null; if (svcerrors == null) { svcerrors = new String[revokedCerts.length]; @@ -1804,7 +1817,8 @@ class serviceUnrevoke implements IServant { } mService.unrevokeCert(oldSerialNo[i], request.getRequestId().toString()); } catch (ECAException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_UNREVOKE_FAILED", oldSerialNo[i].toString(), request.getRequestId().toString())); + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_UNREVOKE_FAILED", oldSerialNo[i].toString(), + request.getRequestId().toString())); if (svcerrors == null) { svcerrors = new String[oldSerialNo.length]; } @@ -1880,7 +1894,8 @@ class serviceGetCRL implements IServant { throws EBaseException { try { ICRLIssuingPointRecord crlRec = - (ICRLIssuingPointRecord) mCA.getCRLRepository().readCRLIssuingPointRecord(ICertificateAuthority.PROP_MASTER_CRL); + (ICRLIssuingPointRecord) mCA.getCRLRepository().readCRLIssuingPointRecord( + ICertificateAuthority.PROP_MASTER_CRL); X509CRLImpl crl = new X509CRLImpl(crlRec.getCRL()); request.setExtData(IRequest.CRL, crl.getEncoded()); @@ -1889,7 +1904,8 @@ class serviceGetCRL implements IServant { throw new ECAException( CMS.getUserMessage("CMS_CA_CRL_ISSUEPT_NOT_FOUND", e.toString())); } catch (CRLException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_GETCRL_INST_CRL", ICertificateAuthority.PROP_MASTER_CRL)); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_GETCRL_INST_CRL", ICertificateAuthority.PROP_MASTER_CRL)); throw new ECAException( CMS.getUserMessage("CMS_CA_CRL_ISSUEPT_NOGOOD", ICertificateAuthority.PROP_MASTER_CRL)); } catch (X509ExtensionException e) { @@ -1990,7 +2006,8 @@ class serviceCert4Crl implements IServant { IRequest.REVOKED_CERT_RECORDS); if (revokedCertIds == null || revokedCertIds.length == 0) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT4CRL_NO_ENTRY", request.getRequestId().toString())); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CERT4CRL_NO_ENTRY", request.getRequestId().toString())); throw new ECAException(CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_CLAREQ")); } @@ -2005,7 +2022,8 @@ class serviceCert4Crl implements IServant { revokedCertRecs.length == 0 || revokedCertRecs[0] == null) { // XXX should this be an error ? - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT4CRL_NO_ENTRY", request.getRequestId().toString())); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CERT4CRL_NO_ENTRY", request.getRequestId().toString())); throw new ECAException(CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_CLAREQ")); } @@ -2036,7 +2054,8 @@ class serviceCert4Crl implements IServant { } } catch (ECAException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT4CRL_NO_REC", Integer.toString(i), request.getRequestId().toString(), e.toString())); + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT4CRL_NO_REC", Integer.toString(i), + request.getRequestId().toString(), e.toString())); recordedCerts[i] = null; if (svcerrors == null) { svcerrors = new String[recordedCerts.length]; @@ -2092,7 +2111,8 @@ class serviceUnCert4Crl implements IServant { } } } catch (EBaseException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_DELETE_CERT_ERROR", oldSerialNo[i].toString(), e.toString())); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_DELETE_CERT_ERROR", oldSerialNo[i].toString(), e.toString())); if (svcerrors == null) { svcerrors = new String[oldSerialNo.length]; } diff --git a/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java b/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java index 8bcba3561..d5458684a 100644 --- a/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java +++ b/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java @@ -250,21 +250,27 @@ public class CMSCRLExtensions implements ICMSCRLExtensions { if (mDefaultEnabledCRLExtensions.contains(extName)) { mEnabledCRLExtensions.addElement(extName); } - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_NO_ENABLE", extName, mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CRLEXTS_NO_ENABLE", extName, + mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false")); } catch (EPropertyNotDefined e) { extConfig.putBoolean(PROP_ENABLE, mDefaultEnabledCRLExtensions.contains(extName)); modifiedConfig = true; if (mDefaultEnabledCRLExtensions.contains(extName)) { mEnabledCRLExtensions.addElement(extName); } - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_UNDEFINE_ENABLE", extName, mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CRLEXTS_UNDEFINE_ENABLE", extName, + mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false")); } catch (EBaseException e) { extConfig.putBoolean(PROP_ENABLE, mDefaultEnabledCRLExtensions.contains(extName)); modifiedConfig = true; if (mDefaultEnabledCRLExtensions.contains(extName)) { mEnabledCRLExtensions.addElement(extName); } - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INVALID_ENABLE", extName, mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INVALID_ENABLE", extName, + mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false")); } return modifiedConfig; } @@ -282,21 +288,27 @@ public class CMSCRLExtensions implements ICMSCRLExtensions { if (mDefaultCriticalCRLExtensions.contains(extName)) { mCriticalCRLExtensions.addElement(extName); } - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_NO_CRITICAL", extName, mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CRLEXTS_NO_CRITICAL", extName, + mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false")); } catch (EPropertyNotDefined e) { extConfig.putBoolean(PROP_CRITICAL, mDefaultCriticalCRLExtensions.contains(extName)); modifiedConfig = true; if (mDefaultCriticalCRLExtensions.contains(extName)) { mCriticalCRLExtensions.addElement(extName); } - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_UNDEFINE_CRITICAL", extName, mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CRLEXTS_UNDEFINE_CRITICAL", extName, + mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false")); } catch (EBaseException e) { extConfig.putBoolean(PROP_CRITICAL, mDefaultCriticalCRLExtensions.contains(extName)); modifiedConfig = true; if (mDefaultCriticalCRLExtensions.contains(extName)) { mCriticalCRLExtensions.addElement(extName); } - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INVALID_CRITICAL", extName, mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INVALID_CRITICAL", extName, + mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false")); } return modifiedConfig; } @@ -317,12 +329,14 @@ public class CMSCRLExtensions implements ICMSCRLExtensions { extConfig.putString(PROP_TYPE, PROP_CRL_ENTRY_EXT); modifiedConfig = true; mCRLEntryExtensionNames.addElement(extName); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INVALID_EXT", extName, PROP_CRL_ENTRY_EXT)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INVALID_EXT", extName, PROP_CRL_ENTRY_EXT)); } else if (mDefaultCRLExtensionNames.contains(extName)) { extConfig.putString(PROP_TYPE, PROP_CRL_EXT); modifiedConfig = true; mCRLExtensionNames.addElement(extName); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INVALID_EXT", extName, PROP_CRL_EXT)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INVALID_EXT", extName, PROP_CRL_EXT)); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INVALID_EXT", extName, "")); } @@ -370,13 +384,17 @@ public class CMSCRLExtensions implements ICMSCRLExtensions { } } } catch (ClassCastException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INCORRECT_CLASS", extClass, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INCORRECT_CLASS", extClass, e.toString())); } catch (ClassNotFoundException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_FOUND", extClass, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_FOUND", extClass, e.toString())); } catch (InstantiationException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_INST", extClass, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_INST", extClass, e.toString())); } catch (IllegalAccessException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_ACCESS", extClass, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_ACCESS", extClass, e.toString())); } } else { @@ -414,7 +432,8 @@ public class CMSCRLExtensions implements ICMSCRLExtensions { } public boolean isCRLExtensionEnabled(String extName) { - return ((mCRLExtensionNames.contains(extName) || mCRLEntryExtensionNames.contains(extName)) && mEnabledCRLExtensions.contains(extName)); + return ((mCRLExtensionNames.contains(extName) || mCRLEntryExtensionNames.contains(extName)) && mEnabledCRLExtensions + .contains(extName)); } public boolean isCRLExtensionCritical(String extName) { @@ -528,11 +547,14 @@ public class CMSCRLExtensions implements ICMSCRLExtensions { } } } catch (ClassNotFoundException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_FOUND", name, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_FOUND", name, e.toString())); } catch (InstantiationException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_INST", name, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_INST", name, e.toString())); } catch (IllegalAccessException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_ACCESS", name, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_ACCESS", name, e.toString())); } int i = name.lastIndexOf('.'); @@ -601,7 +623,8 @@ public class CMSCRLExtensions implements ICMSCRLExtensions { CMSCRLExtensions cmsCRLExtensions = (CMSCRLExtensions) ip.getCRLExtensions(); if (cmsCRLExtensions != null) { - issuingDistPointExtEnabled = cmsCRLExtensions.isCRLExtensionEnabled(IssuingDistributionPointExtension.NAME); + issuingDistPointExtEnabled = cmsCRLExtensions + .isCRLExtensionEnabled(IssuingDistributionPointExtension.NAME); } CMS.debug("issuingDistPointExtEnabled = " + issuingDistPointExtEnabled); diff --git a/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java b/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java index 4c794e98e..0e98955f2 100644 --- a/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java +++ b/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java @@ -737,7 +737,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { mCMSCRLExtensions = new CMSCRLExtensions(this, config); mExtendedNextUpdate = ((mUpdateSchema > 1 || (mEnableDailyUpdates && mExtendedTimeList)) && isDeltaCRLEnabled()) ? - config.getBoolean(Constants.PR_EXTENDED_NEXT_UPDATE, true) : + config.getBoolean(Constants.PR_EXTENDED_NEXT_UPDATE, true) + : false; // Get serial number ranges if any. @@ -879,10 +880,14 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { x509crl = null; } catch (EBaseException e) { x509crl = null; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_CRL", mCRLNumber.toString(), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_CRL", mCRLNumber.toString(), + e.toString())); } catch (OutOfMemoryError e) { x509crl = null; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_CRL", mCRLNumber.toString(), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_CRL", mCRLNumber.toString(), + e.toString())); } } } @@ -1594,7 +1599,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { } } if (t - mMinUpdateInterval > last) { - if (mExtendedNextUpdate && (!fromLastUpdate) && (!(mEnableDailyUpdates && mExtendedTimeList)) && (!delta) && + if (mExtendedNextUpdate && (!fromLastUpdate) && (!(mEnableDailyUpdates && mExtendedTimeList)) + && (!delta) && isDeltaEnabled && mUpdateSchema > 1) { i += mUpdateSchema - ((i + m) % mUpdateSchema); } @@ -1680,7 +1686,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { next = nextUpdate; } - CMS.debug("findNextUpdate: " + ((new Date(next)).toString()) + ((fromLastUpdate) ? " delay: " + (next - now) : "")); + CMS.debug("findNextUpdate: " + ((new Date(next)).toString()) + + ((fromLastUpdate) ? " delay: " + (next - now) : "")); return (fromLastUpdate) ? next - now : next; } @@ -2146,7 +2153,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { mCRLRepository.updateRevokedCerts(mId, mRevokedCerts, mUnrevokedCerts); mFirstUnsaved = ICRLIssuingPointRecord.CLEAN_CACHE; } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_STORE_REVOKED_CERT", mId, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_ISSUING_STORE_REVOKED_CERT", mId, e.toString())); } } } @@ -2168,7 +2176,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { mCRLRepository.updateRevokedCerts(mId, mRevokedCerts, mUnrevokedCerts); mFirstUnsaved = ICRLIssuingPointRecord.CLEAN_CACHE; } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_STORE_UNREVOKED_CERT", mId, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_ISSUING_STORE_UNREVOKED_CERT", mId, e.toString())); } } } @@ -2198,7 +2207,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { try { mCRLRepository.updateExpiredCerts(mId, mExpiredCerts); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_STORE_EXPIRED_CERT", mId, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_ISSUING_STORE_EXPIRED_CERT", mId, e.toString())); } } } @@ -2221,7 +2231,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { public boolean isDeltaCRLEnabled() { return (mAllowExtensions && mEnableCRLCache && mCMSCRLExtensions.isCRLExtensionEnabled(DeltaCRLIndicatorExtension.NAME) && - mCMSCRLExtensions.isCRLExtensionEnabled(CRLNumberExtension.NAME) && mCMSCRLExtensions.isCRLExtensionEnabled(CRLReasonExtension.NAME)); + mCMSCRLExtensions.isCRLExtensionEnabled(CRLNumberExtension.NAME) && mCMSCRLExtensions + .isCRLExtensionEnabled(CRLReasonExtension.NAME)); } public boolean isThisCurrentDeltaCRL(X509CRLImpl deltaCRL) { @@ -2328,7 +2339,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { Boolean.toString(isCRLCacheEnabled()), Boolean.toString(mEnableCacheRecovery), Boolean.toString(mCRLCacheIsCleared), - "" + mCRLCerts.size() + "," + mRevokedCerts.size() + "," + mUnrevokedCerts.size() + "," + mExpiredCerts.size() + "" + "" + mCRLCerts.size() + "," + mRevokedCerts.size() + "," + mUnrevokedCerts.size() + "," + + mExpiredCerts.size() + "" } ); mUpdatingCRL = CRL_UPDATE_STARTED; @@ -2383,11 +2395,14 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { mSplits[0] -= System.currentTimeMillis(); @SuppressWarnings("unchecked") - Hashtable<BigInteger, RevokedCertificate> clonedRevokedCerts = (Hashtable<BigInteger, RevokedCertificate>) mRevokedCerts.clone(); + Hashtable<BigInteger, RevokedCertificate> clonedRevokedCerts = (Hashtable<BigInteger, RevokedCertificate>) mRevokedCerts + .clone(); @SuppressWarnings("unchecked") - Hashtable<BigInteger, RevokedCertificate> clonedUnrevokedCerts = (Hashtable<BigInteger, RevokedCertificate>) mUnrevokedCerts.clone(); + Hashtable<BigInteger, RevokedCertificate> clonedUnrevokedCerts = (Hashtable<BigInteger, RevokedCertificate>) mUnrevokedCerts + .clone(); @SuppressWarnings("unchecked") - Hashtable<BigInteger, RevokedCertificate> clonedExpiredCerts = (Hashtable<BigInteger, RevokedCertificate>) mExpiredCerts.clone(); + Hashtable<BigInteger, RevokedCertificate> clonedExpiredCerts = (Hashtable<BigInteger, RevokedCertificate>) mExpiredCerts + .clone(); mSplits[0] += System.currentTimeMillis(); @@ -2426,7 +2441,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { if (isDeltaCRLEnabled()) { mSplits[1] -= System.currentTimeMillis(); @SuppressWarnings("unchecked") - Hashtable<BigInteger, RevokedCertificate> deltaCRLCerts = (Hashtable<BigInteger, RevokedCertificate>) clonedRevokedCerts.clone(); + Hashtable<BigInteger, RevokedCertificate> deltaCRLCerts = (Hashtable<BigInteger, RevokedCertificate>) clonedRevokedCerts + .clone(); deltaCRLCerts.putAll(clonedUnrevokedCerts); if (mIncludeExpiredCertsOneExtraTime) { @@ -2469,7 +2485,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { if (mConfigStore.getBoolean("noCRLIfNoRevokedCert", false)) { if (deltaCRLCerts.size() == 0) { CMS.debug("CRLIssuingPoint: No Revoked Certificates Found And noCRLIfNoRevokedCert is set to true - No Delta CRL Generated"); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "No Revoked Certificates")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", + "No Revoked Certificates")); } } X509CRLImpl crl = new X509CRLImpl(mCA.getCRLX500Name(), @@ -2534,10 +2551,12 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { newX509DeltaCRL = null; if (Debug.on()) Debug.printStackTrace(e); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_DELTA", mCRLNumber.toString(), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_DELTA", mCRLNumber.toString(), e.toString())); } catch (OutOfMemoryError e) { newX509DeltaCRL = null; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_DELTA", mCRLNumber.toString(), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_DELTA", mCRLNumber.toString(), e.toString())); } } else { mDeltaCRLSize = -1; @@ -2636,7 +2655,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { if (mConfigStore.getBoolean("noCRLIfNoRevokedCert", false)) { if (mCRLCerts.size() == 0) { CMS.debug("CRLIssuingPoint: No Revoked Certificates Found And noCRLIfNoRevokedCert is set to true - No CRL Generated"); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "No Revoked Certificates")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", + "No Revoked Certificates")); } } CMS.debug("before new X509CRLImpl"); @@ -2696,7 +2716,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { splitTimes += ","; splitTimes += Long.toString(mSplits[i]); } - splitTimes += "," + Long.toString(deltaTime) + "," + Long.toString(crlTime) + "," + Long.toString(totalTime) + ")"; + splitTimes += "," + Long.toString(deltaTime) + "," + Long.toString(crlTime) + "," + + Long.toString(totalTime) + ")"; mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, CMS.getLogMessage("CMSCORE_CA_CA_CRL_UPDATED"), @@ -2751,11 +2772,13 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { } catch (EBaseException e) { newX509CRL = null; mUpdatingCRL = CRL_UPDATE_DONE; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_CRL", mCRLNumber.toString(), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_CRL", mCRLNumber.toString(), e.toString())); } catch (OutOfMemoryError e) { newX509CRL = null; mUpdatingCRL = CRL_UPDATE_DONE; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_CRL", mCRLNumber.toString(), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_CRL", mCRLNumber.toString(), e.toString())); } } @@ -2962,7 +2985,8 @@ class CertRecProcessor implements IElementProcessor { private boolean mIssuingDistPointEnabled = false; private BitArray mOnlySomeReasons = null; - public CertRecProcessor(Hashtable<BigInteger, RevokedCertificate> crlCerts, CRLIssuingPoint ip, ILogger logger, boolean allowExtensions) { + public CertRecProcessor(Hashtable<BigInteger, RevokedCertificate> crlCerts, CRLIssuingPoint ip, ILogger logger, + boolean allowExtensions) { mCRLCerts = crlCerts; mLogger = logger; mIP = ip; diff --git a/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java b/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java index 8eae04760..0ae915d2f 100644 --- a/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java +++ b/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java @@ -1561,36 +1561,44 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori if (nc != null && nc.size() > 0) { // Initialize Certificate Issued notification listener - String certificateIssuedListenerClassName = nc.getString("certificateIssuedListenerClassName", "com.netscape.cms.listeners.CertificateIssuedListener"); + String certificateIssuedListenerClassName = nc.getString("certificateIssuedListenerClassName", + "com.netscape.cms.listeners.CertificateIssuedListener"); try { - mCertIssuedListener = (IRequestListener) Class.forName(certificateIssuedListenerClassName).newInstance(); + mCertIssuedListener = (IRequestListener) Class.forName(certificateIssuedListenerClassName) + .newInstance(); mCertIssuedListener.init(this, nc); } catch (Exception e1) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_REGISTER_LISTENER", certificateIssuedListenerClassName)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CA_REGISTER_LISTENER", certificateIssuedListenerClassName)); } // Initialize Revoke Request notification listener - String certificateRevokedListenerClassName = nc.getString("certificateIssuedListenerClassName", "com.netscape.cms.listeners.CertificateRevokedListener"); + String certificateRevokedListenerClassName = nc.getString("certificateIssuedListenerClassName", + "com.netscape.cms.listeners.CertificateRevokedListener"); try { - mCertRevokedListener = (IRequestListener) Class.forName(certificateRevokedListenerClassName).newInstance(); + mCertRevokedListener = (IRequestListener) Class.forName(certificateRevokedListenerClassName) + .newInstance(); mCertRevokedListener.init(this, nc); } catch (Exception e1) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_REGISTER_LISTENER", certificateRevokedListenerClassName)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CA_REGISTER_LISTENER", certificateRevokedListenerClassName)); } // Initialize Request In Queue notification listener IConfigStore rq = nc.getSubStore(PROP_REQ_IN_Q_SUBSTORE); - String requestInQListenerClassName = nc.getString("certificateIssuedListenerClassName", "com.netscape.cms.listeners.RequestInQListener"); + String requestInQListenerClassName = nc.getString("certificateIssuedListenerClassName", + "com.netscape.cms.listeners.RequestInQListener"); try { mReqInQListener = (IRequestListener) Class.forName(requestInQListenerClassName).newInstance(); mReqInQListener.init(this, nc); } catch (Exception e1) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_REGISTER_REQ_LISTENER", requestInQListenerClassName)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CA_REGISTER_REQ_LISTENER", requestInQListenerClassName)); } // Initialize extra listeners diff --git a/pki/base/common/src/com/netscape/certsrv/apps/CMS.java b/pki/base/common/src/com/netscape/certsrv/apps/CMS.java index 018203764..75a7e2059 100644 --- a/pki/base/common/src/com/netscape/certsrv/apps/CMS.java +++ b/pki/base/common/src/com/netscape/certsrv/apps/CMS.java @@ -328,7 +328,8 @@ public final class CMS { * * @return issuing record */ - public static ICRLIssuingPointRecord createCRLIssuingPointRecord(String id, BigInteger crlNumber, Long crlSize, Date thisUpdate, Date nextUpdate) { + public static ICRLIssuingPointRecord createCRLIssuingPointRecord(String id, BigInteger crlNumber, Long crlSize, + Date thisUpdate, Date nextUpdate) { return _engine.createCRLIssuingPointRecord(id, crlNumber, crlSize, thisUpdate, nextUpdate); } @@ -758,7 +759,8 @@ public final class CMS { * @param p7 7th parameter * @return localized log message */ - public static String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, String p7) { + public static String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, + String p7) { return _engine.getLogMessage(msgID, p1, p2, p3, p4, p5, p6, p7); } @@ -776,7 +778,8 @@ public final class CMS { * @param p8 8th parameter * @return localized log message */ - public static String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, String p7, String p8) { + public static String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, + String p7, String p8) { return _engine.getLogMessage(msgID, p1, p2, p3, p4, p5, p6, p7, p8); } @@ -795,7 +798,8 @@ public final class CMS { * @param p9 9th parameter * @return localized log message */ - public static String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, String p7, String p8, String p9) { + public static String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, + String p7, String p8, String p9) { return _engine.getLogMessage(msgID, p1, p2, p3, p4, p5, p6, p7, p8, p9); } @@ -1019,7 +1023,8 @@ public final class CMS { * @return general name object * @exception EBaseException failed to create general name constraint */ - public static GeneralName form_GeneralNameAsConstraints(String generalNameChoice, String value) throws EBaseException { + public static GeneralName form_GeneralNameAsConstraints(String generalNameChoice, String value) + throws EBaseException { return _engine.form_GeneralName(generalNameChoice, value); } @@ -1066,7 +1071,8 @@ public final class CMS { * @param isValueConfigured true if value is configured * @exception EBaseException failed to create subject alt name configuration */ - public static ISubjAltNameConfig createSubjAltNameConfig(String name, IConfigStore config, boolean isValueConfigured) throws EBaseException { + public static ISubjAltNameConfig createSubjAltNameConfig(String name, IConfigStore config, boolean isValueConfigured) + throws EBaseException { return _engine.createSubjAltNameConfig( name, config, isValueConfigured); } @@ -1152,7 +1158,8 @@ public final class CMS { * @param isPolicyEnabled true if policy is enabled * @exception EBaseException failed to create subject alt name configuration */ - public static IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured, + public static IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, + IConfigStore config, boolean isValueConfigured, boolean isPolicyEnabled) throws EBaseException { return _engine.createGeneralNameAsConstraintsConfig( name, config, isValueConfigured, isPolicyEnabled); @@ -1167,7 +1174,8 @@ public final class CMS { * @param isPolicyEnabled true if policy is enabled * @exception EBaseException failed to create subject alt name configuration */ - public static IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured, + public static IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, + IConfigStore config, boolean isValueConfigured, boolean isPolicyEnabled) throws EBaseException { return _engine.createGeneralNamesAsConstraintsConfig( name, config, isValueConfigured, isPolicyEnabled); diff --git a/pki/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java b/pki/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java index 4a6e6c693..d299b5814 100644 --- a/pki/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java +++ b/pki/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java @@ -398,7 +398,8 @@ public interface ICMSEngine extends ISubsystem { * @param p7 7th parameter * @return localized log message */ - public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, String p7); + public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, + String p7); /** * Retrieves the centralized log message from LogMessages.properties. @@ -414,7 +415,8 @@ public interface ICMSEngine extends ISubsystem { * @param p8 8th parameter * @return localized log message */ - public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, String p7, String p8); + public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, + String p7, String p8); /** * Retrieves the centralized log message from LogMessages.properties. @@ -431,7 +433,8 @@ public interface ICMSEngine extends ISubsystem { * @param p9 9th parameter * @return localized log message */ - public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, String p7, String p8, String p9); + public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, + String p7, String p8, String p9); /** * Parse ACL resource attributes @@ -452,7 +455,8 @@ public interface ICMSEngine extends ISubsystem { * * @return issuing record */ - public ICRLIssuingPointRecord createCRLIssuingPointRecord(String id, BigInteger crlNumber, Long crlSize, Date thisUpdate, Date nextUpdate); + public ICRLIssuingPointRecord createCRLIssuingPointRecord(String id, BigInteger crlNumber, Long crlSize, + Date thisUpdate, Date nextUpdate); /** * Retrieves the default CRL issuing point record name. @@ -956,7 +960,8 @@ public interface ICMSEngine extends ISubsystem { * @param isPolicyEnabled true if policy is enabled * @exception EBaseException failed to create subject alt name configuration */ - public IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured, + public IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, IConfigStore config, + boolean isValueConfigured, boolean isPolicyEnabled) throws EBaseException; /** @@ -968,7 +973,8 @@ public interface ICMSEngine extends ISubsystem { * @param isPolicyEnabled true if policy is enabled * @exception EBaseException failed to create subject alt name configuration */ - public IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured, + public IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, IConfigStore config, + boolean isValueConfigured, boolean isPolicyEnabled) throws EBaseException; /** @@ -995,7 +1001,8 @@ public interface ICMSEngine extends ISubsystem { * @param isValueConfigured true if value is configured * @exception EBaseException failed to create subject alt name configuration */ - public ISubjAltNameConfig createSubjAltNameConfig(String name, IConfigStore config, boolean isValueConfigured) throws EBaseException; + public ISubjAltNameConfig createSubjAltNameConfig(String name, IConfigStore config, boolean isValueConfigured) + throws EBaseException; /** * Retrieves the HTTP Connection for use with connector. diff --git a/pki/base/common/src/com/netscape/certsrv/request/ARequestNotifier.java b/pki/base/common/src/com/netscape/certsrv/request/ARequestNotifier.java index 47f54a6dc..3d1c4095e 100644 --- a/pki/base/common/src/com/netscape/certsrv/request/ARequestNotifier.java +++ b/pki/base/common/src/com/netscape/certsrv/request/ARequestNotifier.java @@ -232,7 +232,8 @@ public class ARequestNotifier implements IRequestNotifier { if (!(requestType.equals(IRequest.ENROLLMENT_REQUEST) || requestType.equals(IRequest.RENEWAL_REQUEST) || requestType.equals(IRequest.REVOCATION_REQUEST) || - requestType.equals(IRequest.CMCREVOKE_REQUEST) || requestType.equals(IRequest.UNREVOCATION_REQUEST))) { + requestType.equals(IRequest.CMCREVOKE_REQUEST) || requestType + .equals(IRequest.UNREVOCATION_REQUEST))) { continue; } if (i == 0 && id.equals(r.getRequestId().toString())) { @@ -244,7 +245,8 @@ public class ARequestNotifier implements IRequestNotifier { } if (mRequests.size() < mMaxRequests) { mRequests.addElement(r.getRequestId().toString()); - CMS.debug("getRequest added " + r.getRequestType() + " request " + r.getRequestId().toString() + + CMS.debug("getRequest added " + r.getRequestType() + " request " + r.getRequestId().toString() + + " to mRequests: " + mRequests.size() + " (" + mMaxRequests + ")"); } else { break; @@ -512,7 +514,9 @@ class RunListeners implements Runnable { * RunListeners thread implementation. */ public void run() { - CMS.debug("RunListeners::" + ((mRequestNotifier != null && mRequestNotifier.getNumberOfRequests() > 0) ? " Queue: " + mRequestNotifier.getNumberOfRequests() : " noQueue") + + CMS.debug("RunListeners::" + + ((mRequestNotifier != null && mRequestNotifier.getNumberOfRequests() > 0) ? " Queue: " + + mRequestNotifier.getNumberOfRequests() : " noQueue") + " " + ((mRequest != null) ? " SingleRequest" : " noSingleRequest")); do { if (mRequestNotifier != null) @@ -528,7 +532,9 @@ class RunListeners implements Runnable { mRequestNotifier.updatePublishingStatus(mRequest.getRequestId().toString()); } } - CMS.debug("RunListeners: " + ((mRequestNotifier != null && mRequestNotifier.getNumberOfRequests() > 0) ? " Queue: " + mRequestNotifier.getNumberOfRequests() : " noQueue") + + CMS.debug("RunListeners: " + + ((mRequestNotifier != null && mRequestNotifier.getNumberOfRequests() > 0) ? " Queue: " + + mRequestNotifier.getNumberOfRequests() : " noQueue") + " " + ((mRequest != null) ? " SingleRequest" : " noSingleRequest")); if (mRequestNotifier != null) mListeners = mRequestNotifier.getListeners(); diff --git a/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java index 50a0e1a16..3d26d6f3a 100644 --- a/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java +++ b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java @@ -467,5 +467,6 @@ public interface ICryptoSubsystem extends ISubsystem { * @return certificate * @exception EBaseException failed to sign certificate template */ - public X509CertImpl getSignedCert(KeyCertData data, String certType, java.security.PrivateKey priKey) throws EBaseException; + public X509CertImpl getSignedCert(KeyCertData data, String certType, java.security.PrivateKey priKey) + throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/certsrv/util/HttpInput.java b/pki/base/common/src/com/netscape/certsrv/util/HttpInput.java index 9b7eec1d2..04877d92a 100644 --- a/pki/base/common/src/com/netscape/certsrv/util/HttpInput.java +++ b/pki/base/common/src/com/netscape/certsrv/util/HttpInput.java @@ -147,7 +147,8 @@ public class HttpInput { i.equals("2048") || i.equals("4096")) { return i; } - throw new IOException("Invalid key length '" + i + "'. Currently supported key lengths are 256, 512, 1024, 2048, 4096."); + throw new IOException("Invalid key length '" + i + + "'. Currently supported key lengths are 256, 512, 1024, 2048, 4096."); } public static String getKeySize(HttpServletRequest request, String name, String keyType) @@ -158,7 +159,8 @@ public class HttpInput { i.equals("2048") || i.equals("4096")) { return i; } else { - throw new IOException("Invalid key length '" + i + "'. Currently supported RSA key lengths are 256, 512, 1024, 2048, 4096."); + throw new IOException("Invalid key length '" + i + + "'. Currently supported RSA key lengths are 256, 512, 1024, 2048, 4096."); } } if (keyType.equals("ecc")) { @@ -171,7 +173,10 @@ public class HttpInput { if ((p >= 112) && (p <= 571)) return i; else { - throw new IOException("Invalid key length '" + i + "'. Please consult your security officer for a proper length, or take the default value. Here are examples of some commonly used key lengths: 256, 384, 521."); + throw new IOException( + "Invalid key length '" + + i + + "'. Please consult your security officer for a proper length, or take the default value. Here are examples of some commonly used key lengths: 256, 384, 521."); } /* @@ -260,7 +265,8 @@ public class HttpInput { Pattern p = Pattern.compile("[A-Za-z0-9]+[A-Za-z0-9 -]*"); Matcher m = p.matcher(v); if (!m.matches()) { - throw new IOException("Invalid characters found in Security Domain Name " + v + ". Valid characters are A-Z, a-z, 0-9, dash and space"); + throw new IOException("Invalid characters found in Security Domain Name " + v + + ". Valid characters are A-Z, a-z, 0-9, dash and space"); } return v; } diff --git a/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java b/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java index e9b1fb3d0..eaaea5efe 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java +++ b/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java @@ -193,9 +193,11 @@ class AVAPattern { in.read() != 'd' || in.read() != 'n' || in.read() != '.') - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid $ syntax, expecting $rdn")); } catch (IOException e) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid $ syntax, expecting $rdn")); } StringBuffer rdnNumberBuf = new StringBuffer(); @@ -214,11 +216,13 @@ class AVAPattern { String rdnNumber = rdnNumberBuf.toString().trim(); if (rdnNumber.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$rdn number not set in ava pattern")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "$rdn number not set in ava pattern")); try { mElement = Integer.parseInt(rdnNumber) - 1; } catch (NumberFormatException e) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $rdn number in ava pattern")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid $rdn number in ava pattern")); } return; } @@ -242,7 +246,8 @@ class AVAPattern { throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString())); } if (c != '=') - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Missing \"=\" in ava pattern")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Missing \"=\" in ava pattern")); // read value //System.out.println("reading value"); @@ -257,7 +262,8 @@ class AVAPattern { throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString())); } if (c == -1) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "no value after = in ava pattern")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "no value after = in ava pattern")); if (c == '$') { // check for $dn or $attr @@ -304,7 +310,8 @@ class AVAPattern { //System.out.println("----- attrName "+attrName); if (attrName.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "attribute name expected")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "attribute name expected")); try { ObjectIdentifier attrOid = mLdapDNStrConverter.parseAVAKeyword(attrName); diff --git a/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java b/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java index c699be925..0e747dbe2 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java +++ b/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java @@ -158,8 +158,10 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, static { mExtendedPluginInfo = new Vector(); - mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT + - ";Authenticate the CMC request. The signer must be an agent. The \"Authentication Instance ID\" must be named \"CMCAuth\""); + mExtendedPluginInfo + .add(IExtendedPluginInfo.HELP_TEXT + + + ";Authenticate the CMC request. The signer must be an agent. The \"Authentication Instance ID\" must be named \"CMCAuth\""); mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN + ";configuration-authentication"); } @@ -231,7 +233,8 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, * If an internal error occurred. * @see com.netscape.certsrv.authentication.AuthToken */ - public IAuthToken authenticate(IAuthCredentials authCred) throws EMissingCredential, EInvalidCredentials, EBaseException { + public IAuthToken authenticate(IAuthCredentials authCred) throws EMissingCredential, EInvalidCredentials, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditReqType = ILogger.UNIDENTIFIED; @@ -836,7 +839,8 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, byte[] issuerB = ASN1Util.encode(issuer); INTEGER sn = certI.getSerialNumber(); // if this cert is the signer cert, not a cert in the chain - if (new String(issuerB).equals(new String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) + if (new String(issuerB).equals(new String( + ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { ByteArrayOutputStream os = new ByteArrayOutputStream(); diff --git a/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java b/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java index d2142ea3a..028cea376 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java +++ b/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java @@ -210,7 +210,8 @@ public class FlatFileAuth CMS.debug("FlatFileAuth: " + CMS.getLogMessage("CMS_AUTH_READ_ENTRIES", mFilename)); // printAllEntries(); } catch (IOException e) { - throw new EBaseException(mName + " authentication: Could not open file " + mFilename + " (" + e.getMessage() + ")"); + throw new EBaseException(mName + " authentication: Could not open file " + mFilename + " (" + + e.getMessage() + ")"); } catch (java.lang.StringIndexOutOfBoundsException ee) { CMS.debug("FlatFileAuth: " + CMS.getLogMessage("OPERATION_ERROR", ee.toString())); } diff --git a/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java b/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java index ac13a02fd..e2c3ec871 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java +++ b/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java @@ -202,11 +202,13 @@ public class PortalEnroll extends DirBasedAuthentication { if (res.hasMoreElements()) { LDAPEntry entry = (LDAPEntry) res.nextElement(); - throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "UID already exists.")); + throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", + "UID already exists.")); } else { dn = regist(token, uid); if (dn == null) - throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Could not add user " + uid + ".")); + throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", + "Could not add user " + uid + ".")); } // bind as user dn and pwd - authenticates user with pwd. @@ -225,8 +227,10 @@ public class PortalEnroll extends DirBasedAuthentication { switch (e.getLDAPResultCode()) { case LDAPException.NO_SUCH_OBJECT: case LDAPException.LDAP_PARTIAL_RESULTS: - log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_ADD_USER_ERROR", conn.getHost(), Integer.toString(conn.getPort()))); - throw new EAuthInternalError(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", "Check Configuration detail.")); + log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMS_AUTH_ADD_USER_ERROR", conn.getHost(), Integer.toString(conn.getPort()))); + throw new EAuthInternalError(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", + "Check Configuration detail.")); case LDAPException.INVALID_CREDENTIALS: log(ILogger.LL_SECURITY, diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java index 19b6180dc..f3aa5180b 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java @@ -139,7 +139,8 @@ public class CMSAuthInfoAccessExtension accessLocation = "http://" + hostname + ":" + port + "/ca/ee/ca/getCAChain?op=downloadBIN"; } URIName uriName = new URIName(accessLocation); - authInfoAccessExt.addAccessDescription(AuthInfoAccessExtension.METHOD_CA_ISSUERS, new GeneralName(uriName)); + authInfoAccessExt.addAccessDescription(AuthInfoAccessExtension.METHOD_CA_ISSUERS, new GeneralName( + uriName)); } } } diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java index 89ededb65..96d73d4c4 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java @@ -122,7 +122,8 @@ public class CMSAuthorityKeyIdentifierExtension gNames.addElement(((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()).getX500Name()); authKeyIdExt = new AuthorityKeyIdentifierExtension(critical, null, gNames, - new SerialNumber(((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()).getCACert().getSerialNumber())); + new SerialNumber(((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()) + .getCACert().getSerialNumber())); } } catch (IOException e) { diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java index 68d6128d3..02556d495 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java @@ -87,9 +87,11 @@ public class CMSCertificateIssuerExtension try { nameType = config.getString("nameType" + i); } catch (EPropertyNotFound e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString())); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString())); } if (nameType != null) { @@ -98,9 +100,11 @@ public class CMSCertificateIssuerExtension try { name = config.getString("name" + i); } catch (EPropertyNotFound e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString())); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString())); } if (name != null && name.length() > 0) { @@ -156,7 +160,8 @@ public class CMSCertificateIssuerExtension try { nameType = config.getString("nameType" + i); } catch (EPropertyNotFound e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString())); } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString())); } @@ -172,7 +177,8 @@ public class CMSCertificateIssuerExtension try { name = config.getString("name" + i); } catch (EPropertyNotFound e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString())); } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString())); } diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java index 45aa5038f..199d32f95 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java @@ -119,7 +119,8 @@ public class CMSHoldInstructionExtension } if (instruction != null) { if (!(instruction.equalsIgnoreCase(PROP_INSTR_NONE) || - instruction.equalsIgnoreCase(PROP_INSTR_CALLISSUER) || instruction.equalsIgnoreCase(PROP_INSTR_REJECT))) { + instruction.equalsIgnoreCase(PROP_INSTR_CALLISSUER) || instruction + .equalsIgnoreCase(PROP_INSTR_REJECT))) { instruction = PROP_INSTR_NONE; } } else { diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java index 204048c9a..183de1b43 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java @@ -73,7 +73,8 @@ public class CMSIssuerAlternativeNameExtension GeneralNames names = null; try { - names = (GeneralNames) ((IssuerAlternativeNameExtension) ext).get(IssuerAlternativeNameExtension.ISSUER_NAME); + names = (GeneralNames) ((IssuerAlternativeNameExtension) ext) + .get(IssuerAlternativeNameExtension.ISSUER_NAME); issuerAltNameExt = new IssuerAlternativeNameExtension(Boolean.valueOf(critical), names); } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_ALT_NAME_EXT", e.toString())); @@ -102,9 +103,11 @@ public class CMSIssuerAlternativeNameExtension try { nameType = config.getString("nameType" + i); } catch (EPropertyNotFound e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_UNDEFINED_TYPE", Integer.toString(i), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_ISSUER_UNDEFINED_TYPE", Integer.toString(i), e.toString())); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_TYPE", Integer.toString(i), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_TYPE", Integer.toString(i), e.toString())); } if (nameType != null && nameType.length() > 0) { @@ -113,9 +116,11 @@ public class CMSIssuerAlternativeNameExtension try { name = config.getString("name" + i); } catch (EPropertyNotFound e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_UNDEFINED_TYPE", Integer.toString(i), e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_UNDEFINED_TYPE", + Integer.toString(i), e.toString())); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_TYPE", Integer.toString(i), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_TYPE", Integer.toString(i), e.toString())); } if (name != null && name.length() > 0) { diff --git a/pki/base/common/src/com/netscape/cms/logging/LogFile.java b/pki/base/common/src/com/netscape/cms/logging/LogFile.java index 4a3b3cb0d..143e59d8d 100644 --- a/pki/base/common/src/com/netscape/cms/logging/LogFile.java +++ b/pki/base/common/src/com/netscape/cms/logging/LogFile.java @@ -816,7 +816,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { try { pushSignature(); } catch (ELogException le) { - ConsoleError.send(new SystemEvent(CMS.getUserMessage("CMS_LOG_FLUSH_LOG_FAILED", mFileName, le.toString()))); + ConsoleError.send(new SystemEvent(CMS.getUserMessage("CMS_LOG_FLUSH_LOG_FAILED", mFileName, + le.toString()))); } } @@ -1019,7 +1020,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } } } catch (IOException e) { - ConsoleError.send(new SystemEvent(CMS.getUserMessage("CMS_LOG_WRITE_FAILED", mFileName, entry, e.toString()))); + ConsoleError.send(new SystemEvent(CMS.getUserMessage("CMS_LOG_WRITE_FAILED", mFileName, entry, + e.toString()))); if (mLogSigning) { // Failed to write to audit log, shut down CMS e.printStackTrace(); @@ -1453,7 +1455,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { if (mType.equals(ILogger.PROP_SIGNED_AUDIT)) { String[] params = { - PROP_TYPE + ";choice(transaction,signedAudit,system);The log event type this instance is listening to", + PROP_TYPE + + ";choice(transaction,signedAudit,system);The log event type this instance is listening to", PROP_ON + ";boolean;Turn on the listener", PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," + ILogger.LL_INFO_STRING + "," + @@ -1461,10 +1464,12 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { ILogger.LL_FAILURE_STRING + "," + ILogger.LL_MISCONF_STRING + "," + ILogger.LL_CATASTRPHE_STRING + "," + - ILogger.LL_SECURITY_STRING + ");Only log message with level higher than this filter will be written by this listener", + ILogger.LL_SECURITY_STRING + + ");Only log message with level higher than this filter will be written by this listener", PROP_FILE_NAME + ";string;The name of the file the log is written to", PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)", - PROP_FLUSH_INTERVAL + ";integer;The maximum time in seconds before the buffer is flushed to the file", + PROP_FLUSH_INTERVAL + + ";integer;The maximum time in seconds before the buffer is flushed to the file", IExtendedPluginInfo.HELP_TOKEN + ";configuration-logrules-logfile", IExtendedPluginInfo.HELP_TEXT + @@ -1473,7 +1478,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { ";boolean;Enable audit logs to be signed", PROP_SIGNED_AUDIT_CERT_NICKNAME + ";string;The nickname of the certificate to be used to sign audit logs", - PROP_SIGNED_AUDIT_EVENTS + + PROP_SIGNED_AUDIT_EVENTS + + ";string;A comma-separated list of strings used to specify particular signed audit log events", }; @@ -1482,7 +1488,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { // mType.equals( ILogger.PROP_AUDIT ) || // mType.equals( ILogger.PROP_SYSTEM ) String[] params = { - PROP_TYPE + ";choice(transaction,signedAudit,system);The log event type this instance is listening to", + PROP_TYPE + + ";choice(transaction,signedAudit,system);The log event type this instance is listening to", PROP_ON + ";boolean;Turn on the listener", PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," + ILogger.LL_INFO_STRING + "," + @@ -1490,10 +1497,12 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { ILogger.LL_FAILURE_STRING + "," + ILogger.LL_MISCONF_STRING + "," + ILogger.LL_CATASTRPHE_STRING + "," + - ILogger.LL_SECURITY_STRING + ");Only log message with level higher than this filter will be written by this listener", + ILogger.LL_SECURITY_STRING + + ");Only log message with level higher than this filter will be written by this listener", PROP_FILE_NAME + ";string;The name of the file the log is written to", PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)", - PROP_FLUSH_INTERVAL + ";integer;The maximum time in seconds before the buffer is flushed to the file", + PROP_FLUSH_INTERVAL + + ";integer;The maximum time in seconds before the buffer is flushed to the file", IExtendedPluginInfo.HELP_TOKEN + ";configuration-logrules-logfile", IExtendedPluginInfo.HELP_TEXT + diff --git a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java index 967c79038..783534485 100644 --- a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java +++ b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java @@ -423,7 +423,8 @@ public class RollingLogFile extends LogFile { rotate(); } catch (IOException e) { ConsoleError.send(new - SystemEvent(CMS.getUserMessage("CMS_LOG_ROTATE_LOG_FAILED", mFile.getName(), e.toString()))); + SystemEvent(CMS.getUserMessage("CMS_LOG_ROTATE_LOG_FAILED", mFile.getName(), + e.toString()))); break; } } @@ -618,9 +619,12 @@ public class RollingLogFile extends LogFile { if (!p[i].startsWith(IExtendedPluginInfo.HELP_TOKEN) && !p[i].startsWith(IExtendedPluginInfo.HELP_TEXT)) info.addElement(p[i]); } - info.addElement(PROP_MAX_FILE_SIZE + ";integer;If the current log file size if bigger than this parameter in kilobytes(KB), the file will be rotated."); - info.addElement(PROP_ROLLOVER_INTERVAL + ";choice(Hourly,Daily,Weekly,Monthly,Yearly);The frequency of the log being rotated."); - info.addElement(PROP_EXPIRATION_TIME + ";integer;The amount of time before a backed up log is removed in seconds"); + info.addElement(PROP_MAX_FILE_SIZE + + ";integer;If the current log file size if bigger than this parameter in kilobytes(KB), the file will be rotated."); + info.addElement(PROP_ROLLOVER_INTERVAL + + ";choice(Hourly,Daily,Weekly,Monthly,Yearly);The frequency of the log being rotated."); + info.addElement(PROP_EXPIRATION_TIME + + ";integer;The amount of time before a backed up log is removed in seconds"); info.addElement(IExtendedPluginInfo.HELP_TOKEN + //";configuration-logrules-rollinglogfile"); ";configuration-adminbasics"); diff --git a/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java b/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java index 328725e2f..3c2e14b22 100644 --- a/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java +++ b/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java @@ -124,9 +124,11 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { Vector v = new Vector(); - v.addElement(PROP_NOT_FOUND_GOOD + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_NOT_FOUND_GOOD")); + v.addElement(PROP_NOT_FOUND_GOOD + ";boolean; " + + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_NOT_FOUND_GOOD")); v.addElement(PROP_BY_NAME + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_BY_NAME")); - v.addElement(PROP_INCLUDE_NEXT_UPDATE + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_INCLUDE_NEXT_UPDATE")); + v.addElement(PROP_INCLUDE_NEXT_UPDATE + ";boolean; " + + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_INCLUDE_NEXT_UPDATE")); v.addElement(IExtendedPluginInfo.HELP_TEXT + "; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_DESC")); v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-defstore"); return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); diff --git a/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java b/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java index 83ec664bf..6fa3d300c 100644 --- a/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java +++ b/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java @@ -112,12 +112,15 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { Vector v = new Vector(); - v.addElement(PROP_NOT_FOUND_GOOD + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_NOT_FOUND_GOOD")); - v.addElement(PROP_INCLUDE_NEXT_UPDATE + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_INCLUDE_NEXT_UPDATE")); + v.addElement(PROP_NOT_FOUND_GOOD + ";boolean; " + + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_NOT_FOUND_GOOD")); + v.addElement(PROP_INCLUDE_NEXT_UPDATE + ";boolean; " + + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_INCLUDE_NEXT_UPDATE")); v.addElement(PROP_NUM_CONNS + ";number; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_NUM_CONNS")); v.addElement(PROP_BY_NAME + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_BY_NAME")); v.addElement(PROP_CRL_ATTR + ";string; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_CRL_ATTR")); - v.addElement(PROP_CA_CERT_ATTR + ";string; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_CA_CERT_ATTR")); + v.addElement(PROP_CA_CERT_ATTR + ";string; " + + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_CA_CERT_ATTR")); v.addElement(IExtendedPluginInfo.HELP_TEXT + "; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_DESC")); v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-ldapstore"); return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java index b9a6e24ad..5ad1f6c49 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java @@ -193,7 +193,9 @@ public class DSAKeyConstraints extends APolicyRule Object[] params = new Object[] { getInstanceName(), String.valueOf(i + 1) }; - setError(req, CMS.getUserMessage("CMS_POLICY_NO_KEY_PARAMS", getInstanceName(), String.valueOf(i + 1)), ""); + setError(req, + CMS.getUserMessage("CMS_POLICY_NO_KEY_PARAMS", getInstanceName(), String.valueOf(i + 1)), + ""); return PolicyResult.REJECTED; } BigInteger p = keyParams.getP(); diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java index f79688f4a..09feb2766 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java @@ -65,7 +65,8 @@ public class IssuerConstraints extends APolicyRule public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - PROP_ISSUER_DN + ";string;Subject DN of the Issuer. The IssuerDN of the authenticating cert must match what's specified here", + PROP_ISSUER_DN + + ";string;Subject DN of the Issuer. The IssuerDN of the authenticating cert must match what's specified here", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-issuerconstraints", IExtendedPluginInfo.HELP_TEXT + @@ -131,7 +132,8 @@ public class IssuerConstraints extends APolicyRule log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED")); CMS.debug( - NAME + ": apply() - issuerDN mismatch: client issuerDN = " + clientIssuerDN + "; expected issuerDN = " + mIssuerDNString); + NAME + ": apply() - issuerDN mismatch: client issuerDN = " + clientIssuerDN + + "; expected issuerDN = " + mIssuerDNString); } } else { @@ -167,7 +169,8 @@ public class IssuerConstraints extends APolicyRule getInstanceName()), ""); result = PolicyResult.REJECTED; log(ILogger.LL_FAILURE, - NAME + ": apply() - cert issuerDN mismatch: client issuerDN = " + oldIssuer + "; expected issuerDN = " + mIssuerDNString); + NAME + ": apply() - cert issuerDN mismatch: client issuerDN = " + oldIssuer + + "; expected issuerDN = " + mIssuerDNString); } } } diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java index 499e2663b..8b7f90202 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java @@ -77,7 +77,8 @@ public class RenewalConstraints extends APolicyRule public String[] getExtendedPluginInfo(Locale locale) { String[] params = { PROP_ALLOW_EXPIRED_CERTS + ";boolean;Allow a user to renew an already-expired certificate", - PROP_RENEWAL_NOT_AFTER + ";number;Number of days since certificate expiry after which renewal request would be rejected", + PROP_RENEWAL_NOT_AFTER + + ";number;Number of days since certificate expiry after which renewal request would be rejected", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-renewalconstraints", IExtendedPluginInfo.HELP_TEXT + @@ -164,7 +165,8 @@ public class RenewalConstraints extends APolicyRule if (renewedNotAfter.before(now)) { CMS.debug( - "One or more certificates is expired for more than " + (mRenewalNotAfter / DAYS_TO_MS_FACTOR) + " days"); + "One or more certificates is expired for more than " + + (mRenewalNotAfter / DAYS_TO_MS_FACTOR) + " days"); String params[] = { getInstanceName(), Long.toString(mRenewalNotAfter / DAYS_TO_MS_FACTOR) }; setError(req, diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java index b3f9298cb..b65e97773 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java @@ -88,7 +88,8 @@ public class RenewalValidityConstraints extends APolicyRule String[] params = { PROP_MIN_VALIDITY + ";number;Specifies the minimum validity period, in days, for renewed certificates.", PROP_MAX_VALIDITY + ";number;Specifies the maximum validity period, in days, for renewed certificates.", - PROP_RENEWAL_INTERVAL + ";number;Specifies how many days before its expiration that a certificate can be renewed.", + PROP_RENEWAL_INTERVAL + + ";number;Specifies how many days before its expiration that a certificate can be renewed.", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-renewalvalidityconstraints", IExtendedPluginInfo.HELP_TEXT + diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java index b8ffa86ea..94a4ebda9 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java @@ -374,7 +374,9 @@ public class SigningAlgorithmConstraints extends APolicyRule String[] params = null; String[] params_BOTH = { - PROP_ALGORITHMS + ";" + "choice(MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA256withRSA\\,SHA512withRSA\\,SHA1withDSA," + + PROP_ALGORITHMS + ";" + + "choice(MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA256withRSA\\,SHA512withRSA\\,SHA1withDSA," + + "MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA1withDSA," + "MD2withRSA\\,MD5withRSA\\,SHA1withRSA," + "MD2withRSA\\,SHA1withRSA\\,SHA1withDSA," + diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java index 0cec678cd..ae3d66a1f 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java @@ -152,7 +152,10 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli if (certSubjectName.equalsIgnoreCase(mIssuerNameStr)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_SUBJECT_NAME_EXIST_1", mIssuerNameStr)); - setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_NAME_EXIST", NAME + ":" + "Same As Issuer Name " + mIssuerNameStr), ""); + setError( + req, + CMS.getUserMessage("CMS_POLICY_SUBJECT_NAME_EXIST", NAME + ":" + "Same As Issuer Name " + + mIssuerNameStr), ""); result = PolicyResult.REJECTED; } } diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java index f1df2bb5e..f4b3367b8 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java @@ -85,8 +85,10 @@ public class UniqueSubjectNameConstraints extends APolicyRule public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - PROP_PRE_AGENT_APPROVAL_CHECKING + ";boolean;If checked, check subject name uniqueness BEFORE agent approves, (else checks AFTER approval)", - PROP_KEY_USAGE_EXTENSION_CHECKING + ";boolean;If checked, allow non-unique subject names if Key Usage Extension differs", + PROP_PRE_AGENT_APPROVAL_CHECKING + + ";boolean;If checked, check subject name uniqueness BEFORE agent approves, (else checks AFTER approval)", + PROP_KEY_USAGE_EXTENSION_CHECKING + + ";boolean;If checked, allow non-unique subject names if Key Usage Extension differs", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-uniquesubjectname", IExtendedPluginInfo.HELP_TEXT + @@ -117,11 +119,13 @@ public class UniqueSubjectNameConstraints extends APolicyRule if (certAuthority == null) { // should never get here. log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER")); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "Cannot find the Certificate Manager or Registration Manager")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", + "Cannot find the Certificate Manager or Registration Manager")); } if (!(certAuthority instanceof ICertificateAuthority)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER")); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "Cannot find the Certificate Manager")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", + "Cannot find the Certificate Manager")); } mCA = (ICertificateAuthority) certAuthority; @@ -186,7 +190,8 @@ public class UniqueSubjectNameConstraints extends APolicyRule ICertRecord rec = (ICertRecord) matched.nextElement(); String status = rec.getStatus(); - if (status.equals(ICertRecord.STATUS_REVOKED) || status.equals(ICertRecord.STATUS_EXPIRED) || status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) { + if (status.equals(ICertRecord.STATUS_REVOKED) || status.equals(ICertRecord.STATUS_EXPIRED) + || status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) { // accept this only if we have a REVOKED, // EXPIRED or REVOKED_EXPIRED certificate continue; diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java index 023d704fb..059782570 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java @@ -116,9 +116,16 @@ public class AuthInfoAccessExt extends APolicyRule implements ";configuration-policyrules-authinfoaccess"); for (int i = 0; i < MAX_AD; i++) { - v.addElement(PROP_AD + Integer.toString(i) + "_" + PROP_METHOD + ";string;" + "A unique,valid OID specified in dot-separated numeric component notation. e.g. 1.3.6.1.5.5.7.48.1 (ocsp), 1.3.6.1.5.5.7.48.2 (caIssuers), 2.16.840.1.113730.1.16.1 (renewal)"); - v.addElement(PROP_AD + Integer.toString(i) + "_" + PROP_LOCATION_TYPE + ";" + IGeneralNameUtil.GENNAME_CHOICE_INFO); - v.addElement(PROP_AD + Integer.toString(i) + "_" + PROP_LOCATION + ";" + IGeneralNameUtil.GENNAME_VALUE_INFO); + v.addElement(PROP_AD + + Integer.toString(i) + + "_" + + PROP_METHOD + + ";string;" + + "A unique,valid OID specified in dot-separated numeric component notation. e.g. 1.3.6.1.5.5.7.48.1 (ocsp), 1.3.6.1.5.5.7.48.2 (caIssuers), 2.16.840.1.113730.1.16.1 (renewal)"); + v.addElement(PROP_AD + Integer.toString(i) + "_" + PROP_LOCATION_TYPE + ";" + + IGeneralNameUtil.GENNAME_CHOICE_INFO); + v.addElement(PROP_AD + Integer.toString(i) + "_" + PROP_LOCATION + ";" + + IGeneralNameUtil.GENNAME_VALUE_INFO); } return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); } diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java index 545d972dc..12f2a74ff 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java @@ -331,7 +331,8 @@ public class BasicConstraintsExt extends APolicyRule if (mMaxPathLen > -1) { if (pathLen > mMaxPathLen || pathLen < 0) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", NAME, "unlimited", String.valueOf(pathLen))); + CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", NAME, "unlimited", + String.valueOf(pathLen))); if (pathLen < 0) setError(req, CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG", NAME, "unlimited", Integer.toString(mMaxPathLen)), ""); @@ -489,7 +490,8 @@ public class BasicConstraintsExt extends APolicyRule public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - PROP_MAXPATHLEN + ";number;'0' means : no subordinates allowed, 'n' means : at most n subordinates allowed.", + PROP_MAXPATHLEN + + ";number;'0' means : no subordinates allowed, 'n' means : at most n subordinates allowed.", PROP_IS_CRITICAL + ";boolean;" + "RFC 2459 recommendation: MUST be critical in CA certs, SHOULD NOT appear in EE certs.", PROP_IS_CA + ";boolean;" + diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java index cc8753cee..4ba2a44dc 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java @@ -174,18 +174,25 @@ public class CRLDistributionPointsExt extends APolicyRule "The type of the CRL distribution point."); v.addElement(PROP_POINT_NAME + Integer.toString(i) + ";string;" + "The name of the CRL distribution point depending on the CRLDP type."); - v.addElement(PROP_REASONS + Integer.toString(i) + ";string;" + + v.addElement(PROP_REASONS + + Integer.toString(i) + + ";string;" + + "The revocation reasons for the CRL maintained at this distribution point. It's a comma-seperated list of the following constants: unused, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold."); v.addElement(PROP_ISSUER_TYPE + Integer.toString(i) + ";choice(" + "DirectoryName,URI);" + "The type of the issuer that has signed the CRL maintained at this distribution point."); - v.addElement(PROP_ISSUER_NAME + Integer.toString(i) + ";string;" + + v.addElement(PROP_ISSUER_NAME + + Integer.toString(i) + + ";string;" + + "The name of the issuer that has signed the CRL maintained at this distribution point. The value depends on the issuer type."); } v.addElement(PROP_NUM_POINTS + ";number;The total number of CRL distribution points to be contained or allowed in the extension."); - v.addElement(PROP_IS_CRITICAL + + v.addElement(PROP_IS_CRITICAL + + ";boolean;RFC 2459 recommendation: SHOULD be non-critical. But recommends support for this extension by CAs and applications."); v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-crldistributionpoints"); diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java index 7a42cc6f1..76f4f04c7 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java @@ -281,7 +281,8 @@ public class CertificatePoliciesExt extends APolicyRule Vector theparams = new Vector(); theparams.addElement(PROP_CRITICAL + ";boolean;RFC 3280 recommendation: MUST be non-critical."); - theparams.addElement(PROP_NUM_CERTPOLICIES + ";number; Number of certificate policies. The value must be greater than or equal to 1"); + theparams.addElement(PROP_NUM_CERTPOLICIES + + ";number; Number of certificate policies. The value must be greater than or equal to 1"); for (int k = 0; k < 5; k++) { String certPolicykDot = PROP_CERTPOLICY + k + "."; diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java index 37a11343b..305c11b2e 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java @@ -202,8 +202,10 @@ public class CertificateRenewalWindowExt extends APolicyRule public String[] getExtendedPluginInfo(Locale locale) { String[] params = { PROP_CRITICAL + ";boolean;Netscape recommendation: non-critical.", - PROP_BEGIN_TIME + ";string;Start Time in seconds (Relative to the time of issuance). Optionally, time unit (s - seconds, m - minutes, h - hours, D - days, M - months) can be specified right after the value. For example, 5 days can be expressed as 5D.", - PROP_END_TIME + ";string;End Time in seconds (Optional, Relative to the time of issuance). Optionally, time unit (s - seconds, m - minutes, h - hours, D - days, M - months) can be specified right after the value. For example, 5 days can be expressed as 5D.", + PROP_BEGIN_TIME + + ";string;Start Time in seconds (Relative to the time of issuance). Optionally, time unit (s - seconds, m - minutes, h - hours, D - days, M - months) can be specified right after the value. For example, 5 days can be expressed as 5D.", + PROP_END_TIME + + ";string;End Time in seconds (Optional, Relative to the time of issuance). Optionally, time unit (s - seconds, m - minutes, h - hours, D - days, M - months) can be specified right after the value. For example, 5 days can be expressed as 5D.", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-certificaterenewalwindow", IExtendedPluginInfo.HELP_TEXT + diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java index bf89d486a..35e5be1ad 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java @@ -89,8 +89,10 @@ public class CertificateScopeOfUseExt extends APolicyRule implements for (int i = 0; i < MAX_ENTRY; i++) { v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_NAME + ";" + IGeneralNameUtil.GENNAME_VALUE_INFO); - v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_NAME_TYPE + ";" + IGeneralNameUtil.GENNAME_CHOICE_INFO); - v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_PORT_NUMBER + ";string;" + "The port number (optional)."); + v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_NAME_TYPE + ";" + + IGeneralNameUtil.GENNAME_CHOICE_INFO); + v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_PORT_NUMBER + ";string;" + + "The port number (optional)."); } return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); } diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java index 4bba5d371..98ab09166 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java @@ -198,12 +198,16 @@ public class ExtendedKeyUsageExt extends APolicyRule } } for (int i = 0; i < mNum; i++) { - v.addElement(PROP_PURPOSE_ID + Integer.toString(i) + ";string;" + + v.addElement(PROP_PURPOSE_ID + + Integer.toString(i) + + ";string;" + + "A unique,valid OID specified in dot-separated numeric component notation. e.g. 2.16.840.1.113730.1.99"); } v.addElement(PROP_NUM_IDS + ";number;The total number of policy IDs."); - v.addElement(PROP_CRITICAL + + v.addElement(PROP_CRITICAL + + ";boolean;RFC 2459 recommendation: This extension may, at the option of the certificate issuer, be either critical or non-critical."); v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-extendedkeyusage"); diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java b/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java index 0ebe6c136..d8c176130 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java @@ -124,45 +124,195 @@ public class GenericASN1Ext extends APolicyRule implements PROP_OID + ";string;OID number for this extension. It should be unique.", PROP_PATTERN + ";string;Pattern for extension; {012}34", // Attribute 0 - PROP_ATTRIBUTE + "." + "0" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", - PROP_ATTRIBUTE + "." + "0" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", - PROP_ATTRIBUTE + "." + "0" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", + PROP_ATTRIBUTE + + "." + + "0" + + "." + + PROP_TYPE + + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", + PROP_ATTRIBUTE + + "." + + "0" + + "." + + PROP_SOURCE + + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", + PROP_ATTRIBUTE + + "." + + "0" + + "." + + PROP_VALUE + + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", // Attribute 1 - PROP_ATTRIBUTE + "." + "1" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", - PROP_ATTRIBUTE + "." + "1" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", - PROP_ATTRIBUTE + "." + "1" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", + PROP_ATTRIBUTE + + "." + + "1" + + "." + + PROP_TYPE + + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", + PROP_ATTRIBUTE + + "." + + "1" + + "." + + PROP_SOURCE + + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", + PROP_ATTRIBUTE + + "." + + "1" + + "." + + PROP_VALUE + + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", // Attribute 2 - PROP_ATTRIBUTE + "." + "2" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", - PROP_ATTRIBUTE + "." + "2" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", - PROP_ATTRIBUTE + "." + "2" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", + PROP_ATTRIBUTE + + "." + + "2" + + "." + + PROP_TYPE + + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", + PROP_ATTRIBUTE + + "." + + "2" + + "." + + PROP_SOURCE + + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", + PROP_ATTRIBUTE + + "." + + "2" + + "." + + PROP_VALUE + + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", // Attribute 3 - PROP_ATTRIBUTE + "." + "3" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", - PROP_ATTRIBUTE + "." + "3" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", - PROP_ATTRIBUTE + "." + "3" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", + PROP_ATTRIBUTE + + "." + + "3" + + "." + + PROP_TYPE + + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", + PROP_ATTRIBUTE + + "." + + "3" + + "." + + PROP_SOURCE + + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", + PROP_ATTRIBUTE + + "." + + "3" + + "." + + PROP_VALUE + + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", // Attribute 4 - PROP_ATTRIBUTE + "." + "4" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", - PROP_ATTRIBUTE + "." + "4" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", - PROP_ATTRIBUTE + "." + "4" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", + PROP_ATTRIBUTE + + "." + + "4" + + "." + + PROP_TYPE + + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", + PROP_ATTRIBUTE + + "." + + "4" + + "." + + PROP_SOURCE + + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", + PROP_ATTRIBUTE + + "." + + "4" + + "." + + PROP_VALUE + + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", // Attribute 5 - PROP_ATTRIBUTE + "." + "5" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", - PROP_ATTRIBUTE + "." + "5" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", - PROP_ATTRIBUTE + "." + "5" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", + PROP_ATTRIBUTE + + "." + + "5" + + "." + + PROP_TYPE + + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", + PROP_ATTRIBUTE + + "." + + "5" + + "." + + PROP_SOURCE + + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", + PROP_ATTRIBUTE + + "." + + "5" + + "." + + PROP_VALUE + + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", // Attribute 6 - PROP_ATTRIBUTE + "." + "6" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", - PROP_ATTRIBUTE + "." + "6" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", - PROP_ATTRIBUTE + "." + "6" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", + PROP_ATTRIBUTE + + "." + + "6" + + "." + + PROP_TYPE + + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", + PROP_ATTRIBUTE + + "." + + "6" + + "." + + PROP_SOURCE + + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", + PROP_ATTRIBUTE + + "." + + "6" + + "." + + PROP_VALUE + + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", // Attribute 7 - PROP_ATTRIBUTE + "." + "7" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", - PROP_ATTRIBUTE + "." + "7" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", - PROP_ATTRIBUTE + "." + "7" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", + PROP_ATTRIBUTE + + "." + + "7" + + "." + + PROP_TYPE + + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", + PROP_ATTRIBUTE + + "." + + "7" + + "." + + PROP_SOURCE + + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", + PROP_ATTRIBUTE + + "." + + "7" + + "." + + PROP_VALUE + + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", // Attribute 8 - PROP_ATTRIBUTE + "." + "8" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", - PROP_ATTRIBUTE + "." + "8" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", - PROP_ATTRIBUTE + "." + "8" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", + PROP_ATTRIBUTE + + "." + + "8" + + "." + + PROP_TYPE + + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", + PROP_ATTRIBUTE + + "." + + "8" + + "." + + PROP_SOURCE + + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", + PROP_ATTRIBUTE + + "." + + "8" + + "." + + PROP_VALUE + + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", // Attribute 9 - PROP_ATTRIBUTE + "." + "9" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", - PROP_ATTRIBUTE + "." + "9" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", - PROP_ATTRIBUTE + "." + "9" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", + PROP_ATTRIBUTE + + "." + + "9" + + "." + + PROP_TYPE + + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", + PROP_ATTRIBUTE + + "." + + "9" + + "." + + PROP_SOURCE + + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", + PROP_ATTRIBUTE + + "." + + "9" + + "." + + PROP_VALUE + + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-genericasn1ext", IExtendedPluginInfo.HELP_TEXT + @@ -329,7 +479,8 @@ public class GenericASN1Ext extends APolicyRule implements certInfo = ci[j]; if (certInfo == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", "")); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME, "Configuration Info Error"); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME, + "Configuration Info Error"); return PolicyResult.REJECTED; // unrecoverable error. } diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java index 7dc35a1a0..e89aa8488 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java @@ -315,15 +315,24 @@ public class KeyUsageExt extends APolicyRule public String[] getExtendedPluginInfo(Locale locale) { String[] params = { PROP_CRITICAL + ";boolean;RFC 2459 recommendation: SHOULD be critical", - PROP_DIGITAL_SIGNATURE + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", - PROP_NON_REPUDIATION + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", - PROP_KEY_ENCIPHERMENT + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", - PROP_DATA_ENCIPHERMENT + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", - PROP_KEY_AGREEMENT + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", - PROP_KEY_CERTSIGN + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", - PROP_CRL_SIGN + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", - PROP_ENCIPHER_ONLY + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", - PROP_DECIPHER_ONLY + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", + PROP_DIGITAL_SIGNATURE + + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", + PROP_NON_REPUDIATION + + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", + PROP_KEY_ENCIPHERMENT + + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", + PROP_DATA_ENCIPHERMENT + + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", + PROP_KEY_AGREEMENT + + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", + PROP_KEY_CERTSIGN + + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", + PROP_CRL_SIGN + + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", + PROP_ENCIPHER_ONLY + + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", + PROP_DECIPHER_ONLY + + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-keyusage", IExtendedPluginInfo.HELP_TEXT + diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java index a349d2868..ec0de7355 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java @@ -274,8 +274,10 @@ public class PolicyConstraintsExt extends APolicyRule String[] params = { PROP_CRITICAL + ";boolean;RFC 2459 recommendation: may be critical or non-critical.", - PROP_REQ_EXPLICIT_POLICY + ";integer;Number of addional certificates that may appear in the path before an explicit policy is required. If less than 0 this field is unset in the extension.", - PROP_INHIBIT_POLICY_MAPPING + ";integer;Number of addional certificates that may appear in the path before policy mapping is no longer permitted. If less than 0 this field is unset in the extension.", + PROP_REQ_EXPLICIT_POLICY + + ";integer;Number of addional certificates that may appear in the path before an explicit policy is required. If less than 0 this field is unset in the extension.", + PROP_INHIBIT_POLICY_MAPPING + + ";integer;Number of addional certificates that may appear in the path before policy mapping is no longer permitted. If less than 0 this field is unset in the extension.", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-policyconstraints" }; diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java index 2174485ff..22c2e85bc 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java @@ -296,7 +296,8 @@ public class PolicyMappingsExt extends APolicyRule Vector theparams = new Vector(); theparams.addElement(PROP_CRITICAL + ";boolean;RFC 2459 recommendation: MUST be non-critical."); - theparams.addElement(PROP_NUM_POLICYMAPPINGS + ";number; Number of policy mappings. The value must be greater than or equal to 1"); + theparams.addElement(PROP_NUM_POLICYMAPPINGS + + ";number; Number of policy mappings. The value must be greater than or equal to 1"); String policyInfo = ";string;An object identifier in the form n.n.n.n"; diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java index 1c2e89ff6..197d1585e 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java @@ -95,7 +95,8 @@ public class RemoveBasicConstraintsExt extends APolicyRule if (extensions != null) { try { extensions.delete(BasicConstraintsExtension.NAME); - CMS.debug("PolicyRule RemoveBasicConstraintsExt: removed the extension from request " + req.getRequestId().toString()); + CMS.debug("PolicyRule RemoveBasicConstraintsExt: removed the extension from request " + + req.getRequestId().toString()); } catch (IOException e) { } } diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java index 33a8c3719..86263e484 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java @@ -93,7 +93,8 @@ public class SubjAltNameExt extends APolicyRule public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - PROP_CRITICAL + ";boolean;RFC 2459 recommendation: If the certificate subject field contains an empty sequence, the subjectAltName extension MUST be marked critical.", + PROP_CRITICAL + + ";boolean;RFC 2459 recommendation: If the certificate subject field contains an empty sequence, the subjectAltName extension MUST be marked critical.", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-subjaltname", IExtendedPluginInfo.HELP_TEXT + diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java index f74578394..9a54a7aad 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java @@ -306,7 +306,8 @@ public class SubjectAltNameExt extends APolicyRule // extended plugin info. Vector info = new Vector(); - info.addElement(PROP_CRITICAL + ";boolean;RFC2459 recommendation: If the certificate subject field contains an empty sequence, the extension MUST be marked critical."); + info.addElement(PROP_CRITICAL + + ";boolean;RFC2459 recommendation: If the certificate subject field contains an empty sequence, the extension MUST be marked critical."); info.addElement(IGeneralNameUtil.PROP_NUM_GENERALNAMES_INFO); for (int i = 0; i < IGeneralNameUtil.DEF_NUM_GENERALNAMES; i++) { CMS.getSubjAltNameConfigExtendedPluginInfo( diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java index 26009141c..f7e18e8ca 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java @@ -236,7 +236,8 @@ public class SubjectDirectoryAttributesExt extends APolicyRule v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-subjectdirectoryattributes"); - v.addElement(IExtendedPluginInfo.HELP_TEXT + + v.addElement(IExtendedPluginInfo.HELP_TEXT + + ";Adds Subject Directory Attributes extension. See RFC 2459 (4.2.1.9). It's not recommended as an essential part of the profile, but may be used in local environments."); mEPI = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); diff --git a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java index 2f95f91bc..0cba2f685 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java @@ -877,18 +877,22 @@ public abstract class BasicProfile implements IProfile { // noDefaultImpl, genericExtDefaultImpl if ((curDefaultClassId.equals(defaultClassId) && - !curDefaultClassId.equals(PROP_NO_DEFAULT) && !curDefaultClassId.equals(PROP_GENERIC_EXT_DEFAULT))) { + !curDefaultClassId.equals(PROP_NO_DEFAULT) && !curDefaultClassId + .equals(PROP_GENERIC_EXT_DEFAULT))) { matches++; if (createConfig) { if (matches == 1) { - CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId + + CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + + constraintClassId + " Contact System Administrator."); - throw new EProfileException("Attempt to add duplicate Policy : " + defaultClassId + ":" + constraintClassId); + throw new EProfileException("Attempt to add duplicate Policy : " + defaultClassId + ":" + + constraintClassId); } } else { if (matches > 1) { - CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId + + CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + + constraintClassId + " Contact System Administrator."); } } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java index 44d7454e0..64abe57a5 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java @@ -376,7 +376,8 @@ public abstract class EnrollProfile extends BasicProfile org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); - org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData) cmcReq.getInterpretedContent(); + org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData) cmcReq + .getInterpretedContent(); org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); OCTET_STRING content = ci.getContent(); @@ -728,14 +729,16 @@ public abstract class EnrollProfile extends BasicProfile INTEGER num = (INTEGER) (bodyIds.elementAt(i)); if (num.toString().equals(reqId.toString())) { donePOP = true; - CMS.debug("EnrollProfile: skip POP for request: " + reqId.toString() + " because LRA POP Witness control is found."); + CMS.debug("EnrollProfile: skip POP for request: " + reqId.toString() + + " because LRA POP Witness control is found."); break; } } } if (!donePOP) { - CMS.debug("EnrollProfile: not skip POP for request: " + reqId.toString() + " because this request id is not part of the body list in LRA Pop witness control."); + CMS.debug("EnrollProfile: not skip POP for request: " + reqId.toString() + + " because this request id is not part of the body list in LRA Pop witness control."); verifyPOP(locale, crm); } } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java index f71d8b23a..8a00f3f32 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java @@ -89,8 +89,10 @@ public class ServerCertCAEnrollProfile extends CAEnrollProfile IPolicyDefault def4 = policy4.getDefault(); IConfigStore defConfig4 = def4.getConfigStore(); defConfig4.putString("params.signingAlg", "-"); - defConfig4.putString("params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); + defConfig4 + .putString( + "params.signingAlgsAllowed", + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); diff --git a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java index 34cd4bf54..69414707e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java @@ -93,8 +93,10 @@ public class UserCertCAEnrollProfile extends CAEnrollProfile IPolicyDefault def4 = policy4.getDefault(); IConfigStore defConfig4 = def4.getConfigStore(); defConfig4.putString("params.signingAlg", "-"); - defConfig4.putString("params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); + defConfig4 + .putString( + "params.signingAlgsAllowed", + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java index eb66783ec..8bc16544c 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java @@ -55,13 +55,20 @@ public class KeyConstraint extends EnrollConstraint { public static final String CONFIG_KEY_TYPE = "keyType"; // (EC, RSA) public static final String CONFIG_KEY_PARAMETERS = "keyParameters"; - private static final String[] ecCurves = { "nistp256", "nistp384", "nistp521", "sect163k1", "nistk163", "sect163r1", "sect163r2", - "nistb163", "sect193r1", "sect193r2", "sect233k1", "nistk233", "sect233r1", "nistb233", "sect239k1", "sect283k1", "nistk283", - "sect283r1", "nistb283", "sect409k1", "nistk409", "sect409r1", "nistb409", "sect571k1", "nistk571", "sect571r1", "nistb571", - "secp160k1", "secp160r1", "secp160r2", "secp192k1", "secp192r1", "nistp192", "secp224k1", "secp224r1", "nistp224", "secp256k1", - "secp256r1", "secp384r1", "secp521r1", "prime192v1", "prime192v2", "prime192v3", "prime239v1", "prime239v2", "prime239v3", "c2pnb163v1", - "c2pnb163v2", "c2pnb163v3", "c2pnb176v1", "c2tnb191v1", "c2tnb191v2", "c2tnb191v3", "c2pnb208w1", "c2tnb239v1", "c2tnb239v2", "c2tnb239v3", - "c2pnb272w1", "c2pnb304w1", "c2tnb359w1", "c2pnb368w1", "c2tnb431r1", "secp112r1", "secp112r2", "secp128r1", "secp128r2", "sect113r1", "sect113r2", + private static final String[] ecCurves = { "nistp256", "nistp384", "nistp521", "sect163k1", "nistk163", + "sect163r1", "sect163r2", + "nistb163", "sect193r1", "sect193r2", "sect233k1", "nistk233", "sect233r1", "nistb233", "sect239k1", + "sect283k1", "nistk283", + "sect283r1", "nistb283", "sect409k1", "nistk409", "sect409r1", "nistb409", "sect571k1", "nistk571", + "sect571r1", "nistb571", + "secp160k1", "secp160r1", "secp160r2", "secp192k1", "secp192r1", "nistp192", "secp224k1", "secp224r1", + "nistp224", "secp256k1", + "secp256r1", "secp384r1", "secp521r1", "prime192v1", "prime192v2", "prime192v3", "prime239v1", + "prime239v2", "prime239v3", "c2pnb163v1", + "c2pnb163v2", "c2pnb163v3", "c2pnb176v1", "c2tnb191v1", "c2tnb191v2", "c2tnb191v3", "c2pnb208w1", + "c2tnb239v1", "c2tnb239v2", "c2tnb239v3", + "c2pnb272w1", "c2pnb304w1", "c2tnb359w1", "c2pnb368w1", "c2tnb431r1", "secp112r1", "secp112r2", + "secp128r1", "secp128r2", "sect113r1", "sect113r2", "sect131r1", "sect131r2" }; diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java index 6dce4e6e7..8f78945f6 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java @@ -122,7 +122,8 @@ public class RenewGracePeriodConstraint extends EnrollConstraint { Date current = CMS.getCurrentDate(); long millisDiff = origExpDate.getTime() - current.getTime(); - CMS.debug("validateRenewGracePeriod: millisDiff=" + millisDiff + " origExpDate=" + origExpDate.getTime() + " current=" + current.getTime()); + CMS.debug("validateRenewGracePeriod: millisDiff=" + millisDiff + " origExpDate=" + origExpDate.getTime() + + " current=" + current.getTime()); /* * "days", if positive, has to be less than renew_grace_before diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java index 2c5785501..2125bb81e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java @@ -144,7 +144,8 @@ public class SigningAlgConstraint extends EnrollConstraint { } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_SIGNING_ALG_TEXT", getConfig(CONFIG_ALGORITHMS_ALLOWED)); + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_SIGNING_ALG_TEXT", + getConfig(CONFIG_ALGORITHMS_ALLOWED)); } public boolean isApplicable(IPolicyDefault def) { diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java index 53fe471ae..abfef548d 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java @@ -141,7 +141,8 @@ public class ValidityConstraint extends EnrollConstraint { } long millisDiff = notAfter.getTime() - notBefore.getTime(); - CMS.debug("ValidityConstraint: millisDiff=" + millisDiff + " notAfter=" + notAfter.getTime() + " notBefore=" + notBefore.getTime()); + CMS.debug("ValidityConstraint: millisDiff=" + millisDiff + " notAfter=" + notAfter.getTime() + " notBefore=" + + notBefore.getTime()); long long_days = (millisDiff / 1000) / 86400; CMS.debug("ValidityConstraint: long_days: " + long_days); int days = (int) long_days; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java index 1726ec6b1..c9ea70624 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java @@ -150,7 +150,8 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD")); } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) { - return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", + return new Descriptor(IDescriptor.CHOICE, + "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", "URIName", CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE")); } else if (name.startsWith(CONFIG_AD_LOCATION)) { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java index 4a5c72a15..6668ee823 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java @@ -172,7 +172,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE); addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE); addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG); - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + + CONFIG_USERNOTICE_NUMBERS); addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT); } } @@ -301,23 +302,30 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { locale, "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); CertificatePolicyId cpolicyId = getPolicyId(policyId); - String qualifersNum = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM); + String qualifersNum = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + + CONFIG_POLICY_QUALIFIERS_NUM); PolicyQualifiers policyQualifiers = new PolicyQualifiers(); int num = 0; if (qualifersNum != null && qualifersNum.length() > 0) num = Integer.parseInt(qualifersNum); for (int j = 0; j < num; j++) { - String cpsuriEnable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE); - String usernoticeEnable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE); + String cpsuriEnable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + + SEPARATOR + CONFIG_CPSURI_ENABLE); + String usernoticeEnable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + + SEPARATOR + CONFIG_USERNOTICE_ENABLE); if (cpsuriEnable != null && cpsuriEnable.equals("true")) { - String cpsuri = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE); + String cpsuri = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + + SEPARATOR + CONFIG_CPSURI_VALUE); netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); if (qualifierInfo != null) policyQualifiers.add(qualifierInfo); } else if (usernoticeEnable != null && enable.equals("true")) { - String org = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG); - String noticenumbers = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); - String explicitText = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT); + String org = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + + SEPARATOR + CONFIG_USERNOTICE_ORG); + String noticenumbers = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); + String explicitText = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + + SEPARATOR + CONFIG_USERNOTICE_TEXT); netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org, noticenumbers, explicitText); if (qualifierInfo != null) @@ -447,7 +455,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append(":"); sb.append(""); sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_ENABLE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + + CONFIG_USERNOTICE_ENABLE); sb.append(":"); sb.append("false"); sb.append("\n"); @@ -455,7 +464,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append(":"); sb.append(""); sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + + CONFIG_USERNOTICE_NUMBERS); sb.append(":"); sb.append(""); sb.append("\n"); @@ -517,7 +527,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append(":"); sb.append(org); sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + + CONFIG_USERNOTICE_NUMBERS); sb.append(":"); sb.append(noticeNum.toString()); sb.append("\n"); @@ -633,7 +644,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { if (enable != null && enable.equals("true")) { String policyId = substore.getString(CONFIG_POLICY_ID); CertificatePolicyId cpolicyId = getPolicyId(policyId); - CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " + i + " policyId=" + policyId); + CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " + i + " policyId=" + + policyId); int qualifierNum = getNumQualifiers(); PolicyQualifiers policyQualifiers = new PolicyQualifiers(); for (int j = 0; j < qualifierNum; j++) { @@ -709,7 +721,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { CPSuri cpsURI = new CPSuri(uri); netscape.security.x509.PolicyQualifierInfo policyQualifierInfo2 = - new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_CPS, cpsURI); + new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_CPS, + cpsURI); return policyQualifierInfo2; } @@ -762,7 +775,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { userNotice = new UserNotice(noticeReference, explicitText); netscape.security.x509.PolicyQualifierInfo policyQualifierInfo1 = - new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE, userNotice); + new netscape.security.x509.PolicyQualifierInfo( + netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE, userNotice); return policyQualifierInfo1; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java index e0f044351..d56eebc02 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java @@ -75,7 +75,8 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_TYPE)) { - return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", + return new Descriptor(IDescriptor.CHOICE, + "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", "RFC822Name", CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_ALT_NAME_TYPE")); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java index c40836518..c14f3239f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java @@ -183,7 +183,8 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_TYPE)) { - return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName,OtherName", + return new Descriptor(IDescriptor.CHOICE, + "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName,OtherName", "RFC822Name", CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_ALT_NAME_TYPE")); @@ -404,7 +405,8 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } ; - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_ALT_NAME_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_ALT_NAME_EXT", getConfig(CONFIG_CRITICAL), + sb.toString()); } /** @@ -467,7 +469,8 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { // function gname = mapPattern(randUUID.toString(), request, pattern); } else { //expand more server-gen types here - CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: " + source + ". Supported: UUID4"); + CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: " + + source + ". Supported: UUID4"); continue; } } else { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java index afc5f1f90..a145378ee 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java @@ -145,7 +145,8 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD")); } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) { - return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", + return new Descriptor(IDescriptor.CHOICE, + "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", "URIName", CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE")); } else if (name.startsWith(CONFIG_AD_LOCATION)) { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java index 6e36302ed..476db0e02 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java @@ -379,11 +379,13 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): screen name does not exist"); throw new EProfileException("screenname does not exist"); } - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = " + request.getExtDataInString("aoluid")); + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = " + + request.getExtDataInString("aoluid")); ; LDAPEntry entry = null; - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with " + mLdapStringAttrs.length + " attributes"); + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with " + mLdapStringAttrs.length + + " attributes"); LDAPSearchResults results = conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", mLdapStringAttrs, false); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java index 8f9759417..bbb3369ce 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java @@ -406,10 +406,12 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): " + searchName + " does not exist"); throw new EProfileException("id does not exist"); } - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for " + searchName + " = " + request.getExtDataInString("uid")); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for " + searchName + " = " + + request.getExtDataInString("uid")); LDAPEntry entry = null; - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with " + mLdapStringAttrs.length + " attributes"); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with " + + mLdapStringAttrs.length + " attributes"); LDAPSearchResults results = conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", mLdapStringAttrs, false); @@ -425,7 +427,8 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { entry.getAttribute(mLdapStringAttrs[i]); if (la != null) { String[] sla = la.getStringValueArray(); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: " + mLdapStringAttrs[i] + + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: " + + mLdapStringAttrs[i] + "=" + escapeValueRfc1779(sla[0], false).toString()); request.setExtData(mLdapStringAttrs[i], escapeValueRfc1779(sla[0], false).toString()); } @@ -443,7 +446,8 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { if (conn != null) mConnFactory.returnConn(conn); } catch (Exception e) { - throw new EProfileException("nsTokenUserKeySubjectNameDefault: getSubjectName(): connection return failure"); + throw new EProfileException( + "nsTokenUserKeySubjectNameDefault: getSubjectName(): connection return failure"); } } return sbjname; diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java index 0cb367031..7f70722d0 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java @@ -331,7 +331,8 @@ class AVAPattern { attrNumberBuf1.toString().trim(); if (attrNumber1.length() == 0) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "nth element $req or $ext expected")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "nth element $req or $ext expected")); } try { diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java index 368143442..89f1ab8ee 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java @@ -231,7 +231,8 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT && mCreateCAEntry) { try { createCAEntry(conn, dn); diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java index a1f79a481..33c186c14 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java @@ -164,7 +164,8 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java index e12606b27..15f845cb6 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java @@ -233,7 +233,8 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); @@ -303,7 +304,8 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java index e2457b882..73549f1b5 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java @@ -285,7 +285,8 @@ public class LdapDNCompsMap // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java index 52074a939..5db61f94d 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java @@ -533,7 +533,8 @@ public class LdapEnhancedMap log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT && mCreateEntry) { diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java index 2757bc588..4cb73e1d8 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java @@ -203,7 +203,8 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn, ((req == null) ? "" : req.getRequestId().toString()))); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn, ((req == null) ? "" : req + .getRequestId().toString()))); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", ((req == null) ? "" : req.getRequestId().toString()))); } @@ -211,7 +212,8 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { return entry.getDN(); else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn, ((req == null) ? "" : req.getRequestId().toString()))); + CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn, ((req == null) ? "" : req.getRequestId() + .toString()))); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", "null entry")); } @@ -223,7 +225,8 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java index 00ddbde57..076ba6b30 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java @@ -192,9 +192,11 @@ class MapAVAPattern { in.read() != 'd' || in.read() != 'n' || in.read() != '.') - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid $ syntax, expecting $rdn")); } catch (IOException e) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid $ syntax, expecting $rdn")); } StringBuffer rdnNumberBuf = new StringBuffer(); @@ -214,11 +216,13 @@ class MapAVAPattern { String rdnNumber = rdnNumberBuf.toString().trim(); if (rdnNumber.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$rdn number not set in ava pattern")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "$rdn number not set in ava pattern")); try { mElement = Integer.parseInt(rdnNumber) - 1; } catch (NumberFormatException e) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $rdn number in ava pattern")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid $rdn number in ava pattern")); } return; } @@ -243,7 +247,8 @@ class MapAVAPattern { CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } if (c != '=') - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Missing \"=\" in ava pattern")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Missing \"=\" in ava pattern")); // read value //System.out.println("reading value"); @@ -259,7 +264,8 @@ class MapAVAPattern { CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } if (c == -1) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "no value after = in ava pattern")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "no value after = in ava pattern")); if (c == '$') { // check for $subj $ext or $req @@ -323,7 +329,8 @@ class MapAVAPattern { //System.out.println("----- attrName "+attrName); if (attrName.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "attribute name expected")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "attribute name expected")); mAttr = attrName; /* @@ -525,7 +532,8 @@ class MapAVAPattern { if (mValue.equalsIgnoreCase(SubjectAlternativeNameExtension.NAME)) { try { GeneralNames subjectNames = (GeneralNames) - ((SubjectAlternativeNameExtension) ext).get(SubjectAlternativeNameExtension.SUBJECT_NAME); + ((SubjectAlternativeNameExtension) ext) + .get(SubjectAlternativeNameExtension.SUBJECT_NAME); if (subjectNames.size() == 0) break; diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java index aa49225c0..b8d6a8e54 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java @@ -94,17 +94,21 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - PROP_DIR + ";string;Directory in which to put the files (absolute path or relative path to cert-* instance directory).", + PROP_DIR + + ";string;Directory in which to put the files (absolute path or relative path to cert-* instance directory).", PROP_DER + ";boolean;Store certificates or CRLs into *.der files.", PROP_B64 + ";boolean;Store certificates or CRLs into *.b64 files.", - PROP_GMT + ";choice(LocalTime,GMT);Use local time or GMT to time stamp CRL file name with CRL's 'thisUpdate' field.", - PROP_LNK + ";boolean;Generate link to the latest binary CRL. It requires '" + PROP_DER + "' to be enabled.", + PROP_GMT + + ";choice(LocalTime,GMT);Use local time or GMT to time stamp CRL file name with CRL's 'thisUpdate' field.", + PROP_LNK + ";boolean;Generate link to the latest binary CRL. It requires '" + PROP_DER + + "' to be enabled.", PROP_EXT + ";string;Name extension used by link to the latest CRL. Default name extension is 'der'.", PROP_ZIP + ";boolean;Generate compressed CRLs.", PROP_LEV + ";choice(0,1,2,3,4,5,6,7,8,9);Set compression level from 0 to 9.", IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-publisher-filepublisher", - IExtendedPluginInfo.HELP_TEXT + + IExtendedPluginInfo.HELP_TEXT + + ";Stores the certificates or CRLs into files. Certificate is named as cert-<serialno>.der or *.b64, and CRL is named as <IssuingPoint>-<thisUpdate-time>.der or *.b64." }; diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java index ac1d26026..29b874a94 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java @@ -314,7 +314,8 @@ public class LdapCaCertPublisher // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CACERT_ERROR", e.toString())); @@ -399,7 +400,8 @@ public class LdapCaCertPublisher // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_CACERT_ERROR", e.toString())); diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java index 791b8acc9..e2c41a591 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java @@ -211,7 +211,8 @@ public class LdapCertSubjPublisher implements ILdapPublisher { // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); @@ -325,7 +326,8 @@ public class LdapCertSubjPublisher implements ILdapPublisher { // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString())); diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java index 152a1efb6..624cb1478 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java @@ -289,7 +289,8 @@ public class LdapCertificatePairPublisher // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString())); throw new ELdapException("error publishing cross cert pair:" + e.toString()); diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java index 07b62e900..7c069f398 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java @@ -285,7 +285,8 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CRL_ERROR", e.toString())); @@ -361,7 +362,8 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_CRL_ERROR", e.toString())); diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java index 67f0fca90..337c5a383 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java @@ -168,7 +168,8 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); @@ -215,7 +216,8 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString())); diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java index aa1a7ef75..8c74382a7 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java @@ -205,7 +205,8 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); @@ -272,7 +273,8 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR")); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString())); diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java index 5b3a8c5a5..1d68d3bc4 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java @@ -190,10 +190,12 @@ public class AdminServlet extends HttpServlet { } CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_DONE", mServletID)); } else { // PROP_AUTHZ_MGR not specified, use default authzmgr - CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_ACL, mServletID, AUTHZ_MGR_LDAP)); + CMS.debug("AdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_ACL, mServletID, AUTHZ_MGR_LDAP)); } } else { // PROP_AUTHZ_MGR not specified, use default authzmgr - CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_AUTHZ_MGR, mServletID, AUTHZ_MGR_LDAP)); + CMS.debug("AdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_AUTHZ_MGR, mServletID, AUTHZ_MGR_LDAP)); } } else { diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java index ceffb7c28..d1924aa93 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java @@ -407,8 +407,10 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); - sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), + sendResponse( + ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", + id)).toString(), null, resp); return; } @@ -709,8 +711,10 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); - sendResponse(ERROR, - new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), + sendResponse( + ERROR, + new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), null, resp); return; } @@ -762,8 +766,10 @@ public class AuthAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); - sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + sendResponse( + ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), null, resp); return; } catch (InstantiationException e) { @@ -777,8 +783,10 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); instancesConfig.removeSubStore(id); - sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + sendResponse( + ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), null, resp); return; } catch (IllegalAccessException e) { @@ -792,8 +800,10 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); instancesConfig.removeSubStore(id); - sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + sendResponse( + ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), null, resp); return; } @@ -1011,8 +1021,10 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); - sendResponse(ERROR, - new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), + sendResponse( + ERROR, + new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), null, resp); return; } @@ -1181,8 +1193,10 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); - sendResponse(ERROR, - new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(), + sendResponse( + ERROR, + new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", + id)).toString(), null, resp); return; } @@ -1330,8 +1344,10 @@ public class AuthAdminServlet extends AdminServlet { // does auth manager instance exist? if (mAuths.getInstances().containsKey(id) == false) { - sendResponse(ERROR, - new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(), + sendResponse( + ERROR, + new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)) + .toString(), null, resp); return; } @@ -1469,8 +1485,10 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); - sendResponse(ERROR, - new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), + sendResponse( + ERROR, + new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), null, resp); return; } @@ -1546,8 +1564,10 @@ public class AuthAdminServlet extends AdminServlet { // cleanup restore(instancesConfig, id, saveParams); - sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + sendResponse( + ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), null, resp); return; } catch (InstantiationException e) { @@ -1561,8 +1581,10 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); restore(instancesConfig, id, saveParams); - sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + sendResponse( + ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), null, resp); return; } catch (IllegalAccessException e) { @@ -1576,8 +1598,10 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); restore(instancesConfig, id, saveParams); - sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + sendResponse( + ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), null, resp); return; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java index 7faae935f..7f5a96e9d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java @@ -2072,7 +2072,8 @@ public final class CMSAdminServlet extends AdminServlet { // nickname). // - CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: " + nicknameWithoutTokenName); + CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: " + + nicknameWithoutTokenName); try { jssSubSystem.importCert(pkcs, nicknameWithoutTokenName, certType); @@ -2082,7 +2083,8 @@ public final class CMSAdminServlet extends AdminServlet { String eString = e.toString(); if (eString.contains("Failed to find certificate that was just imported")) { - CMS.debug("CMSAdminServlet.installCert(): nickname=" + nicknameWithoutTokenName + " TokenException: " + eString); + CMS.debug("CMSAdminServlet.installCert(): nickname=" + nicknameWithoutTokenName + + " TokenException: " + eString); X509Certificate cert = null; try { @@ -2109,7 +2111,8 @@ public final class CMSAdminServlet extends AdminServlet { } else { nickname = tokenName + ":" + newNickname; } - CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname=" + nickname); + CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname=" + + nickname); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java index b310f8c95..7ebb64af1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java @@ -290,7 +290,8 @@ public class JobsAdminServlet extends AdminServlet { // is the job plugin id unique? if (mJobsSched.getPlugins().containsKey((Object) id)) { sendResponse(ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id)).toString(), + new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id)) + .toString(), null, resp); return; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java index 95ed2361f..256792245 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java @@ -474,7 +474,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_PLUGIN_ID", id)).toString(), + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_PLUGIN_ID", id)) + .toString(), null, resp); return; } @@ -803,8 +804,10 @@ public class LogAdminServlet extends AdminServlet { audit(auditMessage); } - sendResponse(ERROR, - new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", implname)).toString(), + sendResponse( + ERROR, + new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", implname)) + .toString(), null, resp); return; } @@ -862,7 +865,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)) + .toString(), null, resp); return; } catch (InstantiationException e) { @@ -880,7 +884,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)) + .toString(), null, resp); return; } catch (IllegalAccessException e) { @@ -898,7 +903,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)) + .toString(), null, resp); return; } @@ -1133,7 +1139,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(), + new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND", id)) + .toString(), null, resp); return; } @@ -1296,7 +1303,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", id)).toString(), + new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", id)) + .toString(), null, resp); return; } @@ -1543,8 +1551,10 @@ public class LogAdminServlet extends AdminServlet { audit(auditMessage); } - sendResponse(ERROR, - new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", implname)).toString(), null, resp); + sendResponse( + ERROR, + new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", implname)) + .toString(), null, resp); return; } @@ -1812,7 +1822,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)) + .toString(), null, resp); return; } catch (InstantiationException e) { @@ -1862,7 +1873,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)) + .toString(), null, resp); return; } catch (IllegalAccessException e) { @@ -1912,7 +1924,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)) + .toString(), null, resp); return; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java index 99f619358..47771a190 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java @@ -1968,7 +1968,9 @@ public class ProfileAdminServlet extends AdminServlet { if (desc == null) { nvp.add(name, ";" + ";" + rule.getConfig(name)); } else { - nvp.add(name, desc.getSyntax() + ";" + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + rule.getConfig(name)); + nvp.add(name, + desc.getSyntax() + ";" + ";" + getNonNull(desc.getConstraint()) + ";" + + desc.getDescription(getLocale(req)) + ";" + rule.getConfig(name)); } } sendResponse(SUCCESS, null, nvp, resp); @@ -2016,7 +2018,9 @@ public class ProfileAdminServlet extends AdminServlet { if (desc == null) { nvp.add(name, ";" + rule.getConfig(name)); } else { - nvp.add(name, desc.getSyntax() + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + rule.getConfig(name)); + nvp.add(name, + desc.getSyntax() + ";" + getNonNull(desc.getConstraint()) + ";" + + desc.getDescription(getLocale(req)) + ";" + rule.getConfig(name)); } } sendResponse(SUCCESS, null, nvp, resp); diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java index 22aa306e5..e8d80640e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java @@ -353,8 +353,10 @@ public class PublisherAdminServlet extends AdminServlet { String epi[] = new String[] { "type;choice(cacert,crl,certs,xcert);The certType of the request", - "mapper;choice(" + map.toString() + ");Use the mapper to find the ldap dn to publish the certificate or crl", - "publisher;choice(" + publish.toString() + ");Use the publisher to publish the certificate or crl a directory etc", + "mapper;choice(" + map.toString() + + ");Use the mapper to find the ldap dn to publish the certificate or crl", + "publisher;choice(" + publish.toString() + + ");Use the publisher to publish the certificate or crl a directory etc", "enable;boolean;", "predicate;string;" }; @@ -713,7 +715,8 @@ public class PublisherAdminServlet extends AdminServlet { try { //certNickName = authInfo.getParms()[0]; certNickName = ldap.getSubStore( - ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_CLIENTCERTNICKNAME); + ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString( + ILdapAuthInfo.PROP_CLIENTCERTNICKNAME); conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory( certNickName)); CMS.debug("Publishing Test certNickName=" + certNickName); @@ -723,7 +726,8 @@ public class PublisherAdminServlet extends AdminServlet { } catch (Exception ex) { params.add(Constants.PR_CONN_INIT_FAIL, "Create ssl LDAPConnection with certificate: " + - certNickName + dashes(70 - 44 - certNickName.length()) + " failure\n" + " exception: " + ex); + certNickName + dashes(70 - 44 - certNickName.length()) + " failure\n" + + " exception: " + ex); params.add(Constants.PR_SAVE_NOT, "\n \nIf the problem is not fixed then LDAP publishing will fail.\n" + "Do you want to save the configuration anyway?"); @@ -735,7 +739,8 @@ public class PublisherAdminServlet extends AdminServlet { params.add(Constants.PR_CONN_OK, "Connect to directory server " + host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success"); + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + + " Success"); params.add(Constants.PR_AUTH_OK, "Authentication: SSL client authentication" + dashes(70 - 41) + " Success" + @@ -796,7 +801,8 @@ public class PublisherAdminServlet extends AdminServlet { params.add(Constants.PR_CONN_OK, "Connect to directory server " + host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success"); + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + + " Success"); } catch (LDAPException ex) { if (ex.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is @@ -804,13 +810,15 @@ public class PublisherAdminServlet extends AdminServlet { params.add(Constants.PR_CONN_FAIL, "Connect to directory server " + host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + + " Failure" + "\nerror: server unavailable"); } else { params.add(Constants.PR_CONN_FAIL, "Connect to directory server " + host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + + " Failure" + "\nexception: " + ex); } params.add(Constants.PR_SAVE_NOT, @@ -1003,7 +1011,8 @@ public class PublisherAdminServlet extends AdminServlet { // is the manager id unique? if (mProcessor.getMapperPlugins().containsKey((Object) id)) { sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)) + .toString(), null, resp); return; } @@ -1036,7 +1045,8 @@ public class PublisherAdminServlet extends AdminServlet { // is the class an ILdapMapper? try { if (ILdapMapper.class.isAssignableFrom(newImpl) == false) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, + resp); return; } } catch (NullPointerException e) { // unlikely, only if newImpl null. @@ -1121,8 +1131,10 @@ public class PublisherAdminServlet extends AdminServlet { implname); if (plugin == null) { - sendResponse(ERROR, - new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(), + sendResponse( + ERROR, + new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", + implname)).toString(), null, resp); return; } @@ -1160,19 +1172,22 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } @@ -1289,7 +1304,8 @@ public class PublisherAdminServlet extends AdminServlet { // does a`mapper instance exist? if (mProcessor.getMapperInsts().containsKey(id) == false) { - sendResponse(ERROR, + sendResponse( + ERROR, new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), null, resp); return; @@ -1339,8 +1355,10 @@ public class PublisherAdminServlet extends AdminServlet { } if (mProcessor.getMapperPlugins().containsKey(id) == false) { - sendResponse(ERROR, - new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", id)).toString(), + sendResponse( + ERROR, + new EMapperPluginNotFound(CMS + .getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", id)).toString(), null, resp); return; } @@ -1428,7 +1446,8 @@ public class PublisherAdminServlet extends AdminServlet { // does mapper instance exist? if (mProcessor.getMapperInsts().containsKey(id) == false) { - sendResponse(ERROR, + sendResponse( + ERROR, new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), null, resp); return; @@ -1489,8 +1508,10 @@ public class PublisherAdminServlet extends AdminServlet { (MapperPlugin) mProcessor.getMapperPlugins().get(implname); if (plugin == null) { - sendResponse(ERROR, - new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(), + sendResponse( + ERROR, + new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", + implname)).toString(), null, resp); return; } @@ -1557,19 +1578,22 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } @@ -1630,7 +1654,8 @@ public class PublisherAdminServlet extends AdminServlet { // is the rule id unique? if (mProcessor.getRulePlugins().containsKey((Object) id)) { - sendResponse(ERROR, + sendResponse( + ERROR, new ELdapException(CMS.getUserMessage("CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(getLocale(req)), null, resp); return; @@ -1665,7 +1690,8 @@ public class PublisherAdminServlet extends AdminServlet { // is the class an ILdapRule? try { if (ILdapRule.class.isAssignableFrom(newImpl) == false) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, + resp); return; } } catch (NullPointerException e) { // unlikely, only if newImpl null. @@ -1739,8 +1765,10 @@ public class PublisherAdminServlet extends AdminServlet { implname); if (plugin == null) { - sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), + sendResponse( + ERROR, + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), null, resp); return; } @@ -1783,19 +1811,22 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } @@ -1912,7 +1943,8 @@ public class PublisherAdminServlet extends AdminServlet { // does rule exist? if (mProcessor.getRulePlugins().containsKey(id) == false) { sendResponse(ERROR, - new ERulePluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id)).toString(), + new ERulePluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id)) + .toString(), null, resp); return; } @@ -2185,19 +2217,22 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } @@ -2259,7 +2294,8 @@ public class PublisherAdminServlet extends AdminServlet { // is the manager id unique? if (mProcessor.getPublisherPlugins().containsKey((Object) id)) { sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)) + .toString(), null, resp); return; } @@ -2293,7 +2329,8 @@ public class PublisherAdminServlet extends AdminServlet { // is the class an ILdapPublisher? try { if (ILdapPublisher.class.isAssignableFrom(newImpl) == false) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, + resp); return; } } catch (NullPointerException e) { // unlikely, only if newImpl null. @@ -2369,8 +2406,10 @@ public class PublisherAdminServlet extends AdminServlet { implname); if (plugin == null) { - sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), + sendResponse( + ERROR, + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), null, resp); return; } @@ -2422,19 +2461,22 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } @@ -2553,8 +2595,10 @@ public class PublisherAdminServlet extends AdminServlet { // does publisher exist? if (mProcessor.getPublisherPlugins().containsKey(id) == false) { - sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id)).toString(), + sendResponse( + ERROR, + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id)).toString(), null, resp); return; } @@ -2614,7 +2658,8 @@ public class PublisherAdminServlet extends AdminServlet { // does publisher instance exist? if (mProcessor.getPublisherInsts().containsKey(id) == false) { sendResponse(ERROR, - new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), + new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)) + .toString(), null, resp); return; } @@ -2708,7 +2753,8 @@ public class PublisherAdminServlet extends AdminServlet { // does publisher instance exist? if (mProcessor.getPublisherInsts().containsKey(id) == false) { sendResponse(ERROR, - new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), + new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)) + .toString(), null, resp); return; } @@ -2779,8 +2825,10 @@ public class PublisherAdminServlet extends AdminServlet { (PublisherPlugin) mProcessor.getPublisherPlugins().get(implname); if (plugin == null) { - sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), + sendResponse( + ERROR, + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), null, resp); return; } @@ -2872,19 +2920,22 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java index 36cc7100c..41c07d810 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java @@ -287,9 +287,12 @@ public class RegistryAdminServlet extends AdminServlet { CMS.debug("RegistryAdminServlet: getSUpportedConstraint " + constraintInfo.getClassName()); if (policyConstraintClass.isApplicable(policyDefaultClass)) { - CMS.debug("RegistryAdminServlet: getSUpportedConstraint isApplicable " + constraintInfo.getClassName()); - nvp.add(constraintID, constraintInfo.getClassName() + "," + - constraintInfo.getDescription(getLocale(req)) + "," + constraintInfo.getName(getLocale(req))); + CMS.debug("RegistryAdminServlet: getSUpportedConstraint isApplicable " + + constraintInfo.getClassName()); + nvp.add(constraintID, + constraintInfo.getClassName() + "," + + constraintInfo.getDescription(getLocale(req)) + "," + + constraintInfo.getName(getLocale(req))); } } } @@ -341,7 +344,8 @@ public class RegistryAdminServlet extends AdminServlet { if (desc != null) { try { - String value = getNonNull(desc.getSyntax()) + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + getNonNull(desc.getDefaultValue()); + String value = getNonNull(desc.getSyntax()) + ";" + getNonNull(desc.getConstraint()) + ";" + + desc.getDescription(getLocale(req)) + ";" + getNonNull(desc.getDefaultValue()); CMS.debug("RegistryAdminServlet: getProfileImpl " + value); nvp.add(name, value); diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java index 799638e8d..65c005835 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java @@ -1115,7 +1115,8 @@ public class UsrGrpAdminServlet extends AdminServlet { return; } - CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CHAIN_STORED_DB", String.valueOf(p7certs.length))); + CMS.debug("UsrGrpAdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_CHAIN_STORED_DB", String.valueOf(p7certs.length))); int j = 0; int jBegin = 0; @@ -1130,7 +1131,9 @@ public class UsrGrpAdminServlet extends AdminServlet { } // store the chain into cert db, except for the user cert for (j = jBegin; j < jEnd; j++) { - CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_IN_CHAIN", String.valueOf(j), String.valueOf(p7certs[j].getSubjectDN()))); + CMS.debug("UsrGrpAdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_CERT_IN_CHAIN", String.valueOf(j), + String.valueOf(p7certs[j].getSubjectDN()))); org.mozilla.jss.crypto.X509Certificate leafCert = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java index a506a2b28..0c262fdf8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -493,7 +493,8 @@ public abstract class CMSServlet extends HttpServlet { Date endDate = CMS.getCurrentDate(); long endTime = endDate.getTime(); if (CMS.debugOn()) { - CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate=" + endDate + " id=" + mId + " time=" + (endTime - startTime)); + CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate=" + endDate + " id=" + mId + " time=" + + (endTime - startTime)); } iCommandQueue.unRegisterProccess((Object) cmsRequest, (Object) this); } catch (EBaseException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java index 6d91e1b28..f8625ce30 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java @@ -213,7 +213,8 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("Free Memory / Total Memory:"); response.getWriter().println("</td>"); response.getWriter().println("<td>"); - response.getWriter().println((Runtime.getRuntime().freeMemory() * 100) / Runtime.getRuntime().totalMemory() + "%"); + response.getWriter().println( + (Runtime.getRuntime().freeMemory() * 100) / Runtime.getRuntime().totalMemory() + "%"); response.getWriter().println("</td>"); response.getWriter().println("</tr>"); response.getWriter().println("</table>"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java index 66ca897f6..629c0e2c9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java @@ -236,7 +236,8 @@ public class CMCRevReqServlet extends CMSServlet { certs = new X509CertImpl[serialNoArray.length]; for (int i = 0; i < serialNoArray.length; i++) { - certs[i] = ((ICertificateAuthority) mAuthority).getCertificateRepository().getX509Certificate(serialNoArray[i]); + certs[i] = ((ICertificateAuthority) mAuthority).getCertificateRepository().getX509Certificate( + serialNoArray[i]); } } else if (mAuthority instanceof IRegistrationAuthority) { @@ -439,7 +440,8 @@ public class CMCRevReqServlet extends CMSServlet { Vector serialNumbers = new Vector(); if (revokeAll != null && revokeAll.length() > 0) { - for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) { + for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll + .indexOf('=', i)) { if (i > -1) { i++; while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') { diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java index 01245d4f1..d247dfa8b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java @@ -213,7 +213,8 @@ public class ChallengeRevocationServlet1 extends CMSServlet { certs = new X509CertImpl[serialNoArray.length]; for (int i = 0; i < serialNoArray.length; i++) { - certs[i] = ((ICertificateAuthority) mAuthority).getCertificateRepository().getX509Certificate(serialNoArray[i]); + certs[i] = ((ICertificateAuthority) mAuthority).getCertificateRepository().getX509Certificate( + serialNoArray[i]); } } else if (mAuthority instanceof IRegistrationAuthority) { @@ -370,7 +371,8 @@ public class ChallengeRevocationServlet1 extends CMSServlet { Vector serialNumbers = new Vector(); if (revokeAll != null && revokeAll.length() > 0) { - for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) { + for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll + .indexOf('=', i)) { if (i > -1) { i++; while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') { @@ -576,14 +578,16 @@ public class ChallengeRevocationServlet1 extends CMSServlet { if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { - CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", - updateStatusStr)); + CMS.debug("ChallengeRevcationServlet1: " + + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", + updateStatusStr)); header.addStringValue(updateStatusStr, "yes"); } else { String updateErrorStr = crl.getCrlUpdateErrorStr(); - CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", - updateStatusStr)); + CMS.debug("ChallengeRevcationServlet1: " + + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", + updateStatusStr)); header.addStringValue(updateStatusStr, "no"); String error = revReq.getExtDataInString(updateErrorStr); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java index a38a42f7a..18b9ddd60 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java @@ -308,7 +308,8 @@ public class DisplayBySerial extends CMSServlet { String rid = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); if (rid != null && mAuthority instanceof ICertificateAuthority) { - IRequest r = ((ICertificateAuthority) mAuthority).getRequestQueue().findRequest(new RequestId(rid)); + IRequest r = ((ICertificateAuthority) mAuthority).getRequestQueue().findRequest( + new RequestId(rid)); String certType = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); if (certType != null && certType.equals(IRequest.CLIENT_CERT)) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java index 0f2cd4135..3e4a064ba 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java @@ -397,7 +397,8 @@ public class DisplayCRL extends CMSServlet { } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_DELTA_CRL", e.toString())); header.addStringValue("error", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")) + .toString()); } if (deltaCRL != null) { BigInteger crlNumber = crlRecord.getCRLNumber(); @@ -431,7 +432,8 @@ public class DisplayCRL extends CMSServlet { if (i >= length) { IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k)); + rarg.addStringValue("crlBase64Encoded", + crlBase64Encoded.substring(j, k)); argSet.addRepeatRecord(rarg); } } else { @@ -439,11 +441,13 @@ public class DisplayCRL extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); if (k > -1) { - rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k)); + rarg.addStringValue("crlBase64Encoded", + crlBase64Encoded.substring(j, k)); i = k + 1; j = i; } else { - rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, length)); + rarg.addStringValue("crlBase64Encoded", + crlBase64Encoded.substring(j, length)); i = length; } argSet.addRepeatRecord(rarg); @@ -464,8 +468,10 @@ public class DisplayCRL extends CMSServlet { } } else if (!isCRLCacheEnabled && crlDisplayType.equals("cachedCRL")) { - header.addStringValue("error", CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId)); - header.addStringValue("crlPrettyPrint", CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId)); + header.addStringValue("error", + CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId)); + header.addStringValue("crlPrettyPrint", + CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId)); } else { header.addStringValue("error", new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java index 9e0f1f5b5..44b339c5a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java @@ -474,7 +474,8 @@ public class DoRevoke extends CMSServlet { // we do not want to revoke the CA certificate accidentially if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) { - CMS.debug("DoRevoke: skipped revocation request for system certificate " + xcert.getSerialNumber()); + CMS.debug("DoRevoke: skipped revocation request for system certificate " + + xcert.getSerialNumber()); continue; } @@ -486,7 +487,8 @@ public class DoRevoke extends CMSServlet { (eeSerialNumber.equals(xcert.getSerialNumber().toString())) && rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", xcert.getSerialNumber().toString(16))); + CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", xcert.getSerialNumber() + .toString(16))); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -529,7 +531,8 @@ public class DoRevoke extends CMSServlet { Vector serialNumbers = new Vector(); if (revokeAll != null && revokeAll.length() > 0) { - for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) { + for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll + .indexOf('=', i)) { if (i > -1) { i++; while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') { @@ -698,7 +701,8 @@ public class DoRevoke extends CMSServlet { // The SVC_PENDING check has been added for the Cloned CA request // that is meant for the Master CA. From Clone's point of view // the request is complete - if ((stat == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { + if ((stat == RequestStatus.COMPLETE) + || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { // audit log the error Integer result = revReq.getExtDataInInteger(IRequest.RESULT); @@ -779,7 +783,8 @@ public class DoRevoke extends CMSServlet { "completed", cert.getSubjectDN(), cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime) } + RevocationReason.fromInt(reason).toString() + " time: " + + (endTime - startTime) } ); } } @@ -839,7 +844,8 @@ public class DoRevoke extends CMSServlet { if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { - CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", updateStatusStr)); + CMS.debug("DoRevoke: " + + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", updateStatusStr)); header.addStringValue(updateStatusStr, "yes"); } else { String updateErrorStr = crl.getCrlUpdateErrorStr(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java index e1d81f30d..259625d14 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java @@ -390,7 +390,8 @@ public class DoRevokeTPS extends CMSServlet { // we do not want to revoke the CA certificate accidentially if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) { - CMS.debug("DoRevokeTPS: skipped revocation request for system certificate " + xcert.getSerialNumber()); + CMS.debug("DoRevokeTPS: skipped revocation request for system certificate " + + xcert.getSerialNumber()); badCertsRequested = true; continue; } @@ -506,7 +507,8 @@ public class DoRevokeTPS extends CMSServlet { // The SVC_PENDING check has been added for the Cloned CA request // that is meant for the Master CA. From Clone's point of view // the request is complete - if ((stat == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { + if ((stat == RequestStatus.COMPLETE) + || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { // audit log the error Integer result = revReq.getExtDataInInteger(IRequest.RESULT); @@ -587,7 +589,8 @@ public class DoRevokeTPS extends CMSServlet { "completed", cert.getSubjectDN(), cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime) } + RevocationReason.fromInt(reason).toString() + " time: " + + (endTime - startTime) } ); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java index e5b3fe808..bafafb8fd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java @@ -292,7 +292,8 @@ public class DoUnrevoke extends CMSServlet { RequestStatus status = unrevReq.getRequestStatus(); String type = unrevReq.getRequestType(); - if ((status == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) && (status == RequestStatus.SVC_PENDING))) { + if ((status == RequestStatus.COMPLETE) + || ((type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) && (status == RequestStatus.SVC_PENDING))) { Integer result = unrevReq.getExtDataInInteger(IRequest.RESULT); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java index 65716c07e..1e18c3c4e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java @@ -296,7 +296,8 @@ public class DoUnrevokeTPS extends CMSServlet { RequestStatus status = unrevReq.getRequestStatus(); String type = unrevReq.getRequestType(); - if ((status == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) && (status == RequestStatus.SVC_PENDING))) { + if ((status == RequestStatus.COMPLETE) + || ((type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) && (status == RequestStatus.SVC_PENDING))) { Integer result = unrevReq.getExtDataInInteger(IRequest.RESULT); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java index 4328c7cbb..ed66f8441 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java @@ -331,7 +331,8 @@ public class EnrollServlet extends CMSServlet { log(ILogger.LL_SECURITY, CMS.getLogMessage("ADMIN_SRVLT_ENROLL_ACCESS_AFTER_SETUP")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REDIRECTING_ADMINENROLL_ERROR", "Attempt to access adminEnroll after already setup.")); + CMS.getUserMessage("CMS_GW_REDIRECTING_ADMINENROLL_ERROR", + "Attempt to access adminEnroll after already setup.")); } processX509(cmsReq); @@ -415,7 +416,8 @@ public class EnrollServlet extends CMSServlet { return true; } - private X509CertInfo[] handleCertAuthDual(X509CertInfo certInfo, IAuthToken authToken, X509Certificate sslClientCert, + private X509CertInfo[] handleCertAuthDual(X509CertInfo certInfo, IAuthToken authToken, + X509Certificate sslClientCert, ICertificateAuthority mCa, String certBasedOldSubjectDN, BigInteger certBasedOldSerialNum) throws EBaseException { @@ -460,7 +462,8 @@ public class EnrollServlet extends CMSServlet { } String filter = - "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; + "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + + "))(certStatus=VALID))"; ICertRecordList list = (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, null, 10); int size = list.getSize(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java index 4d1fe7b93..1acbac7f3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java @@ -205,7 +205,8 @@ public class GetCertFromRequest extends CMSServlet { } } - if (!((r.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) || (r.getRequestType().equals(IRequest.RENEWAL_REQUEST)))) { + if (!((r.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) || (r.getRequestType() + .equals(IRequest.RENEWAL_REQUEST)))) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId)); throw new ECMSGWException( diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java index 4927a4c14..e42150f87 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java @@ -487,7 +487,8 @@ public class HashEnrollServlet extends CMSServlet { } String filter = - "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; + "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + + certBasedOldSerialNum + "))(certStatus=VALID))"; ICertRecordList list = (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, null, 10); @@ -946,7 +947,8 @@ public class HashEnrollServlet extends CMSServlet { // field suggested notBefore and notAfter in CRMF // Tech Support #383184 if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) { - CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter()); + CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), + certTemplate.getNotAfter()); certInfo.set(X509CertInfo.VALIDITY, certValidity); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java index 30e714724..2e6bc228d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java @@ -128,7 +128,8 @@ public class ListCerts extends CMSServlet { sc.getInitParameter(USE_CLIENT_FILTER).equalsIgnoreCase("true")) { mUseClientFilter = true; } - if (sc.getInitParameter(ALLOWED_CLIENT_FILTERS) == null || sc.getInitParameter(ALLOWED_CLIENT_FILTERS).equals("")) { + if (sc.getInitParameter(ALLOWED_CLIENT_FILTERS) == null + || sc.getInitParameter(ALLOWED_CLIENT_FILTERS).equals("")) { mAllowedClientFilters.addElement("(certStatus=*)"); mAllowedClientFilters.addElement("(certStatus=VALID)"); mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"); @@ -152,12 +153,14 @@ public class ListCerts extends CMSServlet { // check to see if the filter is allowed while (filters.hasMoreElements()) { String filter = (String) filters.nextElement(); - com.netscape.certsrv.apps.CMS.debug("Comparing filter=" + filter + " queryCertFilter=" + queryCertFilter); + com.netscape.certsrv.apps.CMS.debug("Comparing filter=" + filter + " queryCertFilter=" + + queryCertFilter); if (filter.equals(queryCertFilter)) { return queryCertFilter; } } - com.netscape.certsrv.apps.CMS.debug("Requested filter '" + queryCertFilter + "' is not allowed. Please check the " + ALLOWED_CLIENT_FILTERS + "parameter"); + com.netscape.certsrv.apps.CMS.debug("Requested filter '" + queryCertFilter + + "' is not allowed. Please check the " + ALLOWED_CLIENT_FILTERS + "parameter"); return null; } else { com.netscape.certsrv.apps.CMS.debug("useClientFilter=false"); @@ -315,7 +318,8 @@ public class ListCerts extends CMSServlet { } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, com.netscape.certsrv.apps.CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException(com.netscape.certsrv.apps.CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(com.netscape.certsrv.apps.CMS.getUserMessage(getLocale(req), + "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java index 7db6ac930..bbe8a479e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java @@ -608,7 +608,8 @@ public class SrchCerts extends CMSServlet { CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits); timeLimit = mTimeLimits; } - CMS.debug("Start searching ... " + "filter=" + filter + " maxreturns=" + maxResults + " timelimit=" + timeLimit); + CMS.debug("Start searching ... " + "filter=" + filter + " maxreturns=" + maxResults + " timelimit=" + + timeLimit); Enumeration e = mCertDB.searchCertificates(filter, maxResults, timeLimit); int count = 0; diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java index 1abba1719..9d3e633d2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java @@ -481,7 +481,8 @@ public class UpdateCRL extends CMSServlet { crlIssuingPoint.getCRLNumber(), crlIssuingPoint.getLastUpdate(), crlIssuingPoint.getNextUpdate(), - Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime) } + Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + + (endTime - startTime) } ); } else { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, @@ -495,7 +496,8 @@ public class UpdateCRL extends CMSServlet { crlIssuingPoint.getCRLNumber(), crlIssuingPoint.getLastUpdate(), "not set", - Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime) } + Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + + (endTime - startTime) } ); } } catch (EBaseException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java index 27de7b285..10330501b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java @@ -488,7 +488,8 @@ public class UpdateDir extends CMSServlet { i++; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_PUBLISH_CERT", certRecord.getSerialNumber().toString(16), + CMS.getLogMessage("CMSGW_FAIL_PUBLISH_CERT", + certRecord.getSerialNumber().toString(16), e.toString())); validCertsError += "Failed to publish certificate: 0x" + diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java index 653ffb703..75ec99e13 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java @@ -697,7 +697,8 @@ public class CRSEnrollment extends HttpServlet { if (attr.getName().equals(ChallengePassword.NAME)) { if (attr.get(ChallengePassword.PASSWORD) != null) { pkcs10Attr = pkcs10Attr + - "<ChallengePassword><Password>" + (String) attr.get(ChallengePassword.PASSWORD) + "</Password></ChallengePassword>"; + "<ChallengePassword><Password>" + + (String) attr.get(ChallengePassword.PASSWORD) + "</Password></ChallengePassword>"; } } @@ -1306,7 +1307,9 @@ public class CRSEnrollment extends HttpServlet { } } catch (Exception sne) { - log(ILogger.LL_INFO, "Unable to use appendDN parameter: " + mAppendDN + ". Error is " + sne.getMessage() + " Using unmodified subjectname"); + log(ILogger.LL_INFO, + "Unable to use appendDN parameter: " + mAppendDN + ". Error is " + sne.getMessage() + + " Using unmodified subjectname"); } if (subject != null) @@ -1987,7 +1990,8 @@ public class CRSEnrollment extends HttpServlet { BIT_STRING bs = (BIT_STRING) outerSeq.elementAt(1); byte[] encPubKey = bs.getBits(); if (bs.getPadCount() != 0) { - throw new CryptoContextException("Internal error: Invalid Public key. Not an integral number of bytes."); + throw new CryptoContextException( + "Internal error: Invalid Public key. Not an integral number of bytes."); } SEQUENCE.Template inner = new SEQUENCE.Template(); inner.addElement(INTEGER.getTemplate()); @@ -2004,7 +2008,8 @@ public class CRSEnrollment extends HttpServlet { } } catch (InvalidBERException e) { - throw new CryptoContextException("Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate"); + throw new CryptoContextException( + "Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate"); } catch (CryptoManager.NotInitializedException e) { throw new CryptoContextException("Crypto Manager not initialized"); } catch (NoSuchAlgorithmException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java index a906ba43a..25f062657 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java @@ -778,10 +778,12 @@ public class CMCOutputTemplate { SignedData msgData = (SignedData) msgValue.decodeWith(SignedData.getTemplate()); if (!verifyRevRequestSignature(msgData)) { - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER( + OtherInfo.BAD_MESSAGE_CHECK), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, + (String) null, otherInfo); tagattr = new TaggedAttribute( new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); @@ -823,7 +825,8 @@ public class CMCOutputTemplate { if (!sharedSecretFound) { CMS.debug("CMCOutputTemplate: class for shared secret was not found."); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), + null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); @@ -842,7 +845,8 @@ public class CMCOutputTemplate { if (sharedSecret == null) { CMS.debug("CMCOutputTemplate: class for shared secret was not found."); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), + null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); @@ -860,7 +864,8 @@ public class CMCOutputTemplate { revoke = true; } else { CMS.debug("CMCOutputTemplate: Both client and server shared secret are not the same, cant revoke certificate."); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), + null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); @@ -924,7 +929,8 @@ public class CMCOutputTemplate { entryExtn.set(crlReasonExtn.getName(), crlReasonExtn); } - RevokedCertImpl revCertImpl = new RevokedCertImpl(impl.getSerialNumber(), CMS.getCurrentDate(), entryExtn); + RevokedCertImpl revCertImpl = new RevokedCertImpl(impl.getSerialNumber(), CMS.getCurrentDate(), + entryExtn); RevokedCertImpl[] revCertImpls = new RevokedCertImpl[1]; revCertImpls[0] = revCertImpl; IRequestQueue queue = ca.getRequestQueue(); @@ -944,10 +950,12 @@ public class CMCOutputTemplate { if (result.equals(IRequest.RES_ERROR)) { CMS.debug("CMCOutputTemplate: revReq exception: " + revReq.getExtDataInString(IRequest.ERROR)); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_REQUEST), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_REQUEST), + null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, + otherInfo); tagattr = new TaggedAttribute( new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); @@ -1072,7 +1080,8 @@ public class CMCOutputTemplate { Name issuer = certI.getIssuer(); byte[] issuerB = ASN1Util.encode(issuer); INTEGER sn = certI.getSerialNumber(); - if (new String(issuerB).equalsIgnoreCase(new String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) && + if (new String(issuerB).equalsIgnoreCase(new String(ASN1Util.encode(issuerAndSerialNumber + .getIssuer()))) && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { ByteArrayOutputStream os = new ByteArrayOutputStream(); certJss.encode(os); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java index 8482e71bf..16c5e6c65 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java @@ -249,7 +249,12 @@ public class AdminAuthenticatePanel extends WizardPanelBase { c1.append(",preop.ca.hostname,preop.ca.httpport,preop.ca.httpsport,preop.ca.list,preop.ca.pkcs7,preop.ca.type"); } - String content = "uid=" + uid + "&pwd=" + pwd + "&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + c1.toString() + "&substores=" + s1.toString(); + String content = "uid=" + + uid + + "&pwd=" + + pwd + + "&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + + c1.toString() + "&substores=" + s1.toString(); boolean success = updateConfigEntries(host, httpsport, true, "/" + cstype + "/admin/" + cstype + "/getConfigEntries", content, config, diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java index 871177a17..d8d841e39 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java @@ -481,7 +481,8 @@ public class AdminPanel extends WizardPanelBase { String session_id = CMS.getConfigSDSessionId(); String subjectDN = HttpInput.getString(request, "subject"); - String content = "profileId=" + profileId + "&cert_request_type=" + cert_request_type + "&cert_request=" + cert_request + "&xmlOutput=true&sessionID=" + session_id + "&subject=" + subjectDN; + String content = "profileId=" + profileId + "&cert_request_type=" + cert_request_type + "&cert_request=" + + cert_request + "&xmlOutput=true&sessionID=" + session_id + "&subject=" + subjectDN; HttpClient httpclient = new HttpClient(); String c = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java index f80957d1e..ccaa78e0b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java @@ -282,7 +282,8 @@ public class CAInfoPanel extends WizardPanelBase { } } - private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { + private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) + throws IOException { CMS.debug("CAInfoPanel update: this is the CA in the security domain."); IConfigStore config = CMS.getConfigStore(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java index 72e145d69..f73e44c18 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java @@ -126,8 +126,10 @@ public class CertRequestPanel extends WizardPanelBase { return true; } catch (Exception ee) { if (hardware) { - CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: " + fullnickname + " has been found on HSM. Please remove it before proceeding."); - throw new IOException("The certificate with the same nickname: " + fullnickname + " has been found on HSM. Please remove it before proceeding."); + CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: " + + fullnickname + " has been found on HSM. Please remove it before proceeding."); + throw new IOException("The certificate with the same nickname: " + fullnickname + + " has been found on HSM. Please remove it before proceeding."); } return true; } @@ -210,7 +212,8 @@ public class CertRequestPanel extends WizardPanelBase { CMS.debug("CertRequestPanel cleanup: deleting certificate (" + nickname + ")."); deleteCert(tokenname, nickname); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" + nickname + "). Exception: " + e.toString()); + CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" + nickname + "). Exception: " + + e.toString()); } } } @@ -625,7 +628,8 @@ public class CertRequestPanel extends WizardPanelBase { if (/*(certchains.length <= 1) &&*/ (b64chain != null && b64chain.length() != 0)) { - CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + b64chain); + CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + + b64chain); try { CryptoUtil.importCertificateChain( CryptoUtil.normalizeCertAndReq(b64chain)); @@ -731,7 +735,8 @@ public class CertRequestPanel extends WizardPanelBase { ic.setSSLTrust(InternalCertificate.USER); ic.setEmailTrust(InternalCertificate.USER); if (tag.equals("audit_signing")) { - ic.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER); + ic.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER + | InternalCertificate.TRUSTED_PEER); } else { ic.setObjectSigningTrust(InternalCertificate.USER); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java index f87af9bda..5e1bd5e80 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java @@ -203,7 +203,8 @@ public class CertUtil { /* * create requests so renewal can work on these initial certs */ - public static IRequest createLocalRequest(IRequestQueue queue, String serialNum, X509CertInfo info) throws EBaseException { + public static IRequest createLocalRequest(IRequestQueue queue, String serialNum, X509CertInfo info) + throws EBaseException { // RequestId rid = new RequestId(serialNum); // just need a request, no need to get into a queue // IRequest r = new EnrollmentRequest(rid); @@ -237,7 +238,8 @@ public class CertUtil { * update local cert request with the actual request * called from CertRequestPanel.java */ - public static void updateLocalRequest(IConfigStore config, String certTag, String certReq, String reqType, String subjectName) { + public static void updateLocalRequest(IConfigStore config, String certTag, String certReq, String reqType, + String subjectName) { try { CMS.debug("Updating local request... certTag=" + certTag); RequestId rid = new RequestId(config.getString("preop.cert." + certTag + ".reqId")); @@ -641,7 +643,8 @@ public class CertUtil { try { privKey = cm.findPrivKeyByCert(cert); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" + fullnickname + ") exception: " + e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" + fullnickname + ") exception: " + + e.toString()); return false; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java index d3867e52e..bd3a31770 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java @@ -581,7 +581,8 @@ public class DatabasePanel extends WizardPanelBase { if (foundDatabase) { CMS.debug("DatabasePanel update: This database has already been used."); if (remove == null) { - throw new IOException("This database has already been used. Select the checkbox below to remove all data and reuse this database"); + throw new IOException( + "This database has already been used. Select the checkbox below to remove all data and reuse this database"); } else { CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN"); cleanupDB(conn, baseDN, database); @@ -593,7 +594,10 @@ public class DatabasePanel extends WizardPanelBase { if (foundBaseDN) { CMS.debug("DatabasePanel update: This base DN has already been used."); if (remove == null) { - throw new IOException("This base DN (" + baseDN + ") has already been used. Select the checkbox below to remove all data and reuse this base DN"); + throw new IOException( + "This base DN (" + + baseDN + + ") has already been used. Select the checkbox below to remove all data and reuse this base DN"); } else { CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN"); cleanupDB(conn, baseDN, database); @@ -676,7 +680,8 @@ public class DatabasePanel extends WizardPanelBase { if (!foundBaseDN) { if (!testing) { - context.put("errorString", "Base DN was not found. Please make sure to create the suffix in the internal database."); + context.put("errorString", + "Base DN was not found. Please make sure to create the suffix in the internal database."); throw new IOException("Base DN not found"); } @@ -1030,7 +1035,8 @@ public class DatabasePanel extends WizardPanelBase { // setup replication after indexes have been created if (select.equals("clone")) { CMS.debug("Start setting up replication."); - setupReplication(request, context, (secure.equals("on") ? "true" : "false"), (cloneStartTLS.equals("on") ? "true" : "false")); + setupReplication(request, context, (secure.equals("on") ? "true" : "false"), + (cloneStartTLS.equals("on") ? "true" : "false")); CMS.debug("Finish setting up replication."); try { @@ -1164,10 +1170,12 @@ public class DatabasePanel extends WizardPanelBase { CMS.debug("DatabasePanel setupReplication: Finished enabling replication"); createReplicationAgreement(replicadn, conn1, masterAgreementName, - master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, cloneStartTLS); + master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, + cloneStartTLS); createReplicationAgreement(replicadn, conn2, cloneAgreementName, - master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, cloneStartTLS); + master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, + cloneStartTLS); // initialize consumer initializeConsumer(replicadn, conn1, masterAgreementName); @@ -1230,7 +1238,8 @@ public class DatabasePanel extends WizardPanelBase { } return; } else { - CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: " + e.toString()); + CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: " + + e.toString()); throw e; } } @@ -1309,7 +1318,8 @@ public class DatabasePanel extends WizardPanelBase { } return id; } else { - CMS.debug("DatabasePanel enableReplication: Failed to create " + replicadn + " entry. Exception: " + e.toString()); + CMS.debug("DatabasePanel enableReplication: Failed to create " + replicadn + " entry. Exception: " + + e.toString()); return id; } } @@ -1320,7 +1330,8 @@ public class DatabasePanel extends WizardPanelBase { private void createReplicationAgreement(String replicadn, LDAPConnection conn, String name, String replicahost, int replicaport, - String replicapwd, String basedn, String bindUser, String secure, String cloneStartTLS) throws LDAPException { + String replicapwd, String basedn, String bindUser, String secure, String cloneStartTLS) + throws LDAPException { String dn = "cn=" + name + "," + replicadn; CMS.debug("DatabasePanel createReplicationAgreement: dn: " + dn); LDAPEntry entry = null; @@ -1367,7 +1378,8 @@ public class DatabasePanel extends WizardPanelBase { throw ee; } } else { - CMS.debug("DatabasePanel createReplicationAgreement: Failed to create " + dn + " entry. Exception: " + e.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: Failed to create " + dn + " entry. Exception: " + + e.toString()); throw e; } } @@ -1379,7 +1391,8 @@ public class DatabasePanel extends WizardPanelBase { String name) { String dn = "cn=" + name + "," + replicadn; CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: " + dn); - CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: " + conn.getHost() + " port: " + conn.getPort()); + CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: " + conn.getHost() + " port: " + + conn.getPort()); try { LDAPAttribute attr = new LDAPAttribute("nsds5beginreplicarefresh", "start"); @@ -1474,7 +1487,8 @@ public class DatabasePanel extends WizardPanelBase { try { String filter = "(objectclass=*)"; String[] attrs = { "nsslapd-directory" }; - LDAPSearchResults results = conn.search("cn=config,cn=ldbm database,cn=plugins,cn=config", LDAPv3.SCOPE_SUB, + LDAPSearchResults results = conn.search("cn=config,cn=ldbm database,cn=plugins,cn=config", + LDAPv3.SCOPE_SUB, filter, attrs, false); while (results.hasMoreElements()) { @@ -1498,7 +1512,8 @@ public class DatabasePanel extends WizardPanelBase { } } } catch (LDAPException e) { - CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: " + e.toString()); + CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: " + + e.toString()); } return instancedir; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java index d72984d22..c24992cb4 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java @@ -195,9 +195,11 @@ public class DisplayCertChainPanel extends WizardPanelBase { String cs_hostname = cs.getString("machineName", ""); int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1); String subsystem = cs.getString("cs.type", ""); - String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem) + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem; + String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem) + + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem; String encodedValue = URLEncoder.encode(urlVal, "UTF-8"); - String sdurl = "https://" + sd_hostname + ":" + sd_port + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue; + String sdurl = "https://" + sd_hostname + ":" + sd_port + "/ca/admin/ca/securityDomainLogin?url=" + + encodedValue; response.sendRedirect(sdurl); // The user previously specified the CA Security Domain's diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java index b330b705d..388570531 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java @@ -495,12 +495,14 @@ public class DonePanel extends WizardPanelBase { } else { serialdn = "ou=keyRepository,ou=" + type.toLowerCase() + "," + basedn; } - LDAPAttribute attrSerialNextRange = new LDAPAttribute("nextRange", endSerialNum.add(oneNum).toString()); + LDAPAttribute attrSerialNextRange = new LDAPAttribute("nextRange", endSerialNum.add(oneNum) + .toString()); LDAPModification serialmod = new LDAPModification(LDAPModification.REPLACE, attrSerialNextRange); conn.modify(serialdn, serialmod); String requestdn = "ou=" + type.toLowerCase() + ",ou=requests," + basedn; - LDAPAttribute attrRequestNextRange = new LDAPAttribute("nextRange", endRequestNum.add(oneNum).toString()); + LDAPAttribute attrRequestNextRange = new LDAPAttribute("nextRange", endRequestNum.add(oneNum) + .toString()); LDAPModification requestmod = new LDAPModification(LDAPModification.REPLACE, attrRequestNextRange); conn.modify(requestdn, requestmod); @@ -540,9 +542,12 @@ public class DonePanel extends WizardPanelBase { cs.putString("cloning." + ss + ".keytype", cs.getString("preop.cert." + ss + ".keytype", "")); cs.putString("cloning." + ss + ".keyalgorithm", cs.getString("preop.cert." + ss + ".keyalgorithm", "")); cs.putString("cloning." + ss + ".privkey.id", cs.getString("preop.cert." + ss + ".privkey.id", "")); - cs.putString("cloning." + ss + ".pubkey.exponent", cs.getString("preop.cert." + ss + ".pubkey.exponent", "")); - cs.putString("cloning." + ss + ".pubkey.modulus", cs.getString("preop.cert." + ss + ".pubkey.modulus", "")); - cs.putString("cloning." + ss + ".pubkey.encoded", cs.getString("preop.cert." + ss + ".pubkey.encoded", "")); + cs.putString("cloning." + ss + ".pubkey.exponent", + cs.getString("preop.cert." + ss + ".pubkey.exponent", "")); + cs.putString("cloning." + ss + ".pubkey.modulus", + cs.getString("preop.cert." + ss + ".pubkey.modulus", "")); + cs.putString("cloning." + ss + ".pubkey.encoded", + cs.getString("preop.cert." + ss + ".pubkey.encoded", "")); } cs.putString("cloning.module.token", cs.getString("preop.module.token", "")); cs.putString("cloning.list", list); @@ -772,7 +777,12 @@ public class DonePanel extends WizardPanelBase { } else { CMS.debug("DonePanel: Transport certificate is being setup in " + url); String session_id = CMS.getConfigSDSessionId(); - String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host=" + ownagenthost + "&ca.connector.KRA.port=" + ownagentsport + "&ca.connector.KRA.transportCert=" + URLEncoder.encode(transportCert) + "&sessionID=" + session_id; + String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host=" + + ownagenthost + + "&ca.connector.KRA.port=" + + ownagentsport + + "&ca.connector.KRA.transportCert=" + + URLEncoder.encode(transportCert) + "&sessionID=" + session_id; updateConnectorInfo(host, port, true, content); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java index 9a220032e..36ced4879 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java @@ -296,7 +296,8 @@ public class ImportAdminCertPanel extends WizardPanelBase { user.setX509Certificates(certs); ug.addUserCert(user); } catch (LDAPException e) { - CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: " + e.toString()); + CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: " + + e.toString()); if (e.getLDAPResultCode() != LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { context.put("updateStatus", "failure"); throw new IOException(e.toString()); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java index 63b9aaf1c..b8e1816f1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java @@ -78,7 +78,8 @@ public class LDAPSecurityDomainSessionTable entry = new LDAPEntry(sessionsdn, attrs); conn.add(entry); } catch (Exception e) { - if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) { + if ((e instanceof LDAPException) + && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) { // continue } else { CMS.debug("SecurityDomainSessionTable: unable to create ou=sessions:" + e); @@ -129,7 +130,8 @@ public class LDAPSecurityDomainSessionTable conn.delete(dn); status = SUCCESS; } catch (Exception e) { - if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)) { + if ((e instanceof LDAPException) + && (((LDAPException) e).getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)) { // continue } else { CMS.debug("SecurityDomainSessionTable: unable to delete session " + sessionId + ": " + e); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java index 1a1fccdf9..4f6df0f0b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java @@ -491,7 +491,9 @@ public class NamePanel extends WizardPanelBase { String machineName = config.getString("machineName", ""); String securePort = config.getString("service.securePort", ""); if (certTag.equals("subsystem")) { - String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8") + "&xmlOutput=true&sessionID=" + session_id; + String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId=" + + profileId + "&cert_request_type=pkcs10&cert_request=" + + URLEncoder.encode(pkcs10, "UTF-8") + "&xmlOutput=true&sessionID=" + session_id; cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port, content, response, this); if (cert == null) { @@ -506,7 +508,9 @@ public class NamePanel extends WizardPanelBase { } catch (Exception ee) { } - String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8") + "&xmlOutput=true&sessionID=" + session_id; + String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId=" + + profileId + "&cert_request_type=pkcs10&cert_request=" + + URLEncoder.encode(pkcs10, "UTF-8") + "&xmlOutput=true&sessionID=" + session_id; cert = CertUtil.createRemoteCert(ca_hostname, ca_port, content, response, this); if (cert == null) { @@ -647,7 +651,8 @@ public class NamePanel extends WizardPanelBase { config.commit(false); } } catch (Exception e) { - CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + ct + ": " + e.toString()); + CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + ct + ": " + + e.toString()); } configCert(request, response, context, cert); @@ -887,7 +892,8 @@ public class NamePanel extends WizardPanelBase { CMS.debug("NamePanel: update() done"); } - private void updateCloneSDCAInfo(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { + private void updateCloneSDCAInfo(HttpServletRequest request, Context context, String hostname, String httpsPortStr) + throws IOException { CMS.debug("NamePanel updateCloneSDCAInfo: selected CA hostname=" + hostname + " port=" + httpsPortStr); String https_admin_port = ""; IConfigStore config = CMS.getConfigStore(); @@ -920,7 +926,8 @@ public class NamePanel extends WizardPanelBase { config.putString("preop.ca.httpsadminport", https_admin_port); } - private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { + private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) + throws IOException { CMS.debug("NamePanel update: this is the CA in the security domain."); CMS.debug("NamePanel update: selected CA hostname=" + hostname + " port=" + httpsPortStr); String https_admin_port = ""; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java index cc62fede0..dde150485 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java @@ -456,7 +456,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase { s1.append("ca.connector.KRA"); } - content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + c1.toString() + "&substores=" + s1.toString() + "&xmlOutput=true&sessionID=" + session_id; + content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + + c1.toString() + "&substores=" + s1.toString() + "&xmlOutput=true&sessionID=" + session_id; boolean success = updateConfigEntries(master_hostname, master_port, true, "/" + cstype + "/admin/" + cstype + "/getConfigEntries", content, config, response); if (!success) { @@ -561,7 +562,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase { KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); wrapper.initUnwrap(sk, param); - org.mozilla.jss.crypto.PrivateKey pp = wrapper.unwrapPrivate(encpkey, getPrivateKeyType(publickey), publickey); + org.mozilla.jss.crypto.PrivateKey pp = wrapper.unwrapPrivate(encpkey, getPrivateKeyType(publickey), + publickey); } catch (Exception e) { CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" + e.toString()); @@ -602,7 +604,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase { | InternalCertificate.VALID_CA); } else if (name.startsWith("auditSigningCert")) { InternalCertificate icert = (InternalCertificate) xcert; - icert.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER); + icert.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER + | InternalCertificate.TRUSTED_PEER); } } else cm.importCACertPackage(cert); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java index a008d259b..c4329bda2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java @@ -70,8 +70,10 @@ public class SizePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, - "default,custom", null, /* no default parameter */ + Descriptor choiceDesc = new Descriptor( + IDescriptor.CHOICE, + "default,custom", + null, /* no default parameter */ "If 'default', the key size will be configured automatically. If 'custom', the key size will be set to the value of the parameter 'custom_size'."); set.add("choice", choiceDesc); @@ -464,7 +466,8 @@ public class SizePanel extends WizardPanelBase { } public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct) - throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException { + throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, + CryptoManager.NotInitializedException { CMS.debug("Generating ECC key pair with curvename=" + curveName + ", token=" + token); KeyPair pair = null; @@ -542,7 +545,8 @@ public class SizePanel extends WizardPanelBase { } public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct) - throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException { + throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, + CryptoManager.NotInitializedException { /* generate key pair */ KeyPair pair = null; do { @@ -621,7 +625,8 @@ public class SizePanel extends WizardPanelBase { s = config.getString("preop.ecc.algorithm.list", "SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC"); context.put("ecclist", s); - s = config.getString("preop.rsa.algorithm.list", "SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA"); + s = config.getString("preop.rsa.algorithm.list", + "SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA"); context.put("rsalist", s); s = config.getString("keys.ecc.curve.list", "nistp256"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java index c7910bc80..7b381383b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java @@ -1133,7 +1133,8 @@ public class WizardPanelBase implements IWizardPanel { Vector v_admin_port = parser.getValuesFromContainer(nodeList.item(i), "SecureAdminPort"); - if (v_host.elementAt(0).equals(hostname) && v_admin_port.elementAt(0).equals(new Integer(httpsadminport).toString())) { + if (v_host.elementAt(0).equals(hostname) + && v_admin_port.elementAt(0).equals(new Integer(httpsadminport).toString())) { // add security domain CA to the beginning of list v.add(0, v_name.elementAt(0) + " - https://" @@ -1629,7 +1630,8 @@ public class WizardPanelBase implements IWizardPanel { int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1); int panel = getPanelNo(); String subsystem = cs.getString("cs.type", ""); - String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem) + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem; + String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem) + + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem; String encodedValue = URLEncoder.encode(urlVal, "UTF-8"); String sdurl = "https://" + hostname + ":" + port + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue; response.sendRedirect(sdurl); diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java index 4c734cee4..fbb5ce49f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java @@ -191,7 +191,8 @@ public class CheckCertServlet extends CMSServlet { } catch (Exception e) { header.addStringValue(ATTR_STATUS, STATUS_UNKNOWN); } - log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Checked Certificate Status " + cert.getIssuerDN().getName() + " " + cert.getSerialNumber().toString()); + log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Checked Certificate Status " + cert.getIssuerDN().getName() + " " + + cert.getSerialNumber().toString()); try { ServletOutputStream out = resp.getOutputStream(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java index f2b3f57a2..81d34a65d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java @@ -117,7 +117,8 @@ public class CMCProcessor extends PKIProcessor { org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); - if (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || !cmcReq.hasContent()) + if (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) + || !cmcReq.hasContent()) throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); SignedData cmcFullReq = (SignedData) @@ -304,7 +305,8 @@ public class CMCProcessor extends PKIProcessor { PublicKey signKey = null; while (signKey == null && j < numReqs) { - X509Key subjectKeyInfo = (X509Key) ((CertificateX509Key) certInfoArray[j].get(X509CertInfo.KEY)).get(CertificateX509Key.KEY); + X509Key subjectKeyInfo = (X509Key) ((CertificateX509Key) certInfoArray[j].get(X509CertInfo.KEY)) + .get(CertificateX509Key.KEY); MessageDigest md = MessageDigest.getInstance("SHA-1"); md.update(subjectKeyInfo.getEncoded()); diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java index dcfb3eaee..ea0358dbb 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java @@ -195,7 +195,8 @@ public class CRMFProcessor extends PKIProcessor { // field suggested notBefore and notAfter in CRMF // Tech Support #383184 if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) { - CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter()); + CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), + certTemplate.getNotAfter()); certInfo.set(X509CertInfo.VALIDITY, certValidity); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java index 3a2a91dae..d1ee896a7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java @@ -140,7 +140,8 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { } - private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, IProfileContext ctx) { + private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, + IProfileContext ctx) { Enumeration authIds = authenticator.getValueNames(); if (authIds != null) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java index ad52d17a7..144823a26 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java @@ -191,7 +191,8 @@ public class ProfileSubmitServlet extends ProfileServlet { } - private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, IProfileContext ctx) { + private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, + IProfileContext ctx) { Enumeration authIds = authenticator.getValueNames(); if (authIds != null) { @@ -343,7 +344,8 @@ public class ProfileSubmitServlet extends ProfileServlet { if (request.getParameter(inputName) != null) { // special characters in subject names parameters must be escaped if (inputName.matches("^sn_.*")) { - req.setExtData(inputName, escapeValueRfc1779(request.getParameter(inputName), false).toString()); + req.setExtData(inputName, escapeValueRfc1779(request.getParameter(inputName), false) + .toString()); } else { req.setExtData(inputName, request.getParameter(inputName)); } @@ -713,17 +715,21 @@ public class ProfileSubmitServlet extends ProfileServlet { } ICertRecord rec = (ICertRecord) certDB.readCertificateRecord(certSerial); if (rec == null) { - CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number " + certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number " + + certSerial.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } else { - CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:" + certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:" + + certSerial.toString()); // check to see if the cert is revoked or revoked_expired - if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) || (rec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED))) { - CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = " + certSerial.toString()); + if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) + || (rec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED))) { + CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = " + + certSerial.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_CA_CANNOT_RENEW_REVOKED_CERT", certSerial.toString())); @@ -766,7 +772,8 @@ public class ProfileSubmitServlet extends ProfileServlet { origSeqNum = origReq.getExtDataInInteger(IEnrollProfile.REQUEST_SEQ_NUM); } else { //if origReq - CMS.debug("ProfileSubmitServlet: renewal original request not found for request id " + rid); + CMS.debug("ProfileSubmitServlet: renewal original request not found for request id " + + rid); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -774,7 +781,8 @@ public class ProfileSubmitServlet extends ProfileServlet { return; } } else { - CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number " + certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number " + + certSerial.toString()); CMS.debug("ProfileSubmitServlet: renewal: cert may be bootstrapped system cert during installation/configuration - no request record exists"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, @@ -783,7 +791,8 @@ public class ProfileSubmitServlet extends ProfileServlet { return; } } else { - CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number " + certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number " + + certSerial.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -1188,7 +1197,8 @@ public class ProfileSubmitServlet extends ProfileServlet { // no profile set found CMS.debug("ProfileSubmitServlet: no profile policy set found"); if (xmlOutput) { - outputError(response, FAILED, CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"), reqs[k].getRequestId().toString()); + outputError(response, FAILED, CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"), reqs[k] + .getRequestId().toString()); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, @@ -1237,7 +1247,8 @@ public class ProfileSubmitServlet extends ProfileServlet { // throw new IOException("Profile " + profileId + // " cannot populate"); if (xmlOutput) { - outputError(response, FAILED, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"), reqs[k].getRequestId().toString()); + outputError(response, FAILED, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"), reqs[k] + .getRequestId().toString()); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java index 51bb2af18..812a0318d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java @@ -444,7 +444,8 @@ public class CertReqParser extends ReqParser { (CertificateValidity) certInfo[0].get(X509CertInfo.VALIDITY); if (validity != null) { - long validityLength = (((Date) validity.get(CertificateValidity.NOT_AFTER)).getTime() - ((Date) validity.get(CertificateValidity.NOT_BEFORE)).getTime()) / 1000; + long validityLength = (((Date) validity.get(CertificateValidity.NOT_AFTER)).getTime() - ((Date) validity + .get(CertificateValidity.NOT_BEFORE)).getTime()) / 1000; arg.addLongValue("validityLength", validityLength); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java index 001fab7f5..6522bdf45 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java @@ -493,21 +493,24 @@ public class CheckRequest extends CMSServlet { x509cert = ((IRegistrationAuthority) mAuthority).getRACert(); } if (x509cert == null) - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "No signing cert found.")); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", + "No signing cert found.")); X509CertImpl cert = new X509CertImpl(x509cert.getEncoded()); ByteArrayInputStream issuer1 = new ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded()); Name issuer = (Name) Name.getTemplate().decode(issuer1); IssuerAndSerialNumber ias = new - IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString())); + IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber() + .toString())); SignerIdentifier si = new SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); // SHA1 is the default digest Alg for now. DigestAlgorithm digestAlg = null; SignatureAlgorithm signAlg = null; - org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance().findPrivKeyByCert(x509cert); + org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance() + .findPrivKeyByCert(x509cert); org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType(); if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA)) @@ -562,7 +565,8 @@ public class CheckRequest extends CMSServlet { SignedData(digestAlgs, ci, jsscerts, null, signInfos); org.mozilla.jss.pkix.cms.ContentInfo fullResponse = new - org.mozilla.jss.pkix.cms.ContentInfo(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, fResponse); + org.mozilla.jss.pkix.cms.ContentInfo( + org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, fResponse); ByteArrayOutputStream ostream = new ByteArrayOutputStream(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java index ef016ed32..7a63e1a11 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java @@ -656,7 +656,8 @@ public class ProcessCertReq extends CMSServlet { updateNSExtension(req, nsExtensions); } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_NETSCAPE_EXTENSION", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_PROCESS_NETSCAPE_EXTENSION", e.toString())); } String pathLength = req.getParameter("pathLenConstraint"); @@ -685,9 +686,13 @@ public class ProcessCertReq extends CMSServlet { } } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION", + e.toString())); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION", + e.toString())); } } @@ -746,7 +751,9 @@ public class ProcessCertReq extends CMSServlet { } catch (Exception e1) { } // create extension - PresenceServerExtension pseExt = new PresenceServerExtension(Critical, Version, StreetAddress, TelephoneNumber, RFC822Name, IMID, HostName, PortNumber, MaxUsers, ServiceLevel); + PresenceServerExtension pseExt = new PresenceServerExtension(Critical, Version, + StreetAddress, TelephoneNumber, RFC822Name, IMID, HostName, PortNumber, + MaxUsers, ServiceLevel); extensions.set(pseExt.getExtensionId().toString(), pseExt); } @@ -925,7 +932,8 @@ public class ProcessCertReq extends CMSServlet { "completed", issuedCerts[i].getSubjectDN(), "cert issued serial number: 0x" + - issuedCerts[i].getSerialNumber().toString(16) + " time: " + (endTime - startTime) } + issuedCerts[i].getSerialNumber().toString(16) + " time: " + + (endTime - startTime) } ); // store a message in the signed audit log file diff --git a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java index 3a6dda643..715a2baf8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java @@ -396,8 +396,10 @@ public class TokenServlet extends CMSServlet { try { - byte macKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".mac_key")); - CMS.debug("TokenServlet about to try ComputeSessionKey selectedToken=" + selectedToken + " keyNickName=" + keyNickName); + byte macKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + + keySet + ".mac_key")); + CMS.debug("TokenServlet about to try ComputeSessionKey selectedToken=" + selectedToken + + " keyNickName=" + keyNickName); session_key = SessionKey.ComputeSessionKey( selectedToken, keyNickName, card_challenge, host_challenge, keyInfo, CUID, macKeyArray, useSoftToken_s, keySet, transportKeyName); @@ -408,7 +410,8 @@ public class TokenServlet extends CMSServlet { } - byte encKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key")); + byte encKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + + keySet + ".auth_key")); enc_session_key = SessionKey.ComputeEncSessionKey( selectedToken, keyNickName, card_challenge, host_challenge, keyInfo, CUID, encKeyArray, useSoftToken_s, keySet); @@ -430,7 +433,8 @@ public class TokenServlet extends CMSServlet { **/ CMS.debug("TokenServlet: calling ComputeKekKey"); - byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); + byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + + keySet + ".kek_key")); kek_key = SessionKey.ComputeKekKey( selectedToken, keyNickName, card_challenge, @@ -541,7 +545,8 @@ public class TokenServlet extends CMSServlet { } // if (serversideKeygen == true) - byte authKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key")); + byte authKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + + keySet + ".auth_key")); host_cryptogram = SessionKey.ComputeCryptogram( selectedToken, keyNickName, card_challenge, host_challenge, keyInfo, CUID, 0, authKeyArray, useSoftToken_s, keySet); @@ -864,7 +869,8 @@ public class TokenServlet extends CMSServlet { " oldKeyNickName=" + oldKeyNickName + " newKeyNickName=" + newKeyNickName); - byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); + byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + + ".kek_key")); KeySetData = SessionKey.DiversifyKey(oldSelectedToken, newSelectedToken, oldKeyNickName, newKeyNickName, rnewKeyInfo, CUID, kekKeyArray, useSoftToken_s, keySet); @@ -1068,7 +1074,8 @@ public class TokenServlet extends CMSServlet { keyNickName = st.nextToken(); } - byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); + byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + + ".kek_key")); encryptedData = SessionKey.EncryptData( selectedToken, keyNickName, data, keyInfo, CUID, kekKeyArray, useSoftToken_s, keySet); diff --git a/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java b/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java index 352dd8415..7f85b6040 100644 --- a/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java +++ b/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java @@ -291,7 +291,8 @@ public class CMSEngine implements ICMSEngine { try { mPasswordStore = (IPasswordStore) Class.forName(pwdClass).newInstance(); } catch (Exception e) { - CMS.debug("CMSEngine: getPasswordStore(): password store initialization failure:" + e.toString()); + CMS.debug("CMSEngine: getPasswordStore(): password store initialization failure:" + + e.toString()); } } } else { @@ -1292,19 +1293,22 @@ public class CMSEngine implements ICMSEngine { return getLogMessage(msgID, params); } - public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, String p7) { + public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, + String p7) { String params[] = { p1, p2, p3, p4, p5, p6, p7 }; return getLogMessage(msgID, params); } - public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, String p7, String p8) { + public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, + String p7, String p8) { String params[] = { p1, p2, p3, p4, p5, p6, p7, p8 }; return getLogMessage(msgID, params); } - public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, String p7, String p8, String p9) { + public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, + String p7, String p8, String p9) { String params[] = { p1, p2, p3, p4, p5, p6, p7, p8, p9 }; return getLogMessage(msgID, params); @@ -1320,7 +1324,8 @@ public class CMSEngine implements ICMSEngine { GeneralNameUtil.SubjAltNameGN.getExtendedPluginInfo(name, params); } - public ISubjAltNameConfig createSubjAltNameConfig(String name, IConfigStore config, boolean isValueConfigured) throws EBaseException { + public ISubjAltNameConfig createSubjAltNameConfig(String name, IConfigStore config, boolean isValueConfigured) + throws EBaseException { return new GeneralNameUtil.SubjAltNameGN(name, config, isValueConfigured); } @@ -1359,12 +1364,14 @@ public class CMSEngine implements ICMSEngine { return new GeneralNameUtil.GeneralNamesConfig(name, config, isValueConfigured, isPolicyEnabled); } - public IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured, + public IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, IConfigStore config, + boolean isValueConfigured, boolean isPolicyEnabled) throws EBaseException { return new GeneralNameUtil.GeneralNameAsConstraintsConfig(name, config, isValueConfigured, isPolicyEnabled); } - public IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured, + public IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, IConfigStore config, + boolean isValueConfigured, boolean isPolicyEnabled) throws EBaseException { return new GeneralNameUtil.GeneralNamesAsConstraintsConfig(name, config, isValueConfigured, isPolicyEnabled); } diff --git a/pki/base/common/src/com/netscape/cmscore/apps/Upgrade.java b/pki/base/common/src/com/netscape/cmscore/apps/Upgrade.java index 3ab522b7e..b5307c448 100644 --- a/pki/base/common/src/com/netscape/cmscore/apps/Upgrade.java +++ b/pki/base/common/src/com/netscape/cmscore/apps/Upgrade.java @@ -41,7 +41,8 @@ public final class Upgrade { public static void perform42to422(IConfigStore c) throws EBaseException { // upgrade CMS's configuration parameters - c.putString("eeGateway.dynamicVariables", + c.putString( + "eeGateway.dynamicVariables", "serverdate=serverdate(),subsystemname=subsystemname(),http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl()"); // new OCSP Publisher implemention diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java b/pki/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java index e015c5e6c..64a09173f 100644 --- a/pki/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java @@ -201,7 +201,8 @@ public class AuthSubsystem implements IAuthSubsystem { if (plugin == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_CANT_FIND_PLUGIN", implName)); - throw new EAuthMgrPluginNotFound(CMS.getUserMessage("CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implName)); + throw new EAuthMgrPluginNotFound(CMS.getUserMessage("CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", + implName)); } String className = plugin.getClassPath(); diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java index b2fc49b5d..84807430f 100644 --- a/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java +++ b/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java @@ -175,7 +175,8 @@ public class CertUserDBAuthentication implements IAuthManager { try { user = (User) mCULocator.locateUser(certs); } catch (EUsrGrpException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AGENT_AUTH_FAILED", x509Certs[0].getSerialNumber().toString(16), x509Certs[0].getSubjectDN().toString(), e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AGENT_AUTH_FAILED", x509Certs[0].getSerialNumber() + .toString(16), x509Certs[0].getSubjectDN().toString(), e.toString())); throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } catch (netscape.ldap.LDAPException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_CANNOT_AGENT_AUTH", e.toString())); diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java index f2eb5afe1..2f8a33faa 100644 --- a/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java +++ b/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java @@ -186,7 +186,8 @@ public class ChallengePhraseAuthentication implements IAuthManager { } } catch (NumberFormatException e) { - throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Invalid serial number.")); + throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", + "Invalid serial number.")); } } @@ -239,7 +240,8 @@ public class ChallengePhraseAuthentication implements IAuthManager { bigIntArray = new BigInteger[1]; bigIntArray[0] = record.getSerialNumber(); } else - throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Invalid password.")); + throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", + "Invalid password.")); } else { bigIntArray = new BigInteger[0]; diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java index 13533200d..19438037b 100644 --- a/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java +++ b/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java @@ -124,7 +124,8 @@ public class SSLClientCertAuthentication implements IAuthManager { serialNum = (BigInteger) clientCert.getSerialNumber(); //serialNum = new BigInteger(s.substring(2), 16); } catch (NumberFormatException e) { - throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Invalid serial number.")); + throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", + "Invalid serial number.")); } String clientCertIssuerDN = clientCert.getIssuerDN().toString(); diff --git a/pki/base/common/src/com/netscape/cmscore/authorization/AuthzSubsystem.java b/pki/base/common/src/com/netscape/cmscore/authorization/AuthzSubsystem.java index aa7e496ad..66bc508d5 100644 --- a/pki/base/common/src/com/netscape/cmscore/authorization/AuthzSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/authorization/AuthzSubsystem.java @@ -112,7 +112,8 @@ public class AuthzSubsystem implements IAuthzSubsystem { if (plugin == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_NOT_FOUND", implName)); - throw new EAuthzMgrPluginNotFound(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZMGR_PLUGIN_NOT_FOUND", implName)); + throw new EAuthzMgrPluginNotFound(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZMGR_PLUGIN_NOT_FOUND", + implName)); } else { CMS.debug( CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_FOUND", implName)); @@ -150,12 +151,14 @@ public class AuthzSubsystem implements IAuthzSubsystem { log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", errMsg)); throw new EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className)); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_INIT_FAILED", insName, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_INIT_FAILED", insName, e.toString())); // it is mis-configurated. This give // administrator another chance to // fix the problem via console } catch (Throwable e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_INIT_FAILED", insName, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_INIT_FAILED", insName, e.toString())); // Skip the authorization instance if // it is mis-configurated. This give // administrator another chance to @@ -273,7 +276,8 @@ public class AuthzSubsystem implements IAuthzSubsystem { if (plugin == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_NOT_FOUND", implName)); - throw new EAuthzMgrPluginNotFound(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZMGR_PLUGIN_NOT_FOUND", implName)); + throw new EAuthzMgrPluginNotFound(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZMGR_PLUGIN_NOT_FOUND", + implName)); } // a temporary instance diff --git a/pki/base/common/src/com/netscape/cmscore/base/PropConfigStore.java b/pki/base/common/src/com/netscape/cmscore/base/PropConfigStore.java index ad56c2cdd..d587a81f5 100644 --- a/pki/base/common/src/com/netscape/cmscore/base/PropConfigStore.java +++ b/pki/base/common/src/com/netscape/cmscore/base/PropConfigStore.java @@ -395,7 +395,8 @@ public class PropConfigStore implements IConfigStore, Cloneable { } else if (value.equalsIgnoreCase("false")) { return false; } else { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY_1", getName() + "." + name, "boolean", "\"true\" or \"false\"")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY_1", getName() + "." + name, + "boolean", "\"true\" or \"false\"")); } } @@ -458,7 +459,8 @@ public class PropConfigStore implements IConfigStore, Cloneable { CMS.traceHashKey(mDebugType, getFullName(name), value); return Integer.parseInt(value); } catch (NumberFormatException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY_1", getName() + "." + name, "int", "number")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY_1", getName() + "." + name, "int", + "number")); } } @@ -521,7 +523,8 @@ public class PropConfigStore implements IConfigStore, Cloneable { } return new BigInteger(value); } catch (NumberFormatException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY_1", getName() + "." + name, "BigInteger", "number")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY_1", getName() + "." + name, + "BigInteger", "number")); } } diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java b/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java index db6218b8f..ad5dd55ee 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java @@ -390,7 +390,8 @@ public class CertUtils { sb.append("\n"); sb.append("Encryption Certificate Serial No: " + encryptionCert.getSerialNumber().toString(16).toUpperCase()); sb.append("\n"); - sb.append("Validity: From: " + signingCert.getNotBefore().toString() + " To: " + signingCert.getNotAfter().toString()); + sb.append("Validity: From: " + signingCert.getNotBefore().toString() + " To: " + + signingCert.getNotAfter().toString()); sb.append("\n"); return new String(sb); } @@ -918,7 +919,8 @@ public class CertUtils { } String certusage = config.getString(subsysType + ".cert." + tag + ".certusage", ""); if (certusage.equals("")) { - CMS.debug("CertUtils: verifySystemCertByTag() certusage for cert tag " + tag + " undefined in CS.cfg, getting current certificate usage"); + CMS.debug("CertUtils: verifySystemCertByTag() certusage for cert tag " + tag + + " undefined in CS.cfg, getting current certificate usage"); } r = verifySystemCertByNickname(nickname, certusage); if (r == true) { @@ -1030,7 +1032,8 @@ public class CertUtils { } String certlist = config.getString(subsysType + ".cert.list", ""); if (certlist.equals("")) { - CMS.debug("CertUtils: verifySystemCerts() " + subsysType + ".cert.list not defined in CS.cfg. System certificates verification not done"); + CMS.debug("CertUtils: verifySystemCerts() " + subsysType + + ".cert.list not defined in CS.cfg. System certificates verification not done"); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, ILogger.SYSTEM_UID, diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java b/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java index 51f0b079a..b8f958be5 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java @@ -168,7 +168,8 @@ public class CertificatePair implements ASN1Value { debug("got cacert public key bytes length=" + caCertBytes.length); else { debug("cacert public key bytes null"); - throw new EBaseException("CertificatePair: certOrders() fails to get this CA's signing certificate public key encoded"); + throw new EBaseException( + "CertificatePair: certOrders() fails to get this CA's signing certificate public key encoded"); } byte[] c1Bytes = c1.getPublicKey().getEncoded(); @@ -196,7 +197,8 @@ public class CertificatePair implements ASN1Value { return false; } else { debug("neither c1 nor c2 public key matches with this ca"); - throw new EBaseException("CertificatePair: need correct forward and reverse relationship to construct CertificatePair"); + throw new EBaseException( + "CertificatePair: need correct forward and reverse relationship to construct CertificatePair"); } } diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java b/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java index 25a3baef1..dbc0c607f 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java @@ -439,7 +439,8 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { xp = (IXcertPublisherProcessor) mPublisherProcessor; xp.publishXCertPair(val); } catch (Exception e) { - throw new EBaseException("CrossCertPairSubsystem: publishCertPairs() failed:" + e.toString()); + throw new EBaseException("CrossCertPairSubsystem: publishCertPairs() failed:" + + e.toString()); } } }// while diff --git a/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java b/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java index 8f5964b71..f85d9016c 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java @@ -209,7 +209,8 @@ public class X500NameSubsystem implements ISubsystem { } catch (IllegalArgumentException e) { String msg = "unknown DER tag '" + nextTag + "'."; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CERT_UNKNOWN_TAG", PROP_DIR_STR_ENCODING_ORDER, nextTag)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CERT_UNKNOWN_TAG", PROP_DIR_STR_ENCODING_ORDER, nextTag)); throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", PROP_DIR_STR_ENCODING_ORDER, msg)); } diff --git a/pki/base/common/src/com/netscape/cmscore/connector/HttpConnFactory.java b/pki/base/common/src/com/netscape/cmscore/connector/HttpConnFactory.java index 12f8fe73f..01bb0f879 100644 --- a/pki/base/common/src/com/netscape/cmscore/connector/HttpConnFactory.java +++ b/pki/base/common/src/com/netscape/cmscore/connector/HttpConnFactory.java @@ -64,7 +64,8 @@ public class HttpConnFactory { * @param maxConns max number of connections to have available. This is * @param serverInfo server connection info - host, port, etc. */ - public HttpConnFactory(int minConns, int maxConns, IAuthority source, IRemoteAuthority dest, String nickname, int timeout) throws EBaseException { + public HttpConnFactory(int minConns, int maxConns, IAuthority source, IRemoteAuthority dest, String nickname, + int timeout) throws EBaseException { CMS.debug("In HttpConnFactory constructor mTimeout " + timeout); mSource = source; diff --git a/pki/base/common/src/com/netscape/cmscore/connector/HttpConnection.java b/pki/base/common/src/com/netscape/cmscore/connector/HttpConnection.java index 5b07f2c65..95cdbc779 100644 --- a/pki/base/common/src/com/netscape/cmscore/connector/HttpConnection.java +++ b/pki/base/common/src/com/netscape/cmscore/connector/HttpConnection.java @@ -157,7 +157,10 @@ public class HttpConnection implements IHttpConnection { } } catch (IOException e) { if (e.getMessage().indexOf("Peer's certificate issuer has been marked as not trusted") != -1) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED", "(This local authority cannot connect to the remote authority. The local authority's signing certificate must chain to a CA certificate trusted for client authentication in the certificate database. Use the certificate manager, or command line tool such as certutil to verify that the trust permissions of the local authority's issuer cert have 'CT' setting in the SSL client auth field.)")); + throw new EBaseException( + CMS.getUserMessage( + "CMS_BASE_CONN_FAILED", + "(This local authority cannot connect to the remote authority. The local authority's signing certificate must chain to a CA certificate trusted for client authentication in the certificate database. Use the certificate manager, or command line tool such as certutil to verify that the trust permissions of the local authority's issuer cert have 'CT' setting in the SSL client auth field.)")); } CMS.debug("HttpConn:Couldn't reconnect " + e); throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED", "Couldn't reconnect " + e)); @@ -180,7 +183,8 @@ public class HttpConnection implements IHttpConnection { mHttpClient.connect(mDest.getHost(), mDest.getPort()); } catch (IOException ex) { CMS.debug("reconnect for resend failed. " + ex); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED", "reconnect for resend failed." + ex)); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED", "reconnect for resend failed." + + ex)); } reconnect = true; } diff --git a/pki/base/common/src/com/netscape/cmscore/connector/HttpConnector.java b/pki/base/common/src/com/netscape/cmscore/connector/HttpConnector.java index 1781e8fd9..8a05c1c74 100644 --- a/pki/base/common/src/com/netscape/cmscore/connector/HttpConnector.java +++ b/pki/base/common/src/com/netscape/cmscore/connector/HttpConnector.java @@ -150,7 +150,8 @@ public class HttpConnector implements IConnector { replyStatus == RequestStatus.APPROVED)) { CMS.debug("HttpConn: remote request id still pending " + r.getRequestId() + " state " + replyStatus); - mSource.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CONNECTOR_REQUEST_NOT_COMPLETED", r.getRequestId().toString())); + mSource.log(ILogger.LL_INFO, + CMS.getLogMessage("CMSCORE_CONNECTOR_REQUEST_NOT_COMPLETED", r.getRequestId().toString())); mResender.addRequest(r); return false; } @@ -186,7 +187,8 @@ public class HttpConnector implements IConnector { mResender.addRequest(r); CMS.debug("HttpConn: error sending request to cert " + e.toString()); - mSource.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CONNECTOR_SEND_REQUEST", r.getRequestId().toString(), mDest.getHost(), Integer.toString(mDest.getPort()))); + mSource.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CONNECTOR_SEND_REQUEST", r.getRequestId() + .toString(), mDest.getHost(), Integer.toString(mDest.getPort()))); // mSource.log(ILogger.LL_INFO, // "Queing " + r.getRequestId() + " for resend."); return false; diff --git a/pki/base/common/src/com/netscape/cmscore/connector/HttpPKIMessage.java b/pki/base/common/src/com/netscape/cmscore/connector/HttpPKIMessage.java index 586f7f650..d32cf283c 100644 --- a/pki/base/common/src/com/netscape/cmscore/connector/HttpPKIMessage.java +++ b/pki/base/common/src/com/netscape/cmscore/connector/HttpPKIMessage.java @@ -69,7 +69,8 @@ public class HttpPKIMessage implements IHttpPKIMessage { reqId = r.getRequestId().toString(); reqStatus = r.getRequestStatus().toString(); - CMS.debug("HttpPKIMessage.fromRequest: requestId=" + r.getRequestId().toString() + " requestStatus=" + reqStatus + " instance=" + r); + CMS.debug("HttpPKIMessage.fromRequest: requestId=" + r.getRequestId().toString() + " requestStatus=" + + reqStatus + " instance=" + r); String attrs[] = RequestTransfer.getTransferAttributes(r); int len = attrs.length; diff --git a/pki/base/common/src/com/netscape/cmscore/connector/LocalConnector.java b/pki/base/common/src/com/netscape/cmscore/connector/LocalConnector.java index da639c0b1..806ca57c3 100644 --- a/pki/base/common/src/com/netscape/cmscore/connector/LocalConnector.java +++ b/pki/base/common/src/com/netscape/cmscore/connector/LocalConnector.java @@ -59,7 +59,8 @@ public class LocalConnector implements IConnector { */ public boolean send(IRequest r) throws EBaseException { if (Debug.ON) { - Debug.print("send request type " + r.getRequestType() + " status=" + r.getRequestStatus() + " to " + mDest.getId() + " id=" + r.getRequestId() + "\n"); + Debug.print("send request type " + r.getRequestType() + " status=" + r.getRequestStatus() + " to " + + mDest.getId() + " id=" + r.getRequestId() + "\n"); } CMS.debug("send request type " + r.getRequestType() + " to " + mDest.getId()); diff --git a/pki/base/common/src/com/netscape/cmscore/connector/Resender.java b/pki/base/common/src/com/netscape/cmscore/connector/Resender.java index 87764b7d8..edef41b8c 100644 --- a/pki/base/common/src/com/netscape/cmscore/connector/Resender.java +++ b/pki/base/common/src/com/netscape/cmscore/connector/Resender.java @@ -149,7 +149,8 @@ public class Resender implements IResender { r = mQueue.findRequest(rid); } catch (EBaseException e) { // XXX bad case. should we remove the rid now ? - mAuthority.log(ILogger.LL_WARN, CMS.getLogMessage("CMSCORE_CONNECTOR_REQUEST_NOT_FOUND", rid.toString())); + mAuthority.log(ILogger.LL_WARN, + CMS.getLogMessage("CMSCORE_CONNECTOR_REQUEST_NOT_FOUND", rid.toString())); continue; } try { @@ -163,11 +164,13 @@ public class Resender implements IResender { if (completed) { completedRids.addElement(rid); - mAuthority.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CONNECTOR_REQUEST_COMPLETED", rid.toString())); + mAuthority.log(ILogger.LL_INFO, + CMS.getLogMessage("CMSCORE_CONNECTOR_REQUEST_COMPLETED", rid.toString())); } } } catch (IOException e) { - mAuthority.log(ILogger.LL_WARN, CMS.getLogMessage("CMSCORE_CONNECTOR_REQUEST_ERROR", rid.toString(), e.toString())); + mAuthority.log(ILogger.LL_WARN, + CMS.getLogMessage("CMSCORE_CONNECTOR_REQUEST_ERROR", rid.toString(), e.toString())); } catch (EBaseException e) { // if connection is down, don't send the remaining request // as it will sure fail. @@ -237,7 +240,8 @@ public class Resender implements IResender { return true; } catch (EBaseException e) { // same as not having sent it, so still want to resend. - mAuthority.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CONNECTOR_RESEND_ERROR", r.getRequestId().toString(), e.toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CONNECTOR_RESEND_ERROR", r.getRequestId().toString(), e.toString())); if (e.toString().indexOf("Connection refused by peer") > 0) throw new EBaseException("connection not available"); } diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java b/pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java index e27b710d5..5a5de68dc 100644 --- a/pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java +++ b/pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java @@ -105,9 +105,11 @@ public class CertificateRepository extends Repository public BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound) throws EBaseException { - CMS.debug("CertificateRepository: in getLastSerialNumberInRange: low " + serial_low_bound + " high " + serial_upper_bound); + CMS.debug("CertificateRepository: in getLastSerialNumberInRange: low " + serial_low_bound + " high " + + serial_upper_bound); - if (serial_low_bound == null || serial_upper_bound == null || serial_low_bound.compareTo(serial_upper_bound) >= 0) { + if (serial_low_bound == null || serial_upper_bound == null + || serial_low_bound.compareTo(serial_upper_bound) >= 0) { return null; } @@ -116,7 +118,8 @@ public class CertificateRepository extends Repository String[] attrs = null; - ICertRecordList recList = findCertRecordsInList(ldapfilter, attrs, serial_upper_bound.toString(10), "serialno", 5 * -1); + ICertRecordList recList = findCertRecordsInList(ldapfilter, attrs, serial_upper_bound.toString(10), "serialno", + 5 * -1); int size = recList.getSize(); @@ -1654,7 +1657,8 @@ public class CertificateRepository extends Repository throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; - String ldapfilter = "(|(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED_EXPIRED + "))"; // index is setup for this filter + String ldapfilter = "(|(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")(" + + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED_EXPIRED + "))"; // index is setup for this filter try { //e = s.search(getDN(), ldapfilter); @@ -1716,7 +1720,8 @@ public class CertificateRepository extends Repository throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; - String ldapfilter = "(&(|(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED_EXPIRED + "))"; // index is setup for this filter + String ldapfilter = "(&(|(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")(" + + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED_EXPIRED + "))"; // index is setup for this filter ldapfilter += "(certMetainfo=" + CertRecord.META_LDAPPUBLISH + diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/DBVirtualList.java b/pki/base/common/src/com/netscape/cmscore/dbs/DBVirtualList.java index b9f338c43..934cf1ea0 100644 --- a/pki/base/common/src/com/netscape/cmscore/dbs/DBVirtualList.java +++ b/pki/base/common/src/com/netscape/cmscore/dbs/DBVirtualList.java @@ -535,7 +535,8 @@ public class DBVirtualList<E> implements IDBVirtualList<E> { // ".." + (mTop+mEntries.size()-1) + // " of " + mSize ); } else { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_DBS_VL_NULL_RESPONSE")); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_DBS_VL_NULL_RESPONSE")); } return true; } catch (Exception e) { diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java b/pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java index fc2d2c10a..b9cb2bdf2 100644 --- a/pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java +++ b/pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java @@ -449,16 +449,19 @@ public class KeyRepository extends Repository implements IKeyRepository { public BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound) throws EBaseException { - CMS.debug("KeyRepository: in getLastSerialNumberInRange: low " + serial_low_bound + " high " + serial_upper_bound); + CMS.debug("KeyRepository: in getLastSerialNumberInRange: low " + serial_low_bound + " high " + + serial_upper_bound); - if (serial_low_bound == null || serial_upper_bound == null || serial_low_bound.compareTo(serial_upper_bound) >= 0) { + if (serial_low_bound == null || serial_upper_bound == null + || serial_low_bound.compareTo(serial_upper_bound) >= 0) { return null; } String ldapfilter = "(" + "serialno" + "=*" + ")"; String[] attrs = null; - KeyRecordList recList = (KeyRecordList) findKeyRecordsInList(ldapfilter, attrs, serial_upper_bound.toString(10), "serialno", 5 * -1); + KeyRecordList recList = (KeyRecordList) findKeyRecordsInList(ldapfilter, attrs, + serial_upper_bound.toString(10), "serialno", 5 * -1); int size = recList.getSize(); diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/ReplicaIDRepository.java b/pki/base/common/src/com/netscape/cmscore/dbs/ReplicaIDRepository.java index c016e5acd..87f962faa 100644 --- a/pki/base/common/src/com/netscape/cmscore/dbs/ReplicaIDRepository.java +++ b/pki/base/common/src/com/netscape/cmscore/dbs/ReplicaIDRepository.java @@ -54,8 +54,10 @@ public class ReplicaIDRepository extends Repository */ public BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound) throws EBaseException { - CMS.debug("ReplicaIDReposoitory: in getLastSerialNumberInRange: low " + serial_low_bound + " high " + serial_upper_bound); - if (serial_low_bound == null || serial_upper_bound == null || serial_low_bound.compareTo(serial_upper_bound) >= 0) { + CMS.debug("ReplicaIDReposoitory: in getLastSerialNumberInRange: low " + serial_low_bound + " high " + + serial_upper_bound); + if (serial_low_bound == null || serial_upper_bound == null + || serial_low_bound.compareTo(serial_upper_bound) >= 0) { return null; } BigInteger ret = new BigInteger(getMinSerial()); diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/Repository.java b/pki/base/common/src/com/netscape/cmscore/dbs/Repository.java index 106a1c214..b89f388ce 100644 --- a/pki/base/common/src/com/netscape/cmscore/dbs/Repository.java +++ b/pki/base/common/src/com/netscape/cmscore/dbs/Repository.java @@ -496,6 +496,7 @@ public abstract class Repository implements IRepository { mDB.setEnableSerialMgmt(value); } - public abstract BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound) throws + public abstract BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound) + throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/cmscore/jobs/CronItem.java b/pki/base/common/src/com/netscape/cmscore/jobs/CronItem.java index 6dd38f2ba..a4ed727da 100644 --- a/pki/base/common/src/com/netscape/cmscore/jobs/CronItem.java +++ b/pki/base/common/src/com/netscape/cmscore/jobs/CronItem.java @@ -128,7 +128,8 @@ public class CronItem { if (!cr.isValidRange(mMin, mMax)) { // throw... log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_JOBS_INVALID_MIN_MAX_RANGE", Integer.toString(mMin), Integer.toString(mMax))); + CMS.getLogMessage("CMSCORE_JOBS_INVALID_MIN_MAX_RANGE", Integer.toString(mMin), + Integer.toString(mMax))); throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_JOB_CRON")); } // System.out.println("CronItem set(): adding a number"); diff --git a/pki/base/common/src/com/netscape/cmscore/jobs/JobCron.java b/pki/base/common/src/com/netscape/cmscore/jobs/JobCron.java index 92f082a2f..eeca68f63 100644 --- a/pki/base/common/src/com/netscape/cmscore/jobs/JobCron.java +++ b/pki/base/common/src/com/netscape/cmscore/jobs/JobCron.java @@ -131,14 +131,16 @@ public class JobCron implements IJobCron { * the '*' one will remain empty (no elements) */ // day-of-week - if ((sDayOMonth != null) && sDayOMonth.equals(CronItem.ALL) && (sDayOWeek != null) && !sDayOWeek.equals(CronItem.ALL)) { + if ((sDayOMonth != null) && sDayOMonth.equals(CronItem.ALL) && (sDayOWeek != null) + && !sDayOWeek.equals(CronItem.ALL)) { try { cDOW.set(sDayOWeek); } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_JOBS_INVALID_DAY_OF_WEEK", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_JOB_CRON")); } - } else if ((sDayOMonth != null) && !sDayOMonth.equals(CronItem.ALL) && (sDayOWeek != null) && sDayOWeek.equals(CronItem.ALL)) { + } else if ((sDayOMonth != null) && !sDayOMonth.equals(CronItem.ALL) && (sDayOWeek != null) + && sDayOWeek.equals(CronItem.ALL)) { try { cDOM.set(sDayOMonth); } catch (EBaseException e) { diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapRequestListener.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapRequestListener.java index 3d44063d9..2f6cadf68 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapRequestListener.java +++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapRequestListener.java @@ -477,8 +477,10 @@ class LdapUnrevocationListener implements IRequestListener { try { certRecord = (ICertRecord) certdb.readCertificateRecord(serial); } catch (EBaseException e) { - mProcessor.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_GET_CERT_RECORD", serial.toString(16), e.toString())); + mProcessor + .log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_GET_CERT_RECORD", serial.toString(16), + e.toString())); } } } diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapRule.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapRule.java index a65e6bb04..f3d2bd17f 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapRule.java +++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapRule.java @@ -85,7 +85,8 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo { epi_params = new String[] { "type;choice(cacert,crl, certs);The publishing object type", "mapper;choice(" + map + ");Use the mapper to find the ldap dn \nto publish the certificate or crl", - "publisher;choice(" + publish + ");Use the publisher to publish the certificate or crl a directory etc", + "publisher;choice(" + publish + + ");Use the publisher to publish the certificate or crl a directory etc", "enable;boolean;Enable this publishing rule", "predicate;string;Filter describing when this publishing rule shoule be used" }; diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/PublisherProcessor.java b/pki/base/common/src/com/netscape/cmscore/ldap/PublisherProcessor.java index 7ee489ff8..73d206981 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldap/PublisherProcessor.java +++ b/pki/base/common/src/com/netscape/cmscore/ldap/PublisherProcessor.java @@ -838,9 +838,15 @@ public class PublisherProcessor implements } catch (EBaseException e) { // not fatal. just log warning. log(ILogger.LL_WARN, - "Cannot mark cert 0x" + serialNo.toString(16) + " published as " + published + - " in the ldap directory. Cert Record not found. Error: " + - e.toString() + + "Cannot mark cert 0x" + + serialNo.toString(16) + + " published as " + + published + + + " in the ldap directory. Cert Record not found. Error: " + + + e.toString() + + " Don't be alarmed if it's a subordinate ca or clone's ca siging cert. Otherwise your internal db may be corrupted."); } } @@ -1117,7 +1123,8 @@ public class PublisherProcessor implements Enumeration<ILdapRule> rules = getRules("certs", req); if (rules == null || !rules.hasMoreElements()) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_NO_UNPUBLISHING_RULE_FOUND_FOR_REQUEST", "certs", req.getRequestId().toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_NO_UNPUBLISHING_RULE_FOUND_FOR_REQUEST", "certs", + req.getRequestId().toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_RULE_MATCHED", req.getRequestId().toString())); } @@ -1221,7 +1228,8 @@ public class PublisherProcessor implements dn = result; if (!mCreateOwnDNEntry) { if (dn == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_MAPPER_NOT_MAP", rule.getMapper())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_MAPPER_NOT_MAP", rule.getMapper())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", crl.getIssuerDN().toString())); @@ -1231,7 +1239,8 @@ public class PublisherProcessor implements publisher = getActivePublisherInstance(rule.getPublisher()); if (publisher != null) { if (publisher instanceof com.netscape.cms.publish.publishers.FileBasedPublisher) - ((com.netscape.cms.publish.publishers.FileBasedPublisher) publisher).setIssuingPointId(crlIssuingPointId); + ((com.netscape.cms.publish.publishers.FileBasedPublisher) publisher) + .setIssuingPointId(crlIssuingPointId); publisher.publish(conn, dn, crl); log(ILogger.LL_INFO, "published crl using rule=" + rule.getInstanceName()); } diff --git a/pki/base/common/src/com/netscape/cmscore/logging/AuditFormat.java b/pki/base/common/src/com/netscape/cmscore/logging/AuditFormat.java index 46bd1ffc4..a5ce83251 100644 --- a/pki/base/common/src/com/netscape/cmscore/logging/AuditFormat.java +++ b/pki/base/common/src/com/netscape/cmscore/logging/AuditFormat.java @@ -75,13 +75,16 @@ public class AuditFormat { public static final String ENROLLMENTFORMAT = IRequest.ENROLLMENT_REQUEST + " reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} {5}"; public static final String RENEWALFORMAT = - IRequest.RENEWAL_REQUEST + " reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} old serial number: 0x{5} {6}"; + IRequest.RENEWAL_REQUEST + + " reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} old serial number: 0x{5} {6}"; public static final String REVOCATIONFORMAT = - IRequest.REVOCATION_REQUEST + " reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} serial number: 0x{5} revocation reason: {6} {7}"; + IRequest.REVOCATION_REQUEST + + " reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} serial number: 0x{5} revocation reason: {6} {7}"; // 1: fromAgent AgentID: xxx authenticated by xxx public static final String DOREVOKEFORMAT = - IRequest.REVOCATION_REQUEST + " reqID {0} {1} is {2}. DN requested: {3} serial number: 0x{4} revocation reason: {5}"; + IRequest.REVOCATION_REQUEST + + " reqID {0} {1} is {2}. DN requested: {3} serial number: 0x{4} revocation reason: {5}"; // 1: fromAgent AgentID: xxx authenticated by xxx public static final String DOUNREVOKEFORMAT = IRequest.UNREVOCATION_REQUEST + " reqID {0} {1} is {2}. DN requested: {3} serial number: 0x{4}"; diff --git a/pki/base/common/src/com/netscape/cmscore/logging/LogSubsystem.java b/pki/base/common/src/com/netscape/cmscore/logging/LogSubsystem.java index a8bc67c0d..83cd0c99c 100644 --- a/pki/base/common/src/com/netscape/cmscore/logging/LogSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/logging/LogSubsystem.java @@ -139,7 +139,8 @@ public class LogSubsystem implements ILogSubsystem { throw new EBaseException(insName + ":Failed to instantiate class " + className); } catch (Throwable e) { e.printStackTrace(); - throw new EBaseException(insName + ":Failed to instantiate class " + className + " error: " + e.getMessage()); + throw new EBaseException(insName + ":Failed to instantiate class " + className + " error: " + + e.getMessage()); } if (insName == null) { diff --git a/pki/base/common/src/com/netscape/cmscore/policy/GeneralNameUtil.java b/pki/base/common/src/com/netscape/cmscore/policy/GeneralNameUtil.java index 8fe2863d4..14062e9d4 100644 --- a/pki/base/common/src/com/netscape/cmscore/policy/GeneralNameUtil.java +++ b/pki/base/common/src/com/netscape/cmscore/policy/GeneralNameUtil.java @@ -382,7 +382,8 @@ public class GeneralNameUtil implements IGeneralNameUtil { } - static public class GeneralNamesAsConstraintsConfig extends GeneralNamesConfig implements IGeneralNamesAsConstraintsConfig { + static public class GeneralNamesAsConstraintsConfig extends GeneralNamesConfig implements + IGeneralNamesAsConstraintsConfig { public GeneralNamesAsConstraintsConfig( String name, IConfigStore config, @@ -596,7 +597,8 @@ public class GeneralNameUtil implements IGeneralNameUtil { /** * convenience class for policies use. */ - static public class GeneralNameAsConstraintsConfig extends GeneralNameConfig implements IGeneralNameAsConstraintsConfig { + static public class GeneralNameAsConstraintsConfig extends GeneralNameConfig implements + IGeneralNameAsConstraintsConfig { public GeneralNameAsConstraintsConfig( String name, diff --git a/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java b/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java index ab85bb80d..2423773a8 100644 --- a/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java +++ b/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java @@ -320,7 +320,8 @@ public class GenericPolicyProcessor implements IPolicyProcessor { ((IPolicyRule) rule).setInstanceName(instanceName); rule.init(this, c); } catch (Throwable e) { - mAuthority.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_POLICY_INIT_FAILED", instanceName, e.toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_POLICY_INIT_FAILED", instanceName, e.toString())); // disable rule initialized if there is // configuration error enabled = false; diff --git a/pki/base/common/src/com/netscape/cmscore/policy/PolicySet.java b/pki/base/common/src/com/netscape/cmscore/policy/PolicySet.java index ca629b4be..37780cfc2 100644 --- a/pki/base/common/src/com/netscape/cmscore/policy/PolicySet.java +++ b/pki/base/common/src/com/netscape/cmscore/policy/PolicySet.java @@ -229,9 +229,12 @@ public class PolicySet implements IPolicySet { // The policy may have bug. We want to // catch those problems and report // them to the log - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + mLogger.log( + ILogger.EV_SYSTEM, + ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_POLICY_ERROR_RESULT", req.getRequestId().toString(), name, ex.toString())); + CMS.getLogMessage("CMSCORE_POLICY_ERROR_RESULT", req.getRequestId().toString(), name, + ex.toString())); // treat as rejected to prevent request from going into // a weird state. request queue doesn't handle this case. rejected = true; diff --git a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java index cdf4784ae..aa80a3ceb 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java @@ -1447,7 +1447,8 @@ public final class JssSubsystem implements ICryptoSubsystem { pair.setValue(vvalue + ";" + certValue); } } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT_FOR", nickname, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT_FOR", nickname, e.toString())); // allow it to continue with other certs even if one blows // up // throw new EBaseException(BaseResources.CERT_ERROR); diff --git a/pki/base/common/src/com/netscape/cmscore/util/UtilResources.java b/pki/base/common/src/com/netscape/cmscore/util/UtilResources.java index 1324f6caa..57803c9e5 100644 --- a/pki/base/common/src/com/netscape/cmscore/util/UtilResources.java +++ b/pki/base/common/src/com/netscape/cmscore/util/UtilResources.java @@ -60,7 +60,8 @@ public class UtilResources extends ListResourceBundle { { NO_SUCH_FILE_1, "can''t find file {0}" }, { FILE_TRUNCATED, "Log file has been truncated." }, { DIGEST_MATCH_1, "Hash digest matches log file. {0} OK" }, - { DIGEST_DONT_MATCH_1, "Hash digest does NOT match log file. {0} and/or hash file is corrupt or the password is incorrect." }, + { DIGEST_DONT_MATCH_1, + "Hash digest does NOT match log file. {0} and/or hash file is corrupt or the password is incorrect." }, { EXCEPTION_1, "Caught unexpected exception {0}" }, { LOG_PASSWORD, "Please enter the log file hash digest password: " }, { NO_USERID, "No user id in config file. Running as {0}" }, diff --git a/pki/base/common/test/com/netscape/certsrv/app/CMSEngineDefaultStub.java b/pki/base/common/test/com/netscape/certsrv/app/CMSEngineDefaultStub.java index a9f1bf200..c5fb12e22 100644 --- a/pki/base/common/test/com/netscape/certsrv/app/CMSEngineDefaultStub.java +++ b/pki/base/common/test/com/netscape/certsrv/app/CMSEngineDefaultStub.java @@ -230,15 +230,18 @@ public class CMSEngineDefaultStub implements ICMSEngine { return null; } - public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, String p7) { + public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, + String p7) { return null; } - public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, String p7, String p8) { + public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, + String p7, String p8) { return null; } - public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, String p7, String p8, String p9) { + public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, + String p7, String p8, String p9) { return null; } @@ -246,7 +249,8 @@ public class CMSEngineDefaultStub implements ICMSEngine { return null; } - public ICRLIssuingPointRecord createCRLIssuingPointRecord(String id, BigInteger crlNumber, Long crlSize, Date thisUpdate, Date nextUpdate) { + public ICRLIssuingPointRecord createCRLIssuingPointRecord(String id, BigInteger crlNumber, Long crlSize, + Date thisUpdate, Date nextUpdate) { return null; } @@ -335,7 +339,8 @@ public class CMSEngineDefaultStub implements ICMSEngine { return null; } - public LDAPConnection getBoundConnection(String host, int port, int version, LDAPSSLSocketFactoryExt fac, String bindDN, String bindPW) throws LDAPException { + public LDAPConnection getBoundConnection(String host, int port, int version, LDAPSSLSocketFactoryExt fac, + String bindDN, String bindPW) throws LDAPException { return null; } @@ -472,15 +477,18 @@ public class CMSEngineDefaultStub implements ICMSEngine { public void getGeneralNamesConfigExtendedPluginInfo(String name, boolean isValueConfigured, Vector info) { } - public IGeneralNamesConfig createGeneralNamesConfig(String name, IConfigStore config, boolean isValueConfigured, boolean isPolicyEnabled) throws EBaseException { + public IGeneralNamesConfig createGeneralNamesConfig(String name, IConfigStore config, boolean isValueConfigured, + boolean isPolicyEnabled) throws EBaseException { return null; } - public IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured, boolean isPolicyEnabled) throws EBaseException { + public IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, IConfigStore config, + boolean isValueConfigured, boolean isPolicyEnabled) throws EBaseException { return null; } - public IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured, boolean isPolicyEnabled) throws EBaseException { + public IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, IConfigStore config, + boolean isValueConfigured, boolean isPolicyEnabled) throws EBaseException { return null; } @@ -490,7 +498,8 @@ public class CMSEngineDefaultStub implements ICMSEngine { public void getSubjAltNameConfigExtendedPluginInfo(String name, Vector params) { } - public ISubjAltNameConfig createSubjAltNameConfig(String name, IConfigStore config, boolean isValueConfigured) throws EBaseException { + public ISubjAltNameConfig createSubjAltNameConfig(String name, IConfigStore config, boolean isValueConfigured) + throws EBaseException { return null; } diff --git a/pki/base/common/test/com/netscape/certsrv/logging/LoggerDefaultStub.java b/pki/base/common/test/com/netscape/certsrv/logging/LoggerDefaultStub.java index a0ffe5e01..c136c7feb 100644 --- a/pki/base/common/test/com/netscape/certsrv/logging/LoggerDefaultStub.java +++ b/pki/base/common/test/com/netscape/certsrv/logging/LoggerDefaultStub.java @@ -57,7 +57,8 @@ public class LoggerDefaultStub implements ILogger { public void log(int evtClass, Properties prop, int source, int level, String msg, Object params[], boolean multiline) { } - public ILogEvent create(int evtClass, Properties prop, int source, int level, String msg, Object params[], boolean multiline) { + public ILogEvent create(int evtClass, Properties prop, int source, int level, String msg, Object params[], + boolean multiline) { return null; } diff --git a/pki/base/common/test/com/netscape/cmscore/dbs/DBRegistryTest.java b/pki/base/common/test/com/netscape/cmscore/dbs/DBRegistryTest.java index 2f022cb9a..b76cfd78c 100644 --- a/pki/base/common/test/com/netscape/cmscore/dbs/DBRegistryTest.java +++ b/pki/base/common/test/com/netscape/cmscore/dbs/DBRegistryTest.java @@ -128,7 +128,8 @@ public class DBRegistryTest extends CMSBaseTestCase { attrName.toLowerCase().startsWith("extdata-"); } - public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, String name, IDBObj parent) throws EBaseException { + public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, String name, IDBObj parent) + throws EBaseException { mapLDAPAttrsCalled = true; } diff --git a/pki/base/common/test/com/netscape/cmscore/dbs/DBSSessionDefaultStub.java b/pki/base/common/test/com/netscape/cmscore/dbs/DBSSessionDefaultStub.java index aef21db14..9ce03b55e 100644 --- a/pki/base/common/test/com/netscape/cmscore/dbs/DBSSessionDefaultStub.java +++ b/pki/base/common/test/com/netscape/cmscore/dbs/DBSSessionDefaultStub.java @@ -64,11 +64,13 @@ public class DBSSessionDefaultStub implements IDBSSession { return null; } - public IDBVirtualList createVirtualList(String base, String filter, String attrs[], String sortKey, int pageSize) throws EBaseException { + public IDBVirtualList createVirtualList(String base, String filter, String attrs[], String sortKey, int pageSize) + throws EBaseException { return null; } - public IDBVirtualList createVirtualList(String base, String filter, String attrs[], String startFrom, String sortKey, int pageSize) throws EBaseException { + public IDBVirtualList createVirtualList(String base, String filter, String attrs[], String startFrom, + String sortKey, int pageSize) throws EBaseException { return null; } } diff --git a/pki/base/common/test/com/netscape/cmscore/request/DBDynAttrMapperDefaultStub.java b/pki/base/common/test/com/netscape/cmscore/request/DBDynAttrMapperDefaultStub.java index d68fbde80..6f3bf7fe3 100644 --- a/pki/base/common/test/com/netscape/cmscore/request/DBDynAttrMapperDefaultStub.java +++ b/pki/base/common/test/com/netscape/cmscore/request/DBDynAttrMapperDefaultStub.java @@ -20,7 +20,8 @@ public class DBDynAttrMapperDefaultStub implements IDBDynAttrMapper { return null; } - public void mapObjectToLDAPAttributeSet(IDBObj parent, String name, Object obj, LDAPAttributeSet attrs) throws EBaseException { + public void mapObjectToLDAPAttributeSet(IDBObj parent, String name, Object obj, LDAPAttributeSet attrs) + throws EBaseException { } public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, String name, IDBObj parent) throws EBaseException { diff --git a/pki/base/java-tools/src/com/netscape/cmstools/AuditVerify.java b/pki/base/java-tools/src/com/netscape/cmstools/AuditVerify.java index 022fcfe00..435567710 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/AuditVerify.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/AuditVerify.java @@ -44,7 +44,8 @@ import org.mozilla.jss.crypto.X509Certificate; public class AuditVerify { private static void usage() { - System.out.println("Usage: AuditVerify -d <dbdir> -n <signing certificate nickname> -a <log list file> [-P <cert/key db prefix>] [-v]"); + System.out + .println("Usage: AuditVerify -d <dbdir> -n <signing certificate nickname> -a <log list file> [-P <cert/key db prefix>] [-v]"); System.exit(1); } diff --git a/pki/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java b/pki/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java index b591b6e57..b7e6502ee 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java @@ -237,7 +237,8 @@ public class CMCEnroll { // SHA1 is the default digest Alg for now. DigestAlgorithm digestAlg = null; SignatureAlgorithm signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; - org.mozilla.jss.crypto.PrivateKey.Type signingKeyType = ((org.mozilla.jss.crypto.PrivateKey) privKey).getType(); + org.mozilla.jss.crypto.PrivateKey.Type signingKeyType = ((org.mozilla.jss.crypto.PrivateKey) privKey) + .getType(); if (signingKeyType.equals(org.mozilla.jss.crypto.PrivateKey.Type.DSA)) signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; diff --git a/pki/base/java-tools/src/com/netscape/cmstools/CMCRequest.java b/pki/base/java-tools/src/com/netscape/cmstools/CMCRequest.java index bb046f5a7..00ca4709e 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/CMCRequest.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/CMCRequest.java @@ -246,7 +246,8 @@ public class CMCRequest { // SHA1 is the default digest Alg for now. DigestAlgorithm digestAlg = null; SignatureAlgorithm signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; - org.mozilla.jss.crypto.PrivateKey.Type signingKeyType = ((org.mozilla.jss.crypto.PrivateKey) privKey).getType(); + org.mozilla.jss.crypto.PrivateKey.Type signingKeyType = ((org.mozilla.jss.crypto.PrivateKey) privKey) + .getType(); if (signingKeyType.equals(org.mozilla.jss.crypto.PrivateKey.Type.DSA)) signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; diff --git a/pki/base/java-tools/src/com/netscape/cmstools/CMCResponse.java b/pki/base/java-tools/src/com/netscape/cmstools/CMCResponse.java index 16373cdcf..8bb04d1ea 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/CMCResponse.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/CMCResponse.java @@ -211,7 +211,8 @@ public class CMCResponse { private static void printUsage() { System.out.println(""); - System.out.println("Usage: CMCResponse -d <pathname for cert8.db> -i <pathname for CMC response in binary format> "); + System.out + .println("Usage: CMCResponse -d <pathname for cert8.db> -i <pathname for CMC response in binary format> "); } public static void main(String args[]) { diff --git a/pki/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java b/pki/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java index 647e5a972..bab8b84fd 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java @@ -73,7 +73,8 @@ public class CMCRevoke { private static final String KEYDB = "key3.db"; public static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----"; public static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----"; - static String dValue = null, nValue = null, iValue = null, sValue = null, mValue = null, hValue = null, cValue = null; + static String dValue = null, nValue = null, iValue = null, sValue = null, mValue = null, hValue = null, + cValue = null; public static final String CMS_BASE_CA_SIGNINGCERT_NOT_FOUND = "CA signing certificate not found"; public static final String PR_INTERNAL_TOKEN_NAME = "internal"; @@ -144,7 +145,8 @@ public class CMCRevoke { // optional parameter if (cValue == null) cValue = new String(); - if (dValue == null || nValue == null || iValue == null || sValue == null || mValue == null || hValue == null) + if (dValue == null || nValue == null || iValue == null || sValue == null || mValue == null + || hValue == null) bWrongParam = true; else if (dValue.length() == 0 || nValue.length() == 0 || iValue.length() == 0 || sValue.length() == 0 || mValue.length() == 0 || hValue.length() == 0) @@ -329,7 +331,8 @@ public class CMCRevoke { } String sn = com.netscape.osutil.OSUtil.BtoA(dig); - TaggedAttribute senderNonce = new TaggedAttribute(new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce, + TaggedAttribute senderNonce = new TaggedAttribute(new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_senderNonce, new OCTET_STRING(sn.getBytes())); controlSeq.addElement(senderNonce); @@ -337,7 +340,8 @@ public class CMCRevoke { Name subjectName = new Name(); subjectName.addCommonName(iValue); - org.mozilla.jss.pkix.cmmf.RevRequest lRevokeRequest = new org.mozilla.jss.pkix.cmmf.RevRequest(new ANY((new X500Name(iValue)).getEncoded()), + org.mozilla.jss.pkix.cmmf.RevRequest lRevokeRequest = new org.mozilla.jss.pkix.cmmf.RevRequest(new ANY( + (new X500Name(iValue)).getEncoded()), new INTEGER(sValue), //org.mozilla.jss.pkix.cmmf.RevRequest.unspecified, new ENUMERATED((new Integer(mValue)).longValue()), @@ -352,7 +356,8 @@ public class CMCRevoke { ByteArrayOutputStream os = new ByteArrayOutputStream(); //lRevokeRequest.encode(os); // khai - TaggedAttribute revokeRequestTag = new TaggedAttribute(new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_revokeRequest, + TaggedAttribute revokeRequestTag = new TaggedAttribute(new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_revokeRequest, lRevokeRequest); controlSeq.addElement(revokeRequestTag); @@ -362,7 +367,8 @@ public class CMCRevoke { // SHA1 is the default digest Alg for now. DigestAlgorithm digestAlg = null; SignatureAlgorithm signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; - org.mozilla.jss.crypto.PrivateKey.Type signingKeyType = ((org.mozilla.jss.crypto.PrivateKey) privKey).getType(); + org.mozilla.jss.crypto.PrivateKey.Type signingKeyType = ((org.mozilla.jss.crypto.PrivateKey) privKey) + .getType(); if (signingKeyType.equals(org.mozilla.jss.crypto.PrivateKey.Type.DSA)) signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; diff --git a/pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java b/pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java index 1e452a8a9..a38ff8b96 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java @@ -370,8 +370,10 @@ public class CRMFPopClient { certTemplate.setPublicKey(new SubjectPublicKeyInfo(pair.getPublic())); // set extension - AlgorithmIdentifier algS = new AlgorithmIdentifier(new OBJECT_IDENTIFIER("1.2.840.113549.3.7"), new OCTET_STRING(iv)); - EncryptedValue encValue = new EncryptedValue(null, algS, new BIT_STRING(session_data, 0), null, null, new BIT_STRING(key_data, 0)); + AlgorithmIdentifier algS = new AlgorithmIdentifier(new OBJECT_IDENTIFIER("1.2.840.113549.3.7"), + new OCTET_STRING(iv)); + EncryptedValue encValue = new EncryptedValue(null, algS, new BIT_STRING(session_data, 0), null, null, + new BIT_STRING(key_data, 0)); EncryptedKey key = new EncryptedKey(encValue); PKIArchiveOptions opt = new PKIArchiveOptions(key); SEQUENCE seq = new SEQUENCE(); @@ -491,7 +493,10 @@ public class CRMFPopClient { // post PKCS10 - url = new URL("http://" + HOST + ":" + PORT + "/ca/ee/ca/profileSubmit?cert_request_type=crmf&cert_request=" + Req + "&renewal=false&uid=" + USER_NAME + "&xmlOutput=false&&profileId=" + profileName + "&sn_uid=" + USER_NAME + "&SubId=profile&requestor_name=" + REQUESTOR_NAME); + url = new URL("http://" + HOST + ":" + PORT + + "/ca/ee/ca/profileSubmit?cert_request_type=crmf&cert_request=" + Req + "&renewal=false&uid=" + + USER_NAME + "&xmlOutput=false&&profileId=" + profileName + "&sn_uid=" + USER_NAME + + "&SubId=profile&requestor_name=" + REQUESTOR_NAME); //System.out.println("Posting " + url); System.out.println(""); @@ -564,7 +569,8 @@ public class CRMFPopClient { if (split[0].equals("UID")) { - ret.addElement(new AVA(new OBJECT_IDENTIFIER("0.9.2342.19200300.100.1.1"), new PrintableString(split[1]))); + ret.addElement(new AVA(new OBJECT_IDENTIFIER("0.9.2342.19200300.100.1.1"), new PrintableString( + split[1]))); // System.out.println("UID found : " + split[1]); } diff --git a/pki/base/java-tools/src/com/netscape/cmstools/GenIssuerAltNameExt.java b/pki/base/java-tools/src/com/netscape/cmstools/GenIssuerAltNameExt.java index 622655ae5..2cf20b9f7 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/GenIssuerAltNameExt.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/GenIssuerAltNameExt.java @@ -96,7 +96,8 @@ public class GenIssuerAltNameExt { public static void doUsage() { System.out.println(); - System.out.println("Usage: GenIssuerAltNameExt <general_type0> <general_name0> ... <general_typeN> <general_nameN>"); + System.out + .println("Usage: GenIssuerAltNameExt <general_type0> <general_name0> ... <general_typeN> <general_nameN>"); System.out.println("where,"); System.out.println("<general_type> can be one of the following string:"); System.out.println("\tDNSName"); diff --git a/pki/base/java-tools/src/com/netscape/cmstools/GenSubjectAltNameExt.java b/pki/base/java-tools/src/com/netscape/cmstools/GenSubjectAltNameExt.java index 66a1a580e..c6814a4f7 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/GenSubjectAltNameExt.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/GenSubjectAltNameExt.java @@ -96,7 +96,8 @@ public class GenSubjectAltNameExt { public static void doUsage() { System.out.println(); - System.out.println("Usage: GenSubjectAltNameExt <general_type0> <general_name0> ... <general_typeN> <general_nameN>"); + System.out + .println("Usage: GenSubjectAltNameExt <general_type0> <general_name0> ... <general_typeN> <general_nameN>"); System.out.println("where,"); System.out.println("<general_type> can be one of the following string:"); System.out.println("\tDNSName"); diff --git a/pki/base/java-tools/src/com/netscape/cmstools/OCSPClient.java b/pki/base/java-tools/src/com/netscape/cmstools/OCSPClient.java index a3e885e97..084235c12 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/OCSPClient.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/OCSPClient.java @@ -197,7 +197,8 @@ public class OCSPClient { System.out.println(" <port> = OCSP server port number"); System.out.println(" <dbdir> = Certificate Database Directory"); System.out.println(" <nickname> = Nickname of CA Certificate"); - System.out.println(" <serialno_or_filename> = Serial Number Being Checked, Or Name of file that contains the request"); + System.out + .println(" <serialno_or_filename> = Serial Number Being Checked, Or Name of file that contains the request"); System.out.println(" <output> = Filename of Response in DER encoding"); System.out.println(" <times> = Submit Request Multiple Times"); System.out.println(" [<uri>] = OCSP Service URI (i.e. /ocsp/ee/ocsp)"); diff --git a/pki/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java b/pki/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java index a97a014a4..a41238f3a 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java @@ -61,7 +61,8 @@ import com.netscape.cmsutil.util.HMACDigest; public class PKCS10Client { private static void printUsage() { - System.out.println("Usage: PKCS10Client -p <certdb password> -d <location of certdb> -o <output file which saves the base64 PKCS10> -s <subjectDN>\n"); + System.out + .println("Usage: PKCS10Client -p <certdb password> -d <location of certdb> -o <output file which saves the base64 PKCS10> -s <subjectDN>\n"); } public static void main(String args[]) { @@ -193,7 +194,8 @@ public class PKCS10Client { try { if (split[0].equals("UID")) { - ret.addElement(new AVA(new OBJECT_IDENTIFIER("0.9.2342.19200300.100.1.1"), new PrintableString(split[1]))); + ret.addElement(new AVA(new OBJECT_IDENTIFIER("0.9.2342.19200300.100.1.1"), new PrintableString( + split[1]))); // System.out.println("UID found : " + split[1]); } diff --git a/pki/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java b/pki/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java index e30cfdb22..de83621be 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java @@ -70,10 +70,12 @@ public class PKCS12Export { } private static void printUsage() { - System.out.println("Usage: PKCS12Export -d <cert/key db directory> -p <file containing password for keydb> -w <file containing pkcs12 password> -o <output file for pkcs12>"); + System.out + .println("Usage: PKCS12Export -d <cert/key db directory> -p <file containing password for keydb> -w <file containing pkcs12 password> -o <output file for pkcs12>"); System.out.println(""); System.out.println("If you want to turn on debug, do the following:"); - System.out.println("Usage: PKCS12Export -debug -d <cert/key db directory> -p <file containing password for keydb> -w <file containing pkcs12 password> -o <output file for pkcs12>"); + System.out + .println("Usage: PKCS12Export -debug -d <cert/key db directory> -p <file containing password for keydb> -w <file containing pkcs12 password> -o <output file for pkcs12>"); } private static byte[] getEncodedKey(org.mozilla.jss.crypto.PrivateKey pkey) { diff --git a/pki/base/java-tools/src/com/netscape/cmstools/PasswordCache.java b/pki/base/java-tools/src/com/netscape/cmstools/PasswordCache.java index a90ee0792..d6273f17c 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/PasswordCache.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/PasswordCache.java @@ -62,14 +62,16 @@ public class PasswordCache { private static final String KEYDB = "key3.db"; private static void usage() { - System.out.println("This tool has to be run from the same directory where pwcache.db file resides, normally <cms instance>/config directory, unless the file's full path is specified in the -c option..\nUsage: PasswordCache <SSO_PASSWORD> <-d cert/key db directory> <-h tokenName> <-P cert/key db prefix> <-c pwcache.db_file_full_path> <-k file containing Base64EncodedKeyID> <COMMAND> ..."); + System.out + .println("This tool has to be run from the same directory where pwcache.db file resides, normally <cms instance>/config directory, unless the file's full path is specified in the -c option..\nUsage: PasswordCache <SSO_PASSWORD> <-d cert/key db directory> <-h tokenName> <-P cert/key db prefix> <-c pwcache.db_file_full_path> <-k file containing Base64EncodedKeyID> <COMMAND> ..."); System.out.println(" commands:"); System.out.println(" 'add <password_name> <password>'"); System.out.println(" 'change <password_name> <password>'"); System.out.println(" 'delete <password_name>'"); System.out.println(" 'rekey'"); System.out.println(" 'list'"); - System.out.println("\nExample:\n\tPasswordCache thePassword1 -d /usr/netscape/servers/cms/alias -P cert-instance1-machine1- -c pwcache.db -k keyidFile list"); + System.out + .println("\nExample:\n\tPasswordCache thePassword1 -d /usr/netscape/servers/cms/alias -P cert-instance1-machine1- -c pwcache.db -k keyidFile list"); System.exit(1); } diff --git a/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java b/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java index e9a3301ee..d90afd726 100644 --- a/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java +++ b/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java @@ -121,39 +121,48 @@ public abstract class EncryptionUnit implements IEncryptionUnit { return out.toByteArray(); } catch (TokenException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); return null; } catch (NoSuchAlgorithmException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); return null; } catch (CharConversionException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); return null; } catch (InvalidAlgorithmParameterException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); return null; } catch (InvalidKeyException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); return null; } catch (BadPaddingException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); return null; } catch (IllegalBlockSizeException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); return null; } catch (IOException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); return null; } catch (Exception e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); return null; } @@ -212,31 +221,38 @@ public abstract class EncryptionUnit implements IEncryptionUnit { return out.toByteArray(); } catch (TokenException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); Debug.trace("EncryptionUnit::wrap " + e.toString()); return null; } catch (NoSuchAlgorithmException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); Debug.trace("EncryptionUnit::wrap " + e.toString()); return null; } catch (CharConversionException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); Debug.trace("EncryptionUnit::wrap " + e.toString()); return null; } catch (InvalidAlgorithmParameterException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); Debug.trace("EncryptionUnit::wrap " + e.toString()); return null; } catch (InvalidKeyException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); Debug.trace("EncryptionUnit::wrap " + e.toString()); return null; } catch (IOException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); Debug.trace("EncryptionUnit::wrap " + e.toString()); return null; } catch (Exception e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); Debug.trace("EncryptionUnit::wrap " + e.toString()); return null; } @@ -313,31 +329,38 @@ public abstract class EncryptionUnit implements IEncryptionUnit { symmAlgParams)); return cipher.doFinal(encValue); } catch (IllegalBlockSizeException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString()); return null; } catch (BadPaddingException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString()); return null; } catch (TokenException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString()); return null; } catch (NoSuchAlgorithmException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString()); return null; } catch (InvalidAlgorithmParameterException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString()); return null; } catch (InvalidKeyException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString()); return null; } catch (Exception e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString()); return null; } @@ -385,19 +408,23 @@ public abstract class EncryptionUnit implements IEncryptionUnit { return pk; } catch (TokenException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); return null; } catch (NoSuchAlgorithmException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); return null; } catch (InvalidAlgorithmParameterException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); return null; } catch (InvalidKeyException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); return null; } catch (Exception e) { @@ -436,35 +463,43 @@ public abstract class EncryptionUnit implements IEncryptionUnit { cipher.initDecrypt(sk, IV); return cipher.doFinal(pri); } catch (IllegalBlockSizeException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); return null; } catch (BadPaddingException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); return null; } catch (TokenException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); return null; } catch (NoSuchAlgorithmException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); return null; } catch (InvalidAlgorithmParameterException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); return null; } catch (InvalidKeyException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); return null; } catch (IOException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); return null; } catch (Exception e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); return null; } @@ -526,24 +561,29 @@ public abstract class EncryptionUnit implements IEncryptionUnit { } return pk; } catch (TokenException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); CMS.debug(e); return null; } catch (NoSuchAlgorithmException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); return null; } catch (InvalidAlgorithmParameterException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); return null; } catch (InvalidKeyException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); Debug.printStackTrace(e); return null; } catch (IOException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); return null; } catch (Exception e) { diff --git a/pki/base/kra/src/com/netscape/kra/EnrollmentService.java b/pki/base/kra/src/com/netscape/kra/EnrollmentService.java index 85cd516b8..a485545ee 100644 --- a/pki/base/kra/src/com/netscape/kra/EnrollmentService.java +++ b/pki/base/kra/src/com/netscape/kra/EnrollmentService.java @@ -521,12 +521,14 @@ public class EnrollmentService implements IService { BigInt privateKeyExponent = privateKeyDerIn.getInteger(); if (!publicKeyModulus.equals(privateKeyModulus)) { - CMS.debug("verifyKeyPair modulus mismatch publicKeyModulus=" + publicKeyModulus + " privateKeyModulus=" + privateKeyModulus); + CMS.debug("verifyKeyPair modulus mismatch publicKeyModulus=" + publicKeyModulus + " privateKeyModulus=" + + privateKeyModulus); return false; } if (!publicKeyExponent.equals(privateKeyExponent)) { - CMS.debug("verifyKeyPair exponent mismatch publicKeyExponent=" + publicKeyExponent + " privateKeyExponent=" + privateKeyExponent); + CMS.debug("verifyKeyPair exponent mismatch publicKeyExponent=" + publicKeyExponent + + " privateKeyExponent=" + privateKeyExponent); return false; } @@ -591,7 +593,8 @@ public class EnrollmentService implements IService { } } } catch (Exception e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "no PKIArchiveOptions found " + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "no PKIArchiveOptions found " + + e.toString())); } if (archAva != null) { @@ -603,9 +606,11 @@ public class EnrollmentService implements IService { archOpts = (PKIArchiveOptions) (new PKIArchiveOptions.Template()).decode(bis); } catch (IOException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "[PKIArchiveOptions]" + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", + "[PKIArchiveOptions]" + e.toString())); } catch (InvalidBERException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "[PKIArchiveOptions]" + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", + "[PKIArchiveOptions]" + e.toString())); } options.addElement(new PKIArchiveOptionsContainer(archOpts, z)); } @@ -657,11 +662,13 @@ public class EnrollmentService implements IService { } catch (IOException e) { mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_GET_PUBLIC_KEY", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "[" + X509CertInfo.KEY + "]" + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", + "[" + X509CertInfo.KEY + "]" + e.toString())); } catch (CertificateException e) { mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_GET_PUBLIC_KEY", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "[" + X509CertInfo.KEY + "]" + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", + "[" + X509CertInfo.KEY + "]" + e.toString())); } X509Key pKey = null; @@ -671,7 +678,8 @@ public class EnrollmentService implements IService { } catch (IOException e) { mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_GET_PUBLIC_KEY", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "[" + CertificateX509Key.KEY + "]" + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "[" + CertificateX509Key.KEY + + "]" + e.toString())); } return pKey; } @@ -706,11 +714,13 @@ public class EnrollmentService implements IService { } catch (IOException e) { mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_GET_OWNER_NAME", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "[" + X509CertInfo.SUBJECT + "]" + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "[" + X509CertInfo.SUBJECT + "]" + + e.toString())); } catch (CertificateException e) { mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_GET_OWNER_NAME", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "[" + X509CertInfo.SUBJECT + "]" + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "[" + X509CertInfo.SUBJECT + "]" + + e.toString())); } String owner = pSub.toString(); @@ -894,12 +904,14 @@ class ArchiveOptions { EncryptedContentInfo eCI = env_data.getEncryptedContentInfo(); symmAlg = eCI.getContentEncryptionAlgorithm(); mSymmAlgOID = symmAlg.getOID().toString(); - mSymmAlgParams = ((OCTET_STRING) ((ANY) symmAlg.getParameters()).decodeWith(OCTET_STRING.getTemplate())).toByteArray(); + mSymmAlgParams = ((OCTET_STRING) ((ANY) symmAlg.getParameters()).decodeWith(OCTET_STRING.getTemplate())) + .toByteArray(); SET recipients = env_data.getRecipientInfos(); if (recipients.size() <= 0) { CMS.debug("EnrollService: ArchiveOptions() - missing recipient information "); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "[PKIArchiveOptions] missing recipient information ")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", + "[PKIArchiveOptions] missing recipient information ")); } //check recpient - later //we only handle one recipient here anyways. so, either the key @@ -918,7 +930,8 @@ class ArchiveOptions { val = key.getEncryptedValue(); symmAlg = val.getSymmAlg(); mSymmAlgOID = symmAlg.getOID().toString(); - mSymmAlgParams = ((OCTET_STRING) ((ANY) symmAlg.getParameters()).decodeWith(OCTET_STRING.getTemplate())).toByteArray(); + mSymmAlgParams = ((OCTET_STRING) ((ANY) symmAlg.getParameters()).decodeWith(OCTET_STRING.getTemplate())) + .toByteArray(); BIT_STRING encSymmKey = val.getEncSymmKey(); mEncSymmKey = encSymmKey.getBits(); @@ -928,12 +941,14 @@ class ArchiveOptions { CMS.debug("EnrollService: ArchiveOptions() EncryptedKey type= ENCRYPTED_VALUE done"); } else { CMS.debug("EnrollService: ArchiveOptions() invalid EncryptedKey type"); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "[PKIArchiveOptions] type " + key.getType())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "[PKIArchiveOptions] type " + + key.getType())); } } catch (InvalidBERException e) { CMS.debug("EnrollService: ArchiveOptions(): " + e.toString()); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "[PKIArchiveOptions]" + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", + "[PKIArchiveOptions]" + e.toString())); } catch (IOException e) { CMS.debug("EnrollService: ArchiveOptions(): " + e.toString()); throw new EBaseException("ArchiveOptions() exception caught: " + diff --git a/pki/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java b/pki/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java index 84d5b5e80..8b64f8abd 100644 --- a/pki/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java +++ b/pki/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java @@ -1146,7 +1146,8 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - CMS.debug("KeyRecoveryAuthority: in asynchronous doKeyRecovery(), request state =" + r.getRequestStatus().toString()); + CMS.debug("KeyRecoveryAuthority: in asynchronous doKeyRecovery(), request state =" + + r.getRequestStatus().toString()); // can only process requests in begin state r.setRequestStatus(RequestStatus.BEGIN); queue.processRequest(r); @@ -1420,7 +1421,8 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove IConfigStore rq = nc.getSubStore(PROP_REQ_IN_Q_SUBSTORE); IAuthority cSub = (IAuthority) this; - String requestInQListenerClassName = nc.getString("certificateIssuedListenerClassName", "com.netscape.cms.listeners.RequestInQListener"); + String requestInQListenerClassName = nc.getString("certificateIssuedListenerClassName", + "com.netscape.cms.listeners.RequestInQListener"); try { mReqInQListener = (IRequestListener) Class.forName(requestInQListenerClassName).newInstance(); diff --git a/pki/base/kra/src/com/netscape/kra/RecoveryService.java b/pki/base/kra/src/com/netscape/kra/RecoveryService.java index 51723e530..719a55d30 100644 --- a/pki/base/kra/src/com/netscape/kra/RecoveryService.java +++ b/pki/base/kra/src/com/netscape/kra/RecoveryService.java @@ -350,12 +350,14 @@ public class RecoveryService implements IService { BigInt privateKeyExponent = privateKeyDerIn.getInteger(); if (!publicKeyModulus.equals(privateKeyModulus)) { - CMS.debug("verifyKeyPair modulus mismatch publicKeyModulus=" + publicKeyModulus + " privateKeyModulus=" + privateKeyModulus); + CMS.debug("verifyKeyPair modulus mismatch publicKeyModulus=" + publicKeyModulus + " privateKeyModulus=" + + privateKeyModulus); return false; } if (!publicKeyExponent.equals(privateKeyExponent)) { - CMS.debug("verifyKeyPair exponent mismatch publicKeyExponent=" + publicKeyExponent + " privateKeyExponent=" + privateKeyExponent); + CMS.debug("verifyKeyPair exponent mismatch publicKeyExponent=" + publicKeyExponent + + " privateKeyExponent=" + privateKeyExponent); return false; } @@ -413,7 +415,8 @@ public class RecoveryService implements IService { if (privKey == null) { mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_PRIVATE_KEY_NOT_FOUND")); - throw new EKRAException(CMS.getUserMessage("CMS_KRA_RECOVERY_FAILED_1", "private key unwrapping failure")); + throw new EKRAException(CMS.getUserMessage("CMS_KRA_RECOVERY_FAILED_1", + "private key unwrapping failure")); } if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { mStorageUnit.logout(); @@ -421,7 +424,8 @@ public class RecoveryService implements IService { return privKey; } catch (Exception e) { CMS.debug("RecoverService: recoverKey() failed with allowEncDecrypt_recovery=false:" + e.toString()); - throw new EKRAException(CMS.getUserMessage("CMS_KRA_RECOVERY_FAILED_1", "recoverKey() failed with allowEncDecrypt_recovery=false:" + e.toString())); + throw new EKRAException(CMS.getUserMessage("CMS_KRA_RECOVERY_FAILED_1", + "recoverKey() failed with allowEncDecrypt_recovery=false:" + e.toString())); } } diff --git a/pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java b/pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java index f2539509c..87559163c 100644 --- a/pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java +++ b/pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java @@ -195,7 +195,8 @@ public class StorageKeyUnit extends EncryptionUnit implements } } if (mCert == null) { - mKRA.log(ILogger.LL_FAILURE, "Storage Cert could not be initialized. No cert in token matched kra-cert file"); + mKRA.log(ILogger.LL_FAILURE, + "Storage Cert could not be initialized. No cert in token matched kra-cert file"); throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "mCert == null")); } else { mKRA.log(ILogger.LL_INFO, "Using Storage Cert " + mCert.getSubjectDN()); diff --git a/pki/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java b/pki/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java index a9287b59d..667bb8987 100644 --- a/pki/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java +++ b/pki/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java @@ -558,12 +558,14 @@ public class TokenKeyRecoveryService implements IService { BigInt privateKeyExponent = privateKeyDerIn.getInteger(); if (!publicKeyModulus.equals(privateKeyModulus)) { - CMS.debug("verifyKeyPair modulus mismatch publicKeyModulus=" + publicKeyModulus + " privateKeyModulus=" + privateKeyModulus); + CMS.debug("verifyKeyPair modulus mismatch publicKeyModulus=" + publicKeyModulus + " privateKeyModulus=" + + privateKeyModulus); return false; } if (!publicKeyExponent.equals(privateKeyExponent)) { - CMS.debug("verifyKeyPair exponent mismatch publicKeyExponent=" + publicKeyExponent + " privateKeyExponent=" + privateKeyExponent); + CMS.debug("verifyKeyPair exponent mismatch publicKeyExponent=" + publicKeyExponent + + " privateKeyExponent=" + privateKeyExponent); return false; } diff --git a/pki/base/migrate/80/MigrateSecurityDomain.java b/pki/base/migrate/80/MigrateSecurityDomain.java index 5dcd182ce..2e760020c 100644 --- a/pki/base/migrate/80/MigrateSecurityDomain.java +++ b/pki/base/migrate/80/MigrateSecurityDomain.java @@ -69,7 +69,8 @@ public class MigrateSecurityDomain { System.out.println("MigrateSecurityDomain getLDAPConn: creating secure (SSL) connection for internal ldap"); conn = new LDAPConnection(new LdapJssSSLSocketFactory()); } else { - System.out.println("MigrateSecurityDomain getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); + System.out + .println("MigrateSecurityDomain getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); conn = new LDAPConnection(); } diff --git a/pki/base/silent/src/com/netscape/pkisilent/ConfigureCA.java b/pki/base/silent/src/com/netscape/pkisilent/ConfigureCA.java index a7b114085..55ac7ed58 100644 --- a/pki/base/silent/src/com/netscape/pkisilent/ConfigureCA.java +++ b/pki/base/silent/src/com/netscape/pkisilent/ConfigureCA.java @@ -685,7 +685,8 @@ public class ConfigureCA { in.close(); return true; } catch (Exception e) { - System.out.println("CertSubjectPanel: Unable to read in external approved CA cert or certificate chain."); + System.out + .println("CertSubjectPanel: Unable to read in external approved CA cert or certificate chain."); System.out.println(e.toString()); return false; } @@ -1246,7 +1247,8 @@ public class ConfigureCA { } else { // first pass - cacert file not defined System.out.println("A Certificate Request has been generated and stored in " + ext_csr_file); - System.out.println("Please submit this CSR to your external CA and obtain the CA Cert and CA Cert Chain"); + System.out + .println("Please submit this CSR to your external CA and obtain the CA Cert and CA Cert Chain"); return true; } } @@ -1458,42 +1460,66 @@ public class ConfigureCA { parser.addOption("-base_dn %s #base dn", x_base_dn); parser.addOption("-db_name %s #db name", x_db_name); parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn); - parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", x_remove_data); - parser.addOption("-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", x_clone_start_tls); + parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", + x_remove_data); + parser.addOption( + "-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", + x_clone_start_tls); // key and algorithm options (default) parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type); parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size); parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename); - parser.addOption("-key_algorithm %s #Key algorithm of the CA certificate (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", x_key_algorithm); - parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is key_algorithm)", x_signing_algorithm); + parser.addOption( + "-key_algorithm %s #Key algorithm of the CA certificate (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", + x_key_algorithm); + parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is key_algorithm)", + x_signing_algorithm); // key and algorithm options for signing certificate (overrides default) parser.addOption("-signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_signing_key_type); parser.addOption("-signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_signing_key_size); - parser.addOption("-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_signing_key_curvename); - parser.addOption("-signing_signingalgorithm %s #Algorithm used be CA cert to sign objects (optional, default is signing_algorithm)", x_signing_signingalgorithm); + parser.addOption("-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_signing_key_curvename); + parser.addOption( + "-signing_signingalgorithm %s #Algorithm used be CA cert to sign objects (optional, default is signing_algorithm)", + x_signing_signingalgorithm); // key and algorithm options for ocsp_signing certificate (overrides default) - parser.addOption("-ocsp_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_ocsp_signing_key_type); - parser.addOption("-ocsp_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_ocsp_signing_key_size); - parser.addOption("-ocsp_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_ocsp_signing_key_curvename); - parser.addOption("-ocsp_signing_signingalgorithm %s #Algorithm used by the OCSP signing cert to sign objects (optional, default is signing_algorithm)", x_ocsp_signing_signingalgorithm); + parser.addOption("-ocsp_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_ocsp_signing_key_type); + parser.addOption("-ocsp_signing_key_size %s #Key Size (optional, for RSA default is key_size)", + x_ocsp_signing_key_size); + parser.addOption("-ocsp_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_ocsp_signing_key_curvename); + parser.addOption( + "-ocsp_signing_signingalgorithm %s #Algorithm used by the OCSP signing cert to sign objects (optional, default is signing_algorithm)", + x_ocsp_signing_signingalgorithm); // key and algorithm options for audit_signing certificate (overrides default) - parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_audit_signing_key_type); - parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_audit_signing_key_size); - parser.addOption("-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_audit_signing_key_curvename); + parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_audit_signing_key_type); + parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", + x_audit_signing_key_size); + parser.addOption( + "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_audit_signing_key_curvename); // key and algorithm options for subsystem certificate (overrides default) - parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_subsystem_key_type); - parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", x_subsystem_key_size); - parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_subsystem_key_curvename); + parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_subsystem_key_type); + parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", + x_subsystem_key_size); + parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_subsystem_key_curvename); // key and algorithm options for sslserver certificate (overrides default) - parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_sslserver_key_type); - parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", x_sslserver_key_size); - parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_sslserver_key_curvename); + parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_sslserver_key_type); + parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", + x_sslserver_key_size); + parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_sslserver_key_curvename); parser.addOption("-token_name %s #HSM/Software Token name", x_token_name); parser.addOption("-token_pwd %s #HSM/Software Token password (optional - only required for HSM)", @@ -1501,8 +1527,10 @@ public class ConfigureCA { parser.addOption("-save_p12 %s #Enable/Disable p12 Export[true,false]", x_save_p12); - parser.addOption("-backup_pwd %s #Backup Password for p12 (optional, only required if -save_p12 = true)", x_backup_pwd); - parser.addOption("-backup_fname %s #Backup File for p12, (optional, default is /root/tmp-ca.p12)", x_backup_fname); + parser.addOption("-backup_pwd %s #Backup Password for p12 (optional, only required if -save_p12 = true)", + x_backup_pwd); + parser.addOption("-backup_fname %s #Backup File for p12, (optional, default is /root/tmp-ca.p12)", + x_backup_fname); parser.addOption("-ca_sign_cert_subject_name %s #CA cert subject name", x_ca_sign_cert_subject_name); @@ -1532,14 +1560,22 @@ public class ConfigureCA { x_ext_csr_file); parser.addOption("-clone %s #Clone of another CA [true, false] (optional, default false)", x_clone); - parser.addOption("-clone_uri %s #URL of Master CA to clone. It must have the form https://<hostname>:<EE port> (optional, required if -clone=true)", x_clone_uri); - parser.addOption("-clone_p12_file %s #File containing pk12 keys of Master CA (optional, required if -clone=true)", x_clone_p12_file); - parser.addOption("-clone_p12_password %s #Password for pk12 file (optional, required if -clone=true)", x_clone_p12_passwd); + parser.addOption( + "-clone_uri %s #URL of Master CA to clone. It must have the form https://<hostname>:<EE port> (optional, required if -clone=true)", + x_clone_uri); + parser.addOption( + "-clone_p12_file %s #File containing pk12 keys of Master CA (optional, required if -clone=true)", + x_clone_p12_file); + parser.addOption("-clone_p12_password %s #Password for pk12 file (optional, required if -clone=true)", + x_clone_p12_passwd); parser.addOption("-sd_hostname %s #Security Domain Hostname (optional, required if -clone=true)", x_sd_hostname); - parser.addOption("-sd_ssl_port %s #Security Domain SSL EE port (optional, required if -clone=true)", x_sd_ssl_port); - parser.addOption("-sd_agent_port %s #Security Domain SSL Agent port (optional, required if -clone=true)", x_sd_agent_port); - parser.addOption("-sd_admin_port %s #Security Domain SSL Admin port (optional, required if -clone=true)", x_sd_admin_port); + parser.addOption("-sd_ssl_port %s #Security Domain SSL EE port (optional, required if -clone=true)", + x_sd_ssl_port); + parser.addOption("-sd_agent_port %s #Security Domain SSL Agent port (optional, required if -clone=true)", + x_sd_agent_port); + parser.addOption("-sd_admin_port %s #Security Domain SSL Admin port (optional, required if -clone=true)", + x_sd_admin_port); parser.addOption("-sd_admin_name %s #Security Domain admin name (optional, required if -clone=true)", x_sd_admin_name); parser.addOption("-sd_admin_password %s #Security Domain admin password (optional, required if -clone=true)", diff --git a/pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java b/pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java index 0b771d8fb..3dd708a3a 100644 --- a/pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java +++ b/pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java @@ -1162,40 +1162,61 @@ public class ConfigureDRM { parser.addOption("-db_name %s #db name", x_db_name); parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn); - parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", x_remove_data); - parser.addOption("-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", x_clone_start_tls); + parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", + x_remove_data); + parser.addOption( + "-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", + x_clone_start_tls); // key and algorithm options (default) parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type); parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size); parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename); - parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", x_signing_algorithm); + parser.addOption( + "-signing_algorithm %s #Signing algorithm (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", + x_signing_algorithm); // key and algorithm options for transport certificate (overrides default) - parser.addOption("-transport_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_transport_key_type); - parser.addOption("-transport_key_size %s #Key Size (optional, for RSA default is key_size)", x_transport_key_size); - parser.addOption("-transport_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_transport_key_curvename); - parser.addOption("-transport_signingalgorithm %s #Algorithm used by the transport cert to sign objects (optional, default is signing_algorithm)", x_transport_signingalgorithm); + parser.addOption("-transport_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_transport_key_type); + parser.addOption("-transport_key_size %s #Key Size (optional, for RSA default is key_size)", + x_transport_key_size); + parser.addOption("-transport_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_transport_key_curvename); + parser.addOption( + "-transport_signingalgorithm %s #Algorithm used by the transport cert to sign objects (optional, default is signing_algorithm)", + x_transport_signingalgorithm); // key and algorithm options for storage certificate (overrides default) parser.addOption("-storage_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_storage_key_type); parser.addOption("-storage_key_size %s #Key Size (optional, for RSA default is key_size)", x_storage_key_size); - parser.addOption("-storage_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_storage_key_curvename); + parser.addOption("-storage_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_storage_key_curvename); // key and algorithm options for audit_signing certificate (overrides default) - parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_audit_signing_key_type); - parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_audit_signing_key_size); - parser.addOption("-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_audit_signing_key_curvename); + parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_audit_signing_key_type); + parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", + x_audit_signing_key_size); + parser.addOption( + "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_audit_signing_key_curvename); // key and algorithm options for subsystem certificate (overrides default) - parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_subsystem_key_type); - parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", x_subsystem_key_size); - parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_subsystem_key_curvename); + parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_subsystem_key_type); + parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", + x_subsystem_key_size); + parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_subsystem_key_curvename); // key and algorithm options for sslserver certificate (overrides default) - parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_sslserver_key_type); - parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", x_sslserver_key_size); - parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_sslserver_key_curvename); + parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_sslserver_key_type); + parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", + x_sslserver_key_size); + parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_sslserver_key_curvename); parser.addOption("-token_name %s #HSM/Software Token name", x_token_name); @@ -1237,9 +1258,14 @@ public class ConfigureDRM { x_drm_audit_signing_cert_subject_name); parser.addOption("-clone %s #Clone of another KRA [true, false] (optional, default false)", x_clone); - parser.addOption("-clone_uri %s #URL of Master KRA to clone. It must have the form https://<hostname>:<EE port> (optional, required if -clone=true)", x_clone_uri); - parser.addOption("-clone_p12_file %s #File containing pk12 keys of Master KRA (optional, required if -clone=true)", x_clone_p12_file); - parser.addOption("-clone_p12_password %s #Password for pk12 file (optional, required if -clone=true)", x_clone_p12_passwd); + parser.addOption( + "-clone_uri %s #URL of Master KRA to clone. It must have the form https://<hostname>:<EE port> (optional, required if -clone=true)", + x_clone_uri); + parser.addOption( + "-clone_p12_file %s #File containing pk12 keys of Master KRA (optional, required if -clone=true)", + x_clone_p12_file); + parser.addOption("-clone_p12_password %s #Password for pk12 file (optional, required if -clone=true)", + x_clone_p12_passwd); // and then match the arguments String[] unmatched = null; diff --git a/pki/base/silent/src/com/netscape/pkisilent/ConfigureOCSP.java b/pki/base/silent/src/com/netscape/pkisilent/ConfigureOCSP.java index c69a3f7b7..7e481c791 100644 --- a/pki/base/silent/src/com/netscape/pkisilent/ConfigureOCSP.java +++ b/pki/base/silent/src/com/netscape/pkisilent/ConfigureOCSP.java @@ -1039,35 +1039,53 @@ public class ConfigureOCSP { parser.addOption("-db_name %s #db name", x_db_name); parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn); - parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", x_remove_data); - parser.addOption("-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", x_clone_start_tls); + parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", + x_remove_data); + parser.addOption( + "-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", + x_clone_start_tls); // key and algorithm options (default) parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type); parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size); parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename); - parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", x_signing_algorithm); + parser.addOption( + "-signing_algorithm %s #Signing algorithm (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", + x_signing_algorithm); // key and algorithm options for signing certificate (overrides default) parser.addOption("-signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_signing_key_type); parser.addOption("-signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_signing_key_size); - parser.addOption("-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_signing_key_curvename); - parser.addOption("-signing_signingalgorithm %s #Algorithm used be ocsp signing cert to sign objects (optional, default is signing_algorithm)", x_signing_signingalgorithm); + parser.addOption("-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_signing_key_curvename); + parser.addOption( + "-signing_signingalgorithm %s #Algorithm used be ocsp signing cert to sign objects (optional, default is signing_algorithm)", + x_signing_signingalgorithm); // key and algorithm options for audit_signing certificate (overrides default) - parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_audit_signing_key_type); - parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_audit_signing_key_size); - parser.addOption("-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_audit_signing_key_curvename); + parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_audit_signing_key_type); + parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", + x_audit_signing_key_size); + parser.addOption( + "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_audit_signing_key_curvename); // key and algorithm options for subsystem certificate (overrides default) - parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_subsystem_key_type); - parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", x_subsystem_key_size); - parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_subsystem_key_curvename); + parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_subsystem_key_type); + parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", + x_subsystem_key_size); + parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_subsystem_key_curvename); // key and algorithm options for sslserver certificate (overrides default) - parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_sslserver_key_type); - parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", x_sslserver_key_size); - parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_sslserver_key_curvename); + parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_sslserver_key_type); + parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", + x_sslserver_key_size); + parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_sslserver_key_curvename); parser.addOption("-token_name %s #HSM/Software Token name", x_token_name); diff --git a/pki/base/silent/src/com/netscape/pkisilent/ConfigureSubCA.java b/pki/base/silent/src/com/netscape/pkisilent/ConfigureSubCA.java index d666e3bf5..4c33a8479 100644 --- a/pki/base/silent/src/com/netscape/pkisilent/ConfigureSubCA.java +++ b/pki/base/silent/src/com/netscape/pkisilent/ConfigureSubCA.java @@ -1084,42 +1084,66 @@ public class ConfigureSubCA { parser.addOption("-db_name %s #db name", x_db_name); parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn); - parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", x_remove_data); - parser.addOption("-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", x_clone_start_tls); + parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", + x_remove_data); + parser.addOption( + "-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", + x_clone_start_tls); // key and algorithm options (default) parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type); parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size); parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename); - parser.addOption("-key_algorithm %s #Key algorithm of the CA certificate (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", x_key_algorithm); - parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is key_algorithm)", x_signing_algorithm); + parser.addOption( + "-key_algorithm %s #Key algorithm of the CA certificate (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", + x_key_algorithm); + parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is key_algorithm)", + x_signing_algorithm); // key and algorithm options for signing certificate (overrides default) parser.addOption("-signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_signing_key_type); parser.addOption("-signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_signing_key_size); - parser.addOption("-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_signing_key_curvename); - parser.addOption("-signing_signingalgorithm %s #Algorithm used be CA cert to sign objects (optional, default is signing_algorithm)", x_signing_signingalgorithm); + parser.addOption("-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_signing_key_curvename); + parser.addOption( + "-signing_signingalgorithm %s #Algorithm used be CA cert to sign objects (optional, default is signing_algorithm)", + x_signing_signingalgorithm); // key and algorithm options for ocsp_signing certificate (overrides default) - parser.addOption("-ocsp_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_ocsp_signing_key_type); - parser.addOption("-ocsp_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_ocsp_signing_key_size); - parser.addOption("-ocsp_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_ocsp_signing_key_curvename); - parser.addOption("-ocsp_signing_signingalgorithm %s #Algorithm used by the OCSP signing cert to sign objects (optional, default is signing_algorithm)", x_ocsp_signing_signingalgorithm); + parser.addOption("-ocsp_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_ocsp_signing_key_type); + parser.addOption("-ocsp_signing_key_size %s #Key Size (optional, for RSA default is key_size)", + x_ocsp_signing_key_size); + parser.addOption("-ocsp_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_ocsp_signing_key_curvename); + parser.addOption( + "-ocsp_signing_signingalgorithm %s #Algorithm used by the OCSP signing cert to sign objects (optional, default is signing_algorithm)", + x_ocsp_signing_signingalgorithm); // key and algorithm options for audit_signing certificate (overrides default) - parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_audit_signing_key_type); - parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_audit_signing_key_size); - parser.addOption("-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_audit_signing_key_curvename); + parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_audit_signing_key_type); + parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", + x_audit_signing_key_size); + parser.addOption( + "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_audit_signing_key_curvename); // key and algorithm options for subsystem certificate (overrides default) - parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_subsystem_key_type); - parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", x_subsystem_key_size); - parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_subsystem_key_curvename); + parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_subsystem_key_type); + parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", + x_subsystem_key_size); + parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_subsystem_key_curvename); // key and algorithm options for sslserver certificate (overrides default) - parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_sslserver_key_type); - parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", x_sslserver_key_size); - parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_sslserver_key_curvename); + parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_sslserver_key_type); + parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", + x_sslserver_key_size); + parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_sslserver_key_curvename); parser.addOption("-token_name %s #HSM/Software Token name", x_token_name); diff --git a/pki/base/silent/src/com/netscape/pkisilent/ConfigureTKS.java b/pki/base/silent/src/com/netscape/pkisilent/ConfigureTKS.java index 854459811..acc699673 100644 --- a/pki/base/silent/src/com/netscape/pkisilent/ConfigureTKS.java +++ b/pki/base/silent/src/com/netscape/pkisilent/ConfigureTKS.java @@ -999,8 +999,11 @@ public class ConfigureTKS { parser.addOption("-db_name %s #db name", x_db_name); parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn); - parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", x_remove_data); - parser.addOption("-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", x_clone_start_tls); + parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", + x_remove_data); + parser.addOption( + "-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", + x_clone_start_tls); // key and algorithm options (default) parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type); @@ -1008,19 +1011,29 @@ public class ConfigureTKS { parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename); // key and algorithm options for audit_signing certificate (overrides default) - parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_audit_signing_key_type); - parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_audit_signing_key_size); - parser.addOption("-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_audit_signing_key_curvename); + parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_audit_signing_key_type); + parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", + x_audit_signing_key_size); + parser.addOption( + "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_audit_signing_key_curvename); // key and algorithm options for subsystem certificate (overrides default) - parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_subsystem_key_type); - parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", x_subsystem_key_size); - parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_subsystem_key_curvename); + parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_subsystem_key_type); + parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", + x_subsystem_key_size); + parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_subsystem_key_curvename); // key and algorithm options for sslserver certificate (overrides default) - parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_sslserver_key_type); - parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", x_sslserver_key_size); - parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_sslserver_key_curvename); + parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_sslserver_key_type); + parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", + x_sslserver_key_size); + parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_sslserver_key_curvename); parser.addOption("-token_name %s #HSM/Software Token name", x_token_name); diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/AutoInstaller.java b/pki/base/silent/src/com/netscape/pkisilent/common/AutoInstaller.java index 7ba9d586e..cdc9a7fb1 100644 --- a/pki/base/silent/src/com/netscape/pkisilent/common/AutoInstaller.java +++ b/pki/base/silent/src/com/netscape/pkisilent/common/AutoInstaller.java @@ -38,14 +38,19 @@ public class AutoInstaller { private static Properties props = null; // Admin Server and InternalDB varialbes - private String adminDomain, adminID, adminPWD, adminPort, machineName, host, serverID, instanceID, serverRoot, sieURL, dbConnPort, dbConnHost, dbInstanceName, dbPassword, dbLDAPauthDN, dbmode, ldapServerDB; + private String adminDomain, adminID, adminPWD, adminPort, machineName, host, serverID, instanceID, serverRoot, + sieURL, dbConnPort, dbConnHost, dbInstanceName, dbPassword, dbLDAPauthDN, dbmode, ldapServerDB; // CMS Subsystem info - private String certAdminName, certAdminUid, certAdminPWD, kra, subsystems, ca, ra, ocsp, remoteKRA, wirelessSupport, eeHttpPort, eeHttpsPort, agentHttpsPort, radminHttpsPort, tokenName, tokenPWD, certType, keyType, keyLength, SingleSignOnPWD, subjectName, aki, isCA, ski, sslCABit, objectSigningCABit, mailCABit, hashType, caOComponent, certValidityDays, signingCert, tks; + private String certAdminName, certAdminUid, certAdminPWD, kra, subsystems, ca, ra, ocsp, remoteKRA, + wirelessSupport, eeHttpPort, eeHttpsPort, agentHttpsPort, radminHttpsPort, tokenName, tokenPWD, certType, + keyType, keyLength, SingleSignOnPWD, subjectName, aki, isCA, ski, sslCABit, objectSigningCABit, mailCABit, + hashType, caOComponent, certValidityDays, signingCert, tks; // CA info - private String caHostname, caPortnum, caTimeout, caEEPort, enpropfile, cdir, tokenpwd, CAadminId, CAadminPwd, CAcertnickname, caAgentPortnum, cloneInstanceId; + private String caHostname, caPortnum, caTimeout, caEEPort, enpropfile, cdir, tokenpwd, CAadminId, CAadminPwd, + CAcertnickname, caAgentPortnum, cloneInstanceId; // Program variables private int i; @@ -228,7 +233,8 @@ public class AutoInstaller { * Takes parameters - sID- ServerID e.x cert1, sRoot- ServerRootK kT- keyType "RSA/DSA" , kL - keylength (1024.2048) , cVD- certificate validity dates e.g 365 for 1 year, sdn - subsystems dn, sAdp - subsystem's Admin port, sAgp - subsystems's Agentport,seSP- subsystem's ee SSL port , sep- Subsystems ee port. */ - public void setSubSystemInfo(String sID, String sRoot, String kT, String kL, String hT, String cVD, String sdn, String sAdP, String sAgP, String seSP, String seP) { + public void setSubSystemInfo(String sID, String sRoot, String kT, String kL, String hT, String cVD, String sdn, + String sAdP, String sAgP, String seSP, String seP) { serverID = sID; instanceID = "cert-" + sID; diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/CMSConfig.java b/pki/base/silent/src/com/netscape/pkisilent/common/CMSConfig.java index 5a933a22c..601e5998c 100644 --- a/pki/base/silent/src/com/netscape/pkisilent/common/CMSConfig.java +++ b/pki/base/silent/src/com/netscape/pkisilent/common/CMSConfig.java @@ -149,7 +149,8 @@ public class CMSConfig extends ServerInfo { * Takes parameters : secureConnection( true/false), ldapbinddn, ldapbindnpassword,ldaphostname, lapdaportnumber ( in case of secured connection give ldap secured port), basedn (e.g ou=people,o=mcom.com) */ - void EnablePortalAuth(boolean secureConn, String ldaprootDN, String ldaprootDNPW, String lhost, String lport, String lbsuffix) { + void EnablePortalAuth(boolean secureConn, String ldaprootDN, String ldaprootDNPW, String lhost, String lport, + String lbsuffix) { String certnickname = null; CMSprops.setProperty("auths.instance.PortalEnrollment.pluginName", @@ -308,7 +309,8 @@ public class CMSConfig extends ServerInfo { "LdapUserCertPublisher"); } - public void DisablePublishing(boolean secureConn, String ldaprootDN, String ldaprootDNPW, String lhost, String lport, String base) { + public void DisablePublishing(boolean secureConn, String ldaprootDN, String ldaprootDNPW, String lhost, + String lport, String base) { CMSprops.setProperty("ca.publish.enable", "false"); CMSprops.setProperty("ca.publish.ldappublish.enable", "false"); diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/CMSInstance.java b/pki/base/silent/src/com/netscape/pkisilent/common/CMSInstance.java index d163a7f16..ec7ce3545 100644 --- a/pki/base/silent/src/com/netscape/pkisilent/common/CMSInstance.java +++ b/pki/base/silent/src/com/netscape/pkisilent/common/CMSInstance.java @@ -41,9 +41,12 @@ public class CMSInstance { * Constructor. Takes parameters hostname, adminserverport, adminDN, adminDNpassword, Dominanname, ServerRoot( full path) , instanceID, mnameand sieURL. mname is the fully qualified name of the server ( jupiter2.nscp.aoltw.net) sieURL is ("ldap://jupiter2.nscp.aoltw.net:(ConfigLADPPort)/o=NetscapeRoot" */ - private String cs_server_root, cs_tps_root, tps_hostname, tps_fqdn, tps_instanceid, tps_ee_port, tps_agent_port, tps_auth_ldap_host, tps_auth_ldap_port, tps_auth_ldap_suffix, ca_hostname, ca_ee_port, tks_hostname, tks_agent_port, token_db_hostname, token_db_port, token_db_suffix, token_db_passwd; + private String cs_server_root, cs_tps_root, tps_hostname, tps_fqdn, tps_instanceid, tps_ee_port, tps_agent_port, + tps_auth_ldap_host, tps_auth_ldap_port, tps_auth_ldap_suffix, ca_hostname, ca_ee_port, tks_hostname, + tks_agent_port, token_db_hostname, token_db_port, token_db_suffix, token_db_passwd; - public CMSInstance(String h, String p, String AdDN, String pwd, String domain, String sroot, String insID, String mname, String sieURL) { + public CMSInstance(String h, String p, String AdDN, String pwd, String domain, String sroot, String insID, + String mname, String sieURL) { host = h; port = p; @@ -254,7 +257,8 @@ public class CMSInstance { System.out.println(args.length); if (args.length < 10) { - System.out.println( + System.out + .println( "Usage : <task:Create/REmove> host port AdminDN AdminDNPW adminDomain serverRoot instanceID machineName sieURL"); System.exit(-1); } diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/DirEnroll.java b/pki/base/silent/src/com/netscape/pkisilent/common/DirEnroll.java index f82c7c8fb..0087da254 100644 --- a/pki/base/silent/src/com/netscape/pkisilent/common/DirEnroll.java +++ b/pki/base/silent/src/com/netscape/pkisilent/common/DirEnroll.java @@ -82,7 +82,8 @@ public class DirEnroll extends TestClient { * @param adminpassword */ - public DirEnroll(String hs, String p, String uid, String pw, String certdir, String certtokenpwd, String nickname, String ksz, String kt) { + public DirEnroll(String hs, String p, String uid, String pw, String certdir, String certtokenpwd, String nickname, + String ksz, String kt) { host = hs; ports = p; diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/Request.java b/pki/base/silent/src/com/netscape/pkisilent/common/Request.java index 0cb085776..9b5a88b15 100644 --- a/pki/base/silent/src/com/netscape/pkisilent/common/Request.java +++ b/pki/base/silent/src/com/netscape/pkisilent/common/Request.java @@ -52,7 +52,8 @@ public class Request extends TestClient { // Cert Detail variables private String csrRequestorName, csrRequestorPhone, csrRequestorEmail, subject, subjectdn, reqStatus, certType; - private String requestType, requestID, sslclient, clientcert, servercert, emailcert, objectsigningcert, sslcacert, objectsigningcacert, emailcacert, sigAlgo, totalRecord, validitylength, trustedManager; + private String requestType, requestID, sslclient, clientcert, servercert, emailcert, objectsigningcert, sslcacert, + objectsigningcacert, emailcacert, sigAlgo, totalRecord, validitylength, trustedManager; private int totalNumApproved = 0; @@ -102,7 +103,8 @@ public class Request extends TestClient { * @param trustedManager true/false */ - public Request(String h, String p, String aid, String apwd, String cname, String cd, String ctpwd, String snum, String sfrom, String sto, String ty, String rty, String rstate, String aty, String tm) { + public Request(String h, String p, String aid, String apwd, String cname, String cd, String ctpwd, String snum, + String sfrom, String sto, String ty, String rty, String rstate, String aty, String tm) { host = h; ports = p; adminid = aid; diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/UserEnroll.java b/pki/base/silent/src/com/netscape/pkisilent/common/UserEnroll.java index 216465a47..1fbf834b0 100644 --- a/pki/base/silent/src/com/netscape/pkisilent/common/UserEnroll.java +++ b/pki/base/silent/src/com/netscape/pkisilent/common/UserEnroll.java @@ -75,7 +75,8 @@ public class UserEnroll extends TestClient { * @param propfilename name of the parameter file */ - public UserEnroll(String h, String p, String dn, String e, String cn, String uid, String ou, String o, String cd, String tpwd, String sslcl, String ksize, String keyty, String reqname, String reqemail, String ctype) { + public UserEnroll(String h, String p, String dn, String e, String cn, String uid, String ou, String o, String cd, + String tpwd, String sslcl, String ksize, String keyty, String reqname, String reqemail, String ctype) { host = h; ports = p; diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/checkRequest.java b/pki/base/silent/src/com/netscape/pkisilent/common/checkRequest.java index 3b06d3d23..d0b0373d7 100644 --- a/pki/base/silent/src/com/netscape/pkisilent/common/checkRequest.java +++ b/pki/base/silent/src/com/netscape/pkisilent/common/checkRequest.java @@ -94,7 +94,8 @@ public class checkRequest extends TestClient { * <p> */ - public checkRequest(String hs, String pt, String certdir, String certtokenpwd, String seqnum, String nickname, String impc) { + public checkRequest(String hs, String pt, String certdir, String certtokenpwd, String seqnum, String nickname, + String impc) { host = hs; ports = pt; cdir = certdir; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/ChallengeException.java b/pki/base/util/src/com/netscape/cmsutil/radius/ChallengeException.java index b05801181..972f7f084 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/ChallengeException.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/ChallengeException.java @@ -37,6 +37,7 @@ public class ChallengeException extends Exception { } public String getReplyMessage() { - return ((ReplyMessageAttribute) (_res.getAttributeSet().getAttributeByType(Attribute.REPLY_MESSAGE))).getString(); + return ((ReplyMessageAttribute) (_res.getAttributeSet().getAttributeByType(Attribute.REPLY_MESSAGE))) + .getString(); } } diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/RejectException.java b/pki/base/util/src/com/netscape/cmsutil/radius/RejectException.java index 1c4e7bea9..f312ef2a4 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/RejectException.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/RejectException.java @@ -33,6 +33,7 @@ public class RejectException extends Exception { } public String getReplyMessage() { - return ((ReplyMessageAttribute) (_res.getAttributeSet().getAttributeByType(Attribute.REPLY_MESSAGE))).getString(); + return ((ReplyMessageAttribute) (_res.getAttributeSet().getAttributeByType(Attribute.REPLY_MESSAGE))) + .getString(); } } diff --git a/pki/base/util/src/com/netscape/cmsutil/scep/CRSPKIMessage.java b/pki/base/util/src/com/netscape/cmsutil/scep/CRSPKIMessage.java index cc5ee43f8..2971706fa 100644 --- a/pki/base/util/src/com/netscape/cmsutil/scep/CRSPKIMessage.java +++ b/pki/base/util/src/com/netscape/cmsutil/scep/CRSPKIMessage.java @@ -789,7 +789,8 @@ public class CRSPKIMessage { } else if (eci.getContentEncryptionAlgorithm().getOID().equals(DES_CBC_ENCRYPTION)) { encryptionAlgorithm = "DES"; } else { - throw new Exception("P10 encrypted alg is not supported (not DES): " + eci.getContentEncryptionAlgorithm().getOID()); + throw new Exception("P10 encrypted alg is not supported (not DES): " + + eci.getContentEncryptionAlgorithm().getOID()); } ec = eci.getEncryptedContent().toByteArray(); diff --git a/pki/base/util/src/netscape/security/util/CertPrettyPrint.java b/pki/base/util/src/netscape/security/util/CertPrettyPrint.java index 7d0775b9c..86449c232 100644 --- a/pki/base/util/src/netscape/security/util/CertPrettyPrint.java +++ b/pki/base/util/src/netscape/security/util/CertPrettyPrint.java @@ -125,7 +125,8 @@ public class CertPrettyPrint { SET certs = sd.getCertificates(); for (int i = 0; i < certs.size(); i++) { - org.mozilla.jss.pkix.cert.Certificate cert = (org.mozilla.jss.pkix.cert.Certificate) certs.elementAt(i); + org.mozilla.jss.pkix.cert.Certificate cert = (org.mozilla.jss.pkix.cert.Certificate) certs + .elementAt(i); X509CertImpl certImpl = null; try { certImpl = new X509CertImpl( diff --git a/pki/base/util/src/netscape/security/util/ExtPrettyPrint.java b/pki/base/util/src/netscape/security/util/ExtPrettyPrint.java index e4b6dcd24..51ddf2321 100644 --- a/pki/base/util/src/netscape/security/util/ExtPrettyPrint.java +++ b/pki/base/util/src/netscape/security/util/ExtPrettyPrint.java @@ -589,7 +589,8 @@ public class ExtPrettyPrint { try { sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER)); - sb.append(mResource.getString(PrettyPrintResources.TOKEN_CERT_TYPE) + "- " + mExt.getExtensionId().toString() + "\n"); + sb.append(mResource.getString(PrettyPrintResources.TOKEN_CERT_TYPE) + "- " + + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL)); if (mExt.isCritical()) { sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n"); @@ -618,7 +619,8 @@ public class ExtPrettyPrint { sb.append(pp.indent(mIndentSize + 8) + mResource.getString(NSCertTypeExtension.EMAIL_CA) + "\n"); } if (((Boolean) type.get(NSCertTypeExtension.OBJECT_SIGNING_CA)).booleanValue()) { - sb.append(pp.indent(mIndentSize + 8) + mResource.getString(NSCertTypeExtension.OBJECT_SIGNING_CA) + "\n"); + sb.append(pp.indent(mIndentSize + 8) + mResource.getString(NSCertTypeExtension.OBJECT_SIGNING_CA) + + "\n"); } return sb.toString(); } catch (Exception e) { @@ -635,7 +637,8 @@ public class ExtPrettyPrint { try { sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER)); - sb.append(mResource.getString(PrettyPrintResources.TOKEN_SKI) + "- " + mExt.getExtensionId().toString() + "\n"); + sb.append(mResource.getString(PrettyPrintResources.TOKEN_SKI) + "- " + mExt.getExtensionId().toString() + + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL)); if (mExt.isCritical()) { sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n"); @@ -663,7 +666,8 @@ public class ExtPrettyPrint { try { sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER)); - sb.append(mResource.getString(PrettyPrintResources.TOKEN_AKI) + "- " + mExt.getExtensionId().toString() + "\n"); + sb.append(mResource.getString(PrettyPrintResources.TOKEN_AKI) + "- " + mExt.getExtensionId().toString() + + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL)); if (mExt.isCritical()) { sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n"); @@ -685,7 +689,9 @@ public class ExtPrettyPrint { GeneralName authName = (GeneralName) authNames.elementAt(i); if (authName != null) { - sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_AUTH_NAME) + authName.toString() + "\n"); + sb.append(pp.indent(mIndentSize + 4) + + mResource.getString(PrettyPrintResources.TOKEN_AUTH_NAME) + authName.toString() + + "\n"); } } } @@ -1244,9 +1250,11 @@ public class ExtPrettyPrint { RDN relativeName = issuingDistributionPoint.getRelativeName(); if (fullNames != null || relativeName != null) { - sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_DIST_POINT_NAME) + "\n"); + sb.append(pp.indent(mIndentSize + 4) + + mResource.getString(PrettyPrintResources.TOKEN_DIST_POINT_NAME) + "\n"); if (fullNames != null) { - sb.append(pp.indent(mIndentSize + 8) + mResource.getString(PrettyPrintResources.TOKEN_FULL_NAME) + "\n"); + sb.append(pp.indent(mIndentSize + 8) + + mResource.getString(PrettyPrintResources.TOKEN_FULL_NAME) + "\n"); for (int i = 0; i < fullNames.size(); i++) { GeneralName fullName = (GeneralName) fullNames.elementAt(i); @@ -1256,7 +1264,8 @@ public class ExtPrettyPrint { } } if (relativeName != null) { - sb.append(pp.indent(mIndentSize + 8) + mResource.getString(PrettyPrintResources.TOKEN_RELATIVE_NAME) + + sb.append(pp.indent(mIndentSize + 8) + + mResource.getString(PrettyPrintResources.TOKEN_RELATIVE_NAME) + relativeName.toString() + "\n"); } } @@ -1277,7 +1286,8 @@ public class ExtPrettyPrint { BitArray onlySomeReasons = issuingDistributionPoint.getOnlySomeReasons(); if (onlySomeReasons != null) { - sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ONLY_SOME_REASONS)); + sb.append(pp.indent(mIndentSize + 4) + + mResource.getString(PrettyPrintResources.TOKEN_ONLY_SOME_REASONS)); sb.append("0x" + pp.toHexString(onlySomeReasons.toByteArray())); } @@ -1590,24 +1600,29 @@ public class ExtPrettyPrint { while (e.hasMoreElements()) { CertificatePolicyInfo cpi = (CertificatePolicyInfo) e.nextElement(); - sb.append(pp.indent(mIndentSize + 8) + "Policy Identifier: " + cpi.getPolicyIdentifier().getIdentifier().toString() + "\n"); + sb.append(pp.indent(mIndentSize + 8) + "Policy Identifier: " + + cpi.getPolicyIdentifier().getIdentifier().toString() + "\n"); PolicyQualifiers cpq = cpi.getPolicyQualifiers(); if (cpq != null) { for (int i = 0; i < cpq.size(); i++) { PolicyQualifierInfo pq = cpq.getInfoAt(i); Qualifier q = pq.getQualifier(); if (q instanceof CPSuri) { - sb.append(pp.indent(mIndentSize + 12) + "Policy Qualifier Identifier: CPS Pointer Qualifier - " + sb.append(pp.indent(mIndentSize + 12) + + "Policy Qualifier Identifier: CPS Pointer Qualifier - " + pq.getId() + "\n"); - sb.append(pp.indent(mIndentSize + 12) + "Policy Qualifier Data: " + ((CPSuri) q).getURI() + "\n"); + sb.append(pp.indent(mIndentSize + 12) + "Policy Qualifier Data: " + + ((CPSuri) q).getURI() + "\n"); } else if (q instanceof UserNotice) { - sb.append(pp.indent(mIndentSize + 12) + "Policy Qualifier Identifier: CPS User Notice Qualifier - " + sb.append(pp.indent(mIndentSize + 12) + + "Policy Qualifier Identifier: CPS User Notice Qualifier - " + pq.getId() + "\n"); NoticeReference nref = ((UserNotice) q).getNoticeReference(); DisplayText dt = ((UserNotice) q).getDisplayText(); sb.append(pp.indent(mIndentSize + 12) + "Policy Qualifier Data: \n"); if (nref != null) { - sb.append(pp.indent(mIndentSize + 16) + "Organization: " + nref.getOrganization().toString() + "\n"); + sb.append(pp.indent(mIndentSize + 16) + "Organization: " + + nref.getOrganization().toString() + "\n"); sb.append(pp.indent(mIndentSize + 16) + "Notice Numbers: "); int[] nums = nref.getNumbers(); for (int k = 0; k < nums.length; k++) { diff --git a/pki/base/util/src/netscape/security/x509/AlgorithmId.java b/pki/base/util/src/netscape/security/x509/AlgorithmId.java index ca58d9e6b..5bf3997c4 100644 --- a/pki/base/util/src/netscape/security/x509/AlgorithmId.java +++ b/pki/base/util/src/netscape/security/x509/AlgorithmId.java @@ -755,6 +755,7 @@ public class AlgorithmId implements Serializable, DerEncoder { * All supported signing algorithms. */ public static final String[] ALL_SIGNING_ALGORITHMS = new String[] - { "SHA1withRSA", "MD5withRSA", "MD2withRSA", "SHA1withDSA", "SHA256withRSA", "SHA512withRSA", "SHA1withEC", "SHA256withEC", "SHA384withEC", "SHA512withEC" }; + { "SHA1withRSA", "MD5withRSA", "MD2withRSA", "SHA1withDSA", "SHA256withRSA", "SHA512withRSA", "SHA1withEC", + "SHA256withEC", "SHA384withEC", "SHA512withEC" }; } diff --git a/pki/base/util/src/netscape/security/x509/CRLReasonExtension.java b/pki/base/util/src/netscape/security/x509/CRLReasonExtension.java index 5b45c52fe..22fbe894f 100644 --- a/pki/base/util/src/netscape/security/x509/CRLReasonExtension.java +++ b/pki/base/util/src/netscape/security/x509/CRLReasonExtension.java @@ -50,12 +50,15 @@ public final class CRLReasonExtension extends Extension implements CertAttrSet { public static final CRLReasonExtension UNSPECIFIED = new CRLReasonExtension(RevocationReason.UNSPECIFIED); public static final CRLReasonExtension KEY_COMPROMISE = new CRLReasonExtension(RevocationReason.KEY_COMPROMISE); public static final CRLReasonExtension CA_COMPROMISE = new CRLReasonExtension(RevocationReason.CA_COMPROMISE); - public static final CRLReasonExtension AFFILIATION_CHANGED = new CRLReasonExtension(RevocationReason.AFFILIATION_CHANGED); + public static final CRLReasonExtension AFFILIATION_CHANGED = new CRLReasonExtension( + RevocationReason.AFFILIATION_CHANGED); public static final CRLReasonExtension SUPERSEDED = new CRLReasonExtension(RevocationReason.SUPERSEDED); - public static final CRLReasonExtension CESSATION_OF_OPERATION = new CRLReasonExtension(RevocationReason.CESSATION_OF_OPERATION); + public static final CRLReasonExtension CESSATION_OF_OPERATION = new CRLReasonExtension( + RevocationReason.CESSATION_OF_OPERATION); public static final CRLReasonExtension CERTIFICATE_HOLD = new CRLReasonExtension(RevocationReason.CERTIFICATE_HOLD); public static final CRLReasonExtension REMOVE_FROM_CRL = new CRLReasonExtension(RevocationReason.REMOVE_FROM_CRL); - public static final CRLReasonExtension PRIVILEGE_WITHDRAWN = new CRLReasonExtension(RevocationReason.PRIVILEGE_WITHDRAWN); + public static final CRLReasonExtension PRIVILEGE_WITHDRAWN = new CRLReasonExtension( + RevocationReason.PRIVILEGE_WITHDRAWN); public static final CRLReasonExtension AA_COMPROMISE = new CRLReasonExtension(RevocationReason.AA_COMPROMISE); /** diff --git a/pki/base/util/src/netscape/security/x509/IssuingDistributionPointExtension.java b/pki/base/util/src/netscape/security/x509/IssuingDistributionPointExtension.java index 41300364c..9eb9d14a9 100644 --- a/pki/base/util/src/netscape/security/x509/IssuingDistributionPointExtension.java +++ b/pki/base/util/src/netscape/security/x509/IssuingDistributionPointExtension.java @@ -162,9 +162,11 @@ public class IssuingDistributionPointExtension extends Extension issuingDistributionPoint.setFullName(fullName); } } catch (GeneralNamesException e) { - throw new IOException("Invalid encoding of IssuingDistributionPoint " + e); + throw new IOException("Invalid encoding of IssuingDistributionPoint " + + e); } catch (IOException e) { - throw new IOException("Invalid encoding of IssuingDistributionPoint " + e); + throw new IOException("Invalid encoding of IssuingDistributionPoint " + + e); } } else { throw new IOException("Invalid encoding of IssuingDistributionPoint"); @@ -180,7 +182,8 @@ public class IssuingDistributionPointExtension extends Extension issuingDistributionPoint.setRelativeName(relativeName); } } catch (IOException e) { - throw new IOException("Invalid encoding of IssuingDistributionPoint " + e); + throw new IOException("Invalid encoding of IssuingDistributionPoint " + + e); } } else { throw new IOException("Invalid encoding of IssuingDistributionPoint"); diff --git a/pki/base/util/src/netscape/security/x509/PKIXExtensions.java b/pki/base/util/src/netscape/security/x509/PKIXExtensions.java index cb903c802..d694deda4 100644 --- a/pki/base/util/src/netscape/security/x509/PKIXExtensions.java +++ b/pki/base/util/src/netscape/security/x509/PKIXExtensions.java @@ -106,7 +106,8 @@ public class PKIXExtensions { * Identifies additional directory attributes. * This extension is always non-critical. */ - public static final ObjectIdentifier SubjectDirectoryAttributes_Id = new ObjectIdentifier(SubjectDirectoryAttributes_data); + public static final ObjectIdentifier SubjectDirectoryAttributes_Id = new ObjectIdentifier( + SubjectDirectoryAttributes_data); /** * Identifies whether the subject of the certificate is a CA and how deep @@ -141,7 +142,8 @@ public class PKIXExtensions { /** * Identifies the CRL distribution point for a particular CRL. */ - public static final ObjectIdentifier IssuingDistributionPoint_Id = new ObjectIdentifier(IssuingDistributionPoint_data); + public static final ObjectIdentifier IssuingDistributionPoint_Id = new ObjectIdentifier( + IssuingDistributionPoint_data); /** * Identifies the delta CRL. |